This is how you get rid of WordPress referral spam!

I have written extensively on WordPress blog referral spam that plagues all our Google Analytics and skews data to the extent that if you are a new site; makes stats from the likes of Google Analytics unusable.

Some background as mentioned in this post and this one, it all started with Semalt. Semalt used a botnet like crawler to ping your site, show on your stats and subsequently, have you click or search Google to find out who they are. Viola, their new SEO website competitor analysis software (for purchase by way of subscription) was born.  Instantly becoming an overnight brand name to the exact target audience; you and I!

Whether you agree to their marketing way (little too dark gorilla style) or not, they managed to pull off what many work very hard for over a very long period of time.

Lot’s of angry blog posts from webmasters and the like out there, including myself. Folk were desperately  searching to find the solution to stop these turds from skewing the precious data that we all rely on and check daily.

After Semalt, we soon were all introduced to the slew of now official WordPress referral spam bots. The idea is genius, dirty it is, but highly effective.

They were aggressive. Sometimes hitting your blog more than 30 times a day! What were they? Why the heck did they do it?

So let’s just look at the principle behind this. They hit your blog with a bot that registers on your Google Analytics and other monitoring softwares with the intention of getting you to click on the link or at the very least Google their name.

Whatever the commercial interest, this changes per instance, they get you to complete the action.

I did a bit of research and alot of clicking on these links only to be redirected the majority of the time to an AliExpress landing page. Now, having spent years working in digital marketing arena, I am quite familiar with affiliate marketing. You get a link, it tracks you using cookies and if you buy or complete an action, they clip the ticket either with a one time fee (CPA) or ongoing.

Taking this as the base of the commercial drive behind the botnet crawlers, they make a killing. We (wife and I) purchase often from AliExpress and out of principle I always delete any cookies on my browser before completing a purchase just not to support these shysters! I can almost guarantee this is not the case with the majority of webmasters out there and they would indeed be making good dosh.

I have also tried on many occasions to report them to AliExpress but never get a reply. I noticed they simply change their crawler log name to something else and away they go again. You click, get 2-3 redirects (ILoveItaly perfect example) and then end up at AliExpress.


How to stop seeing the data and get real stats?

As mentioned, I’ve covered this topic in detail since the first beginnings of Semalt. I’ve even been abused by Semalt staff for some of my writings. So looking back we started off with blocking via the .htaccess route. This was widely accepted as the right way to do it.

This did NOT work.

The next thing we tried was to filter them out using Analytics… This was a complicated excersise and did NOT work. Once you managed to block them they simply changed names.

Next I thought I’d hit the holy grail. Google announced that it had added a tick box to “block known referral spammers” via the admin Google Analytics settings. For your viewing pleasure you can watch the how to “a la yours truly” the noob right here.

This did not work.

So, I went and deleted all the shit evil spammer code added to my .htaccess file. Followed by deleting all the additional filters from Analytics and left the video up (it was my first video- so it stays up even if it is wrong).

Next thing I did was stop looking at Analytics and go back to the good ol’ Jetpack from WordPress. Make sure to turn on stats and sit back.

Come back over a week, you’ll start to see some of the spam links showing under referrers (on WordPress stats section). Click to the right of the link and mark it as Spam.

What you’ll find is the biggest culprits are already blocked. After a few months or if you have had Jetpack on for some time, you can simply view stats under Monthly and then within seconds remove the bad referral links.

What you end up with are squeaky clean stats. Free of the shyster’s links and stats that although displayed a little differently to Analytics, are real and super accurate.

I can now honestly say that for sites I manage, I hardly look at Analytics. Im talking about once a month for certain sites. Sorry Google. If it were that simple (one click) to remove or filter out the data or links we don’t want then I’d use your product again. Nothing effective has been provided by your good selves to date.


  1. Ignore all the advice online- IT DOES NOT WORK
  2. Remove all the lines of code from your .htaccess added for the purpose of blocking- IT DOES NOT WORK
  3. Stop looking at Analytics, you’ll find Jetpack’s stats just as cool

Thanks for reading.



GIF compliments of Gif-weenus.

Have your say!