Secure Your Google Analytics Data From Hackers


by Sarah Warlick, content director

You have been hackedUsing Google Analytics data is a great way to learn more about what’s working on your website and track progress toward your marketing goals. Sometimes, however, the data you see may not reflect what’s actually happening on your site. Then you’re wasting time assessing numbers that are basically garbage. Worse yet, you have no idea how you’re doing in terms of reaching your intended audiences and increasing site traffic, or any of the details about specific content.

This happens because of a particular kind of hacking that generates referrer spam, keyword spam or fake hits to your pages. It doesn’t damage your site or reputation, but it can definitely cause you problems as described above.

Why on earth would anyone hack your digital content to do this, and how? The answers to both questions are surprisingly simple. Someone could do it just to mess with you or get your attention, but it’s far more likely that your Google Analytics data would be hacked to make it look like someone else’s site was generating more traffic than it actually gets, thereby earning the hacker more money or prestige.

Attaching one site’s data to another is quite an easy task, since the information needed to accomplish the feat is just a click away. (That’s assuming both sites use Google Analytics; otherwise it can’t be done at all.) Your site has a unique Google Analytics Tracking ID or Property ID that identifies all the pages tracked by the same account. Anyone can see this code by right-clicking on a web page to reveal the source code and then searching for ga.js, the JavaScript handle for your tracking code.

Using the same ID on another site will send all the data from both sites to the same Google Analytics account. That means the data you see includes some unknown number quantity of hits that took place on the different site. Google doesn’t distinguish between hits to different sites as long as the pages being monitored contain the same property ID. You might also see traffic appearing to come from inaccurate pages (referrer spam) or following searches for keywords you didn’t specify (keyword spam).

Luckily, it’s not too complicated to eliminate much of this fake traffic. You can maintain the integrity of your Google Analytics data to a great degree by adding a filter. The filter will allow you to exclude the spam and only report traffic from valid host names. To create the filter simply include the allowed domains in your filter field: “accountingfirmxyz\.com|facebook\.com|linkedin\.com”. Be sure to substitute your domain name for the “accountingfirmxyz\.com” and separate each host name with a |. The main problem with this technique is that committed hackers can get through by adding different extensions to your main url. Some junk may still get through, but even so you should have much more solid numbers after adding the filter.

You can also hide your tracking ID using server-side code, if you’re an experienced web developer. Most site owners will need to ask for professional IT help when opting for this method.

And if this kind of analytics hacking has already occurred on your site, you may still be able be able to sort out the truth to gain meaningful insights from that corrupted data. Try creating an advanced sorting segment that filters out all data except that containing the desired hostnames. If you apply the segment to your reports, you should eliminate the junk added from an outside site.

The information you get from Google Analytics can be extremely valuable, so go ahead and invest a few minutes in making sure it is valid and based on real traffic from real people who are truly interested in your firm.



Leave a Reply

Your email address will not be published. Required fields are marked *