Secure Your Google Analytics Data From Hackers
by Sarah Warlick, content director
Using Google Analytics data is a great way to learn more about what’s working on your website and track progress toward your marketing goals. Sometimes, however, the data you see may not reflect what’s actually happening on your site. Then you’re wasting time assessing numbers that are basically garbage. Worse yet, you have no idea how you’re doing in terms of reaching your intended audiences and increasing site traffic, or any of the details about specific content.
This happens because of a particular kind of hacking that generates referrer spam, keyword spam or fake hits to your pages. It doesn’t damage your site or reputation, but it can definitely cause you problems as described above.
Why on earth would anyone hack your digital content to do this, and how? The answers to both questions are surprisingly simple. Someone could do it just to mess with you or get your attention, but it’s far more likely that your Google Analytics data would be hacked to make it look like someone else’s site was generating more traffic than it actually gets, thereby earning the hacker more money or prestige.
Using the same ID on another site will send all the data from both sites to the same Google Analytics account. That means the data you see includes some unknown number quantity of hits that took place on the different site. Google doesn’t distinguish between hits to different sites as long as the pages being monitored contain the same property ID. You might also see traffic appearing to come from inaccurate pages (referrer spam) or following searches for keywords you didn’t specify (keyword spam).
Luckily, it’s not too complicated to eliminate much of this fake traffic. You can maintain the integrity of your Google Analytics data to a great degree by adding a filter. The filter will allow you to exclude the spam and only report traffic from valid host names. To create the filter simply include the allowed domains in your filter field: “accountingfirmxyz\.com|facebook\.com|linkedin\.com”. Be sure to substitute your domain name for the “accountingfirmxyz\.com” and separate each host name with a |. The main problem with this technique is that committed hackers can get through by adding different extensions to your main url. Some junk may still get through, but even so you should have much more solid numbers after adding the filter.
You can also hide your tracking ID using server-side code, if you’re an experienced web developer. Most site owners will need to ask for professional IT help when opting for this method.
And if this kind of analytics hacking has already occurred on your site, you may still be able be able to sort out the truth to gain meaningful insights from that corrupted data. Try creating an advanced sorting segment that filters out all data except that containing the desired hostnames. If you apply the segment to your reports, you should eliminate the junk added from an outside site.
The information you get from Google Analytics can be extremely valuable, so go ahead and invest a few minutes in making sure it is valid and based on real traffic from real people who are truly interested in your firm.