To find out if your website stats are already being affected by referrer spam please read our blog post Is referrer spam affecting your website metrics?
Many websites are hosted on web servers that use .htaccess files to control how the server should behave in response to specific requests. The .htaccess file is found in the root of your site directory and can be accessed either by FTP, SSH or web admin control panel such as cPanel. There are two possible methods to block referrer spam to your site using the .htaccess file: mod_rewrite or mod_setenvif.
You can find instructions on how to block referrer spam with htaccess file methods below:
The following instructions are technical by their very nature and should not be attempted by anyone other than an experienced webmaster, coder/developer. We cannot be held responsible for any detrimental effects and we do not provide unpaid support for these or any other instructions. Always take a backup!
In the “single referrer” example below, “badsite\.com” is the domain you wish to block. Note the backslash proceeding the period (“.”) to actually denote a period, as in Regular Expressions, a period denotes any character, which is not what we want. The flag “[NC]” is added to the end of the domain to make it case insensitive, so whether the domain is “badsite.com”, “Badsite.com” etc, however bad it gets, it gets blocked. Finally, the last line in the .htaccess file specifies that the action to take when a match is found is to fail the request, meaning the referrer traffic will hit a 403 Forbidden error.
RewriteEngine on
# Options +FollowSymlinks
RewriteCond %{HTTP_REFERER} badsite\.com [NC,OR]
RewriteRule .* – [F]
To block multiple referrers, you can add multiple ‘RewriteCond’ statments, but omitting the [NC,OR]
RewriteEngine on
# Options +FollowSymlinks
RewriteCond %{HTTP_REFERER} badsite\.com [NC,OR]
RewriteCond %{HTTP_REFERER} anotherbadsite\.com
RewriteRule .* – [F]
Now, you may have noticed the line “Options +FollowSymlinks” above, which is commented. Uncomment this line (by removing the # character) if your server isn’t configured with FollowSymLinks in its section in httpd.conf, and you get a 500 Internal Server error when using the code above as is.
Related blog posts
Is referrer spam affecting your website metrics?
How to block referrer spam in Google Analytics
How to block referrer spam with a WordPress plugin
