Block referral spam using Cloudflare (For free)
One of the most annoying (and constant) sources of referral spam is fake visits to your site. Referral spam can appear in Google Analytics as if it were real traffic. However, there are no actual users and no one ever visits your site. And the worst part is that you can't do anything about it.
Referral spam, also known as ghost or log spam, is any type of activity that appears in your website analytics as if it were a real referral traffic source. Just like email spam and junk mail, these referrers advertise products and services on your website without spending any money on advertising.
The goal of referral spam is to make you visit the fake link because they will use this to trick you into paying for their services or products. Plus, if they see a significant number of visitors on their link, they'll try to sell this service to other hackers and spammers.
Referral traffic usually originates from a legitimate source, such as another website, social media platform or a search engine like Bing or Google. But with referral spam, there's no actual visitor and no one ever visits your website or clicks on the link in the referral traffic report.
With Cloudflare's firewall rules, you can now block referral spam and protect your site from unwanted visitors. In this post, I'll show you how to block referral spam using Cloudflare's firewall rules.
Make sure the website you want to protect has Cloudflare proxy enabled. If this is true then the cloud icon has the orange color
On the left-hand side bar click Security -> WAF
Click the "Create firewall rule" button to create a new Firewall rule.
Enter a name for the rule and in the rules section,
- Select the field "Referer" and "contains" for the Operator
- For the values field, enter the website name without (https:// or .com or the extension)
- You can add additional websites by adding the Or condition
- Click "Deploy firewall rule" to enable the rule immediately.
In the Cloudflare free plan, you can have up to 5 active rules.
The Security -> Events and then Security - WAF dashboard display details about the blocked requests.