How To Stop Referrer Spam

By Jon Henshaw, Co-founder and President of Raven Internet Marketing Tools. Originally posted on Raven Tools Blog.

Attack of the Referrer Spam

Referrer spam is becoming a problem. If you’re not familiar with referrer spam, it’s traffic from bots that impersonate a referral link. The pseudo traffic is designed to make their domain show up in your site analytics so that you’ll visit the site.

Why is Referrer Spam a Problem? Aside from junking up your site analytics with useless data, it’s a big waste of time. We’ve heard from many of our customers here at Raven just how frustrating it is to explain what “semalt” is to their clients and why it doesn’t matter.

While it’s possible to create a filter in Google Analytics to filter out referrer spammers like semalt, all it does is mask the problem. Also, as Himanshu Sharma has written about, it may create data sampling problems. So instead of filtering out bad data after the fact, I’m going to show you how to block it at the source.

Referrer Spam

How To Stop Referrer Spam

The key to stopping referrer spam is to block it before it has a chance to register on your site as a referrer. The simplest way to do this is to add the following code to your .htaccess file.

RewriteCond %{HTTP_REFERER} [NC,OR]
RewriteCond %{HTTP_REFERER} [NC,OR]
RewriteCond %{HTTP_REFERER} [NC]
RewriteRule .* - [F]


Another technique you can use is a Deflector, which redirects the traffic back to where it came from. Avi Wilensky, CEO ofPromediacorp prefers this method to just blocking them. He creates a text file named that looks like this.

##referer --> redirect target

Then he puts the following code in his .htaccess file.

RewriteMap deflector txt:/path/to/
RewriteCond %{HTTP_REFERER} !=""
RewriteCond ${deflector:%{HTTP_REFERER}} =-
RewriteRule ^ %{HTTP_REFERER} [R,L]

I haven’t tried this yet, but I plan to. If you’ve had any experience with deflecting, please tell us about it in the comments below.


Shelli Walsh, of ShellShock UK, recommends using a blacklist of referrers and Regex coupled with commonly used spammy keywords. An example of this is available from Perishable Press.

The only problem with currently known referrer spam blacklists — at least the ones I found — is that they don’t seem to be kept up-to-date.

WordPress Plugin

For those who don’t have access to their .htaccess file or don’t feel like they have the experience to properly edit it, there’s a WordPress plugin for it. For many webmasters, semalt is the worst offender. That’s why Peadig created the Semalt Blocker for WordPress.

The Semalt Blocker plugin is currently limited to only blocking semalt, but the plugin creator, Alex Moss, has assured me that they’re working on a new version that will allow users to add more sites to block as needed.

Efficient Management of .htaccess

Another annoyance of having to block referrer spam is updating the .htaccess file for all of your sites. Fortunately, there’s a trick that Brian LaFrance of AuthorityLabs shared with me. He uses an umbrella .htaccess file for all of his sites. He does that by storing an .htaccess file in the directory that contains all of his site directories. The server will read that .htaccess file prior to each site’s individual .htaccess file, so the bots are stopped for all sites nested under that directory.

Personally, I like to use unique .htaccess files for each of my sites, but I still like for things to be as efficient as possible. My solution has been to create symbolic links to all of my .htaccess files in one folder. That way I have access to all of them, and then I can quickly open, paste and save…open, paste and save…

Here’s a spambot list that’s frequently updated.

Update – March 23, 2015

After writing and publishing this post, two new pieces of information were presented to me.

First, Rishi Lakhani would like credit for coming up with the Semalt Blocker plugin by Peadig.

He also wrote an excellent post on referrer spam over at Refugeeks that you should check out.

Second, Georgi Georgiev pointed me to his post that analyzes all of the options for blocking referrer spam. He concluded that the best overall solution is to create a custom filter in Google Analytics.

You can create a filter for your sites in Google Analytics by navigating to the Admin and then clicking on All Filters. Click on the New Filter button and then create a Custom Exclude for Campaign Source. Enter the domains you want to exclude using Regex. The format should be domain.\ followed by a pipe (|) for each additional domain.


It should look similar to this screenshot:

Google Analytics Filter

What about you? How do you block botnets?

Update – April 20, 2015

Matthieu Napoli left a helpful link to a Referrer Spam Blacklist hosted by Piwik on GitHub. Many thanks to Matthieu for sharing that.

Update – June 16, 2015

Tom Capper at Distilled discovered another way to filter out referrer spam in Google Analytics. He suggests using a screen resolution exclusion.

Update – August 24, 2015

For a full list of the Spam links our team currently blocks, visit my Resource Page.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s