There are various types of referrer/referral spam that plague WordPress sites. Most customers start to notice these within their Google Analytics reports. While some referral spam can easily be blocked with rewrite rules, some cannot be.
The type of referral spam that cannot be blocked via htaccess or nginx rewrite rules is a type of spam called Ghost Referrals. These types of referrals can’t be blocked because they are never actually visiting your WordPress site at all, hence the name “Ghost” referrals.
These are the types of referrals that you will see littering your Google Analytics reporting and will eventually drive you mad if you don’t know how to stop them. However, the good news is that it is possible to stop them from affecting your Google Analytics even if you can’t use rewrite rules!
First, let me clarify, that these Ghost referrals do not ever visit your site and therefore will never show up in your access logs. These referrals only show up in Google Analytics reporting because they are using GA Management Protocol allowing them to post a fake pageview with your unique GA code.
The way to block them from showing up in your reporting is by using a filter inside of Google Analytics itself. To learn how to use the filter block in Google Analytics, please check out this guide that includes screenshots:
https://megalytic.com/blog/how-to-filter-out-fake-referrals-and-other-google-analytics-spam
The most recent examples of Ghost Referrals are: Darodar, iloveitaly.co, priceg.com,blackhatworth.com, and hulfingtonpost.com. All of these must be blocked with a filter in Google Analytics. No amount of rewrite rules will do you any good like they would for say, Semalt, which is an actual web crawler.
More info on Ghost Referrals: http://www.ohow.co/what-is-referrer-spam-how-stop-it-guide/#Referrer_Spam_List_updated_18-april-15.
Cpanel Security and htaccess file are more reliable for blocking ghost referrals.
Hey Akash,
Actually, you cannot block ghost referrals using Cpanel or htaccess because ghost referrals never visit your site in the first place. They are simply hijacking your Google Analytics code to spoof a visit to your site.
Because they never actually visit your site, blocking them in htaccess does nothing. Hope this helps clarify 🙂
I managed to block most of mine (including some of the ones you listed in the article) with a plugin, but there is one that says it isn’t a ‘valid referrer’ which I’m having trouble getting rid of – As far as I’m aware filtering your Analytics results only stops them showing up as referral traffic. They just become direct traffic in the report after you add the filter.