Google analytics and its data. Metrics that support marketing actions to approve budgets or to see if our strategies are working. If it sounds familiar to you, then you’re responsible for marketing or you’re taking that role too. So we make you a spoiler, website security goes with you too.
Common tools like Google Analytics need security maintenance so that the results shown are not wrong. Bots or robots that are spam for your accounts can kill your metrics and lead to wrong conclusions about your achievements or those of your marketing team.
It is very important to keep your website clean and protected against malware. But in addition, you should not neglect aspects of security in business and marketing areas. Not everything in security is a matter of development or systems roles. If you’re a freelancer you’ll probably take care of everything and there’s no distinction between preventing your WordPress from infecting or your Google Analytics having the right filters. And if you are a marketing manager, make sure your team has the technical expertise that can validate and secure the data, which would be marketing security. Because today there are bots that do everything from attacking your site to spamming your Google Analytics account.
Marketing Security Concepts
Before giving you the 3 security tips to protect your website positioning, data and marketing, we explain you some concepts:
Good Bots and Bad Bots
It is true that you should differentiate between good bots, like those of Google, and the rest. Googlebot is the indexer of all our pages to position them, for example. But even good bots can be ‘hacked’. There are malware that can operate using strings or fake strings to make it look like your HTTP request comes from Googlebot.
Some of the goals of bad bots are:
- Steal contact and billing data during your e-commerce or website transactions
- Copy the content of your web
- Generate fake visits to your website that will alter your Google Analytics reports. This is referral spam
- Generate fake clicks on pay-per-click (CPC) ads
Referral spam
If your website, blog or e-commerce visitors are inflated and users have strange names, then you probably have referral spam. In addition, referral spam usually has very high bounce rate and very low average session duration ratios. This is obviously horrible for your stats. Why do they want?
- Inflate traffic to your website and distort your statistics
- Deceive you to visit the malicious websites that you find in your analytics report
Botnets
Hackers do not attack alone. They configure increasingly complex botnets for more powerful attacks. They use a network of distributed servers that makes very complicated to detect the point of attack. That’s why DDoS attacks are effective because they are distributed. You stop one and another appears in seconds.
Referral Ghost
The referral ghost spam or ghost spam is a kind of referral spam let’s say, tedious. Surely you know that Google Analytics has a unique UA code ‘UA-XXXXX-X’. If your Google Analytics code is hard coded on your website, the bots can delete it from your source code and use your tracking code.
Once the bot has your UA code, it can send data directly to your Google Analytics account without even visiting your website. They use the Google Analytics measurement protocol, designed to accept Internet data from things (IoT) so they do not even need to install the tracking code on a website.
And since these references or referrals never really reach your website, they do not appear in the server logs.
Security Tips in Google Analytics
Tip 1: How to Stop Referral Ghost Spam
It’s not all bad news. There is a way to ignore referral Ghost Spam.
In Google Analytics, you can create a filter by host name in each view to ensure that only traffic coming from valid site properties is included. And with this action you completely eliminate the referral spam in the data for those views in the future. Remember this by comparing historical metrics.
- On the Reports tab, set the date to a minimum of one month
- You go to Audience> Technology> Network
- Select Hostnames as the primary dimension.
- Write down all the valid hostnames of your property. Remember not to visit them.
- In the Administration section, click the View drop-down menu and select Create New View.
- Name the new view.
- This allows us to test the changes before playing with existing data. Ideally, always keep at least one unfiltered view of the data.
- Select Filters in the options in the View column and click + NEW FILTER.
- Select Customize> Include> Host Name.
- Enter the Filter Pattern as a regular expression that contains all the valid host names in step 4.
- Click Check Filter to preview the changes.
- Click Save to apply the filter.
- Wait at least 24 hours to see the changes in the Hostnames report
- Visit the real-time tab to make sure traffic continues to arrive at the new filtered test view.
- Confirm that the filter is working and apply it securely to your main view.
This filter will only affect new traffic. Old traffic still has ghost referrals. If you want to remove ghost referral spam from historical data you can create a custom segment.
Tip 2: Block Normal Referral Spam
The most common type of referral spam is related to the robots that visit your website, therefore, it can be blocked in a traditional way. You can set up a reference exclusion filter but it can be an exhaustive process.
It is advisable to add server configuration rules in the .htaccess, web.config, or nginx.conf files to specifically exclude known bad referrals or malicious references. There are lots of lists that you can use and keep updating as they grow continuously.
Tip 3: Basic security if you do not have much experience
A simple practice, although you must check that you’re not blocking valid data, is to make only two filters:
- Excluding traffic from your IP (from your office, your home …) to not have false statistics.
- Including ONLY traffic from your domain. Accept only whatever comes from your domain or subdomains. With a hostname filter.
Website security is here not to leave
The risk of malware infection or hacking in your website increases day by day. Try to take measures on time about security and carry out the proper maintenance of your website. Especially if you have an online business and you do not want it to be compromised.
0 Comments Leave a comment