Other types of spam are more interested in using your server space to send out requests, while some take advantage of users to send over harmful malware and viruses. Spam needs you, but you certainly don’t need it. In fact, when building a website on WordPress, it’s wise to implement tools to prevent all types of spam from infiltrating your online presence.

One type of spam is called referrer spam, and it affects WordPress sites that aren’t prepared. In addition, it can get into your Google Analytics system, preying on your rankings and turning search engines against you. Overall, your best bet is to block referrer spam in WordPress and Google Analytics. How do you go about doing this? You’re going to find out in just a minute, but first let’s understand a little more about referrer spam and how it can affect your website.

What is Referrer Spam?

Referrer spam has one purpose: To target search engines. On the surface, here’s how it works: A spammer has a website they want to boost the search engine rankings for. The spammer sends out multiple requests with fake URLs that link back to the website they want to advertise.

In short, they want to improve how search engines see their site without providing valuable content to users. Therefore, your site can accidentally publish some of the access logs and statistics, unintentionally linking back to this site that the spammer is trying to promote. This means that your site is now linking to a poor quality site, which can improve the rankings for that spam site.

Unfortunately, if Google sees that you are linking to a junk website, your search engine rankings may decrease in the future.

Although Google, and other search engines, have done quite a bit to discount spam sites like these, it’s a good idea to prevent them entirely, so you don’t run into any problems. After all, if you’re linking to dozens of bad sites, the search engines may think that you did this intentionally.

It’s also worth noting that this type of spam gets its name from the way it interacts with Google Analytics. These spammers take advantage of the fact that all website owners like to see that other sites are referring traffic to their platform. You even have a referral report in Google Analytics to see where most of your traffic is coming from.

Unfortunately, some of your users may want to look at these referral reports in your access logs, and you may end up clicking one of the harmful links when checking out your referrals in Google Analytics. It doesn’t matter who clicks them, because it’s all bad news.

What Are the Benefits of Blocking It?

Some people think that having referrer spam is not that big of a deal. Although it may not affect you that much, you still have the chance of accidentally linking to those spam sites and decreasing your search engine rankings.

Furthermore, legitimate website owners are in the business of generating quality content, so it behooves you to prevent spammers from cluttering up the internet with poor links. As an internet user, all they do is make things harder for you when searching. Finally, there is a chance that you, or one of your site visitors, clicks on one of the referrer spam links, leading you to a website that could contain harmful material.

How to Block Referrer Spam in WordPress and Google Analytics

Step 1: Install a Referral Spam Plugin

Start the process by going to the Block Referrer Spam plugin page. Download and install the plugin onto your WordPress dashboard to open up access to all of its features and settings. Make sure you activate the plugin to begin blocking your referrer spam.

What Are Some Other Tools You Can Use to Block Referrer Spam in WordPress and Google Analytics?

  • Sucuri – This is an all in one website security solution that blocks everything from malware to viruses. If you’re interested in finding all of your protection in one suite, go with Sucuri. It monitors referrer spam and removes it from your website. Sucuri can also protect your site against a DDoS attack.
  • SpamReferrerBlock – We like this plugin because it’s similar to the one we’re using in the tutorial, and it filters your incoming traffic to identify the bad spam that’s coming in. It provides a blacklist to ensure that referrers do not come back.
  • WP Block Referrer Spam – This plugin uses a more rigid approach, since it blocks a set number of sites that are known to send out referrer spam. It’s not a bad place to start, but in general, you’re better off going with one of the above options.

Step 2: Configure Your Settings

On the left-hand side of your WordPress dashboard, you’ll find a tab called Referrer Spam. Scroll over this option and click on the Referer Spam option that pops out.

The goal here is To ensure that all referrer spam is being blocked on a daily basis, so check off the area under Auto Update to reflect that you would like to update this list on a daily basis. You also have the option to complete this manually, but the plugin is pretty lightweight, so there’s no reason you can’t implement the automated system.

After that, go to the Block Mode title. By default, it should have the Rewrite Block button selected. This is because the Rewrite Block option works faster and it runs on the server level. The only reason you’ll want to try the WordPress Block is when you’re having trouble with your .htaccess file or you encounter other problems on the server level.

You’ll also see an area called Manual Update. This forces an update of the referrer spam list. If you’re running a manual process, this is where you’ll go to complete that task. It also might work well if you happen to notice a referral spam link in your Google Analytics that hasn’t been cleaned out yet.

Step 3: Checking Your Last Updates and Creating Custom Blocks

The bottom part of the Referrer Spam page has a Last Update field, which tells you exactly when the last list update was completed. Although you may not think much about this now, it’s a handy tool to have for checking on how the plugin is working. For example, if you start noticing that referral spam is coming back into your Google Analytics system, you can simply go to this area to see if the plugin is still running. It also provides a link for you to check out the entire list of blocked websites.

There’s a chance that the plugin doesn’t block all site links with referral spam. It does a pretty good job, but some of them might slip through the cracks. If you see a few questionable links on your Google Analytics referral report, feel free to copy and paste the website URLs into this box for a more manual approach on blocking the spam.

After all that is done, click on the Save Changes button to complete the process and let the plugin do its work.

Step 4: Viewing Your List of Blocked Sites

Seeing as how referral spam is extremely common, you should see results from the plugin almost immediately. In order to view a complete list of all blocked sites, scroll over the Referrer Spam tab again, but click on the All Blocked Sites button.  

Upon clicking on the link, it shows a giant list of internal blocks. The cool part is that you can open each of the sites safely to see what they actually are. If you scroll down to the very bottom of this list, a Custom Blocks header specifies all of the blocks you’ve put through the system manually.

Step 5: Get Rid of Ghost Referrer Spam

Since the goal here is to prevent referrer spam from getting on your Google Analytics reports, it’s now time to open up your Google Analytics account to see if it’s working. You’ll also notice that some sites are getting through because they are what we call “ghost referrals.” In short, they aren’t visiting your site, so they can’t be blocked by plugins.

Open Google Analytics, and go to Audience > Technology > Network.

Scroll down to select Hostname as your Primary Dimension, and make it so that the results are shown by month.

Tired of WordPress hosting support that seems to know less than you do?

We understand! That’s why Kinsta only employs high-skilled developers and Linux Engineers. The expertise of our support department is second to none, and we’re available 24×7 to help!

Look at the entire list of hostnames. Identify the legitimate ones and write them down.

The key here is to make a list of the valid host names. Then, go to the Admin tab at the top, and click on Filters.

Click Add Filter > Custom Filter Type > Include. This field will ask you to punch in a list of the acceptable hostnames. The format for this requires you to put a ^ sign before each hostname, along with a $ sign after each one. In order to separate the hostnames, use a | sign.

Select the Save button to complete the process. It should take about 24 hours to see changes in the Google Analytics dashboard. You can also take a look at this big list of spam/ghost referrer sites. You should exclude all of them in your Google Analytics.


Now that you’ve had a chance to learn how to block referrer spam in WordPress and Google Analytics, give it a try yourself. Also, feel free to drop a line in the comments section if you have any questions.