Since the turn of the year, Google Analytics accounts across the world have been hammered with electronic spam. Although in the past I have spoken about how to stop Ghost referral spam, this method is no longer the answer to stopping all forms of spamming techniques.

Ghost referral spam has caused many accounts to track ‘fake visits’ to your website from nuisance websites, which were viewable in the referrals section of Google Analytics after drilling down into visitor data. These irritant sites were spamming other websites either as a form of lead generation, or as a way to spread viruses, as most people would naturally proceed to the sites (I wouldn’t recommend this) in order to establish who they are and what they do.

Now, Analytics accounts seem to be getting peppered with direct traffic spam. On some sites, this spam can be seen as large amounts of direct traffic with a bounce rate of 100% – or values equally as high – and only 1 page view per session. This is a clear indication of false data tracked by Analytics’ accounts making it harder for people to get an accurate insight into their current site performance.

In order to rectify this, you’ll need to set up what is being referred to as a ‘Valid Hostname Filter’

What is a Hostname in Analytics

Before we set the filter up, firstly we need to understand what a hostname is and how to locate it. So, in Google Analytics, a ‘hostname’ is referred to as the domain that your Analytics account is linked to and that tracks data for your website. For a vast majority of webmasters, this should only be the website that you implemented the Analytics tracking code onto. To view the Hostname of your traffic simply complete the three simple steps below:

  1. On the left side bar, select: Acquisition > All Traffic > Channels
  2. Add ‘Hostname’ as a secondary dimension
  3. Towards the bottom; select a higher number of rows to display, so you get a better view of your incoming traffic


However, if you look a little deeper, then you will see lots of visitor traffic that was not actually triggered on your website (see example below).


As you can see, all of these domains don’t exactly look trustworthy or recognisable, and this is exactly the kind of traffic that we don’t want to report on as it is most likely spam.

Setting up a Valid Hostname Filter

The hostname filter will mean your analytics only contains traffic that has been triggered on your website. This will block out any spam or other websites that inadvertently trigger your analytics.

  1. Go to the Admin section and select ‘All Filters’ from the left hand side.
  2. Select ‘New Filter’ (if this is not present, then you don’t have Admin access to the Analytics account that you’re using).
  3. Give the filter a name you will understand.
  4. Select ‘Include Only’ from the filter type
  5. Select ‘Traffic to the hostname’
  6. Select ‘That Contains’
  7. Enter your domain in the Hostname box without http://www.

This view will then report on traffic that has visited the domains that you have entered only. This will include any canonical versions of the domain for www. and non-www. resolves, as well as any other sub domains you may have.

If you have multiple domains that you want to accept, then simply use the pipe character to allow for more than one domain. For example,||


Due to the nature of filters in Analytics, this will not remove the spam retrospectively, but it will stop the spam moving forwards. Since this will cause a dip in analytics when you review your reports, it’s a great idea to add a comment for your records and to highlight the date the change was made.

As it stands, this should fix any issues with your website revolving around the receipt of spam and/or fake data. For the spammers to get around this, they would have to become much more sophisticated in their methodology, which probably wouldn’t be beneficial to them.

Currently, Analytics have opened themselves up to make this type of spam possible and as with anything, spammers are taking advantage of an easy way to spam.

Go Back to the Blog
More Posts like this..
Non-Secure Collection of Passwords will trigger warnings
Happy Google Penguin 4.0 Day
Geo-targeting Your Website
WordPress Video Lightbox Plugin