Generally speaking, I don’t look at my visitor analytics on a regular basis. However, when I took a look into them this weekend, I noticed something quite strange. Tons of referrals from a site called Buttons-for-website.com.
At first, I thought how cool that another site is bringing me traffic! But then, I noticed on another site of mine, I had over 25 referrals from the very same buttons-for-website.com.
Immediately, I knew something was amiss and it seemed all too much like the Semalt spam traffic I was getting a few months ago. I did a bit of research and found out that I am not alone with the buttons for website Spam.
Quite a few other WordPress folks were also receiving the bogus referral spam from buttons for website as you can see here:
https://wordpress.org/support/topic/buttons-for-websitecom
So, the question is, what can one do about this referral spam? There is actually two primary ways to prevent this random traffic from clogging up your analytics and logs. One is used if you are running NGINX as I am on WP Engine and the other if you are running just Apache.
Here is the NGINX Rewrite rule which will turn away buttons-for-website.com referral traffic:
if ($https_referer ~* (buttons-for-website.com)) { return 444; }
Here is the Apache htaccess rule to turn away the referral traffic:
# block referer spam
RewriteEngine On
RewriteCond %{HTTP_REFERER} buttons\-for\-website\.com
RewriteRule ^.* - [F,L]
If you host with a company that uses NGINX (such as WP Engine), reach out to them in order to apply the NGINX rewrite rule for you. If you use Apache, just add the lines to your htaccess file.
What about Darodar and iloveitaly spam? Those are Ghost Referrals and rewrites won’t work. Check out my article about how to block this particular type of annoying spam:Β https://210mike.com/block-ghost-referral-spam/
Want to Learn More About WordPress? Subscribe Now!
i thought i was alone with the semalt overload…..i again thought i was alone with this button for website overload…..it seems i am not the only one they are trying to throw for a loop….appreciate the assistance but how do you know which of those is the one needed and where to put it? still having issues with both.
Hey Brian! Sorry to hear that you are also experiencing this nonsense! Most users will be fine to simply use the htaccess method as very few hosts are running NGINX before Apache. But, if you are not sure, contact your host directly. Good luck!
I somehow came across this when I saw a referral from this site to my website. When I checked in, I really liked the way it showed the social buttons and hence I added it in my website as well. Do you think using it on my website and again blocking it in the htaccess file will be ok, or i will need to remove this script to make it work. I added it in the htaccess file but haven’t removed from the script.
Hi Saveena!
From what I have seen, the buttons for website referral spam has nothing to do with actual social buttons on your website. Having the social buttons on your site will not cause such spam. So no need to remove anything from your script.
Hope this is helpful to you!
Correction to my previous reply to your comment. I would NOT recommend that you use their code as it could be potentially dangerous for your site and could cause it to be hacked. So I would recommend that you remove the script ASAP
I had the same issue. I am using Google Analytics. If you use Google Analytics use Trackinginfo > Referral Exclusion List to get rid of such referrals.
Hey Suri!
Great suggestion, thanks so much for that information. Unfortunately, this solution doesn’t work well for WP Engine customers such as myself though, as we get charged for all visits to the site regardless. This is why I have refused the traffic all together.
Thank you for the blog post ,but also fthanksfor the google analytics info! I will follow these instructions.
Hi Jan!
No problem at all. I am glad you found the information helpful π
I’ve also seen these come up since the end of October.
I’ve filtered them out in IIS with the following rule:
Can’t post XML… here’s the summary line which would come under system.webserver, rewrite, rules, rule:
match url=”*”
conditions, add input=”{HTTP_REFERER}” matchType=”Pattern” pattern=”*.buttons-for-website.com*” ignoreCase=”true” negate=”false”
action = type=”AbortRequest”
Awesome, this is very good to know. Appreciate you sharing this!
I’m noticing this as well and it’s getting worse. I just host through wordpress. How can I fix this? Not sure where to add the code or which code I need.
Thank you.
Hey Stella!
Sorry to hear that you have been experiencing the same nuisance spam referral. Unfortunately, I don’t believe WordPress.com allows you to edit the htaccess file. I would highly recommend that you reach out directly to their support at the link below to see what can be done about this issue:
https://en.support.wordpress.com/contact/
Good luck!
Added this same code within my .htcaccess file on a self-hosted wordpress site and it did nothing for me. I’m still getting daily visits.
Just an fyi to anyone else having the same problem.
.htaccess file* not htcaccess – haha
Hey Luis,
That is really strange! Is it possible that you are with a host who runs NGINX before Apache as mentioned in my article? If so, you may want to contact them to find out if they can added the appropriate rule for you.
I am in the same boat as Luis. I added that to my .htaccess file and it didn’t do anything. I should have known, considering that I’m using it to try and block semalt.com, with no luck. My host uses Apache, not NGINX as far as I know.
Hey Joseph,
Wow, sorry to hear this. I think I should double check this rule to be sure its correct. However, for Semalt, you should do the following in htaccess :
# Block visits from semalt.com
RewriteEngine on
RewriteCond %{HTTP_REFERER} ^https://([^.]+\.)*semalt\.com [NC]
RewriteRule (.*) https://www.semalt.com [R=301,L]
Hi Mike,
Thanks for the post! I’ve been searching for the best way to block these obnoxious bots and have been finding lots of different info. Can you explain why the difference between semalt and buttons rewrite code patterns below? I’m getting traffic from both and would like to be consistent with my updates. I’m guessing because semalt uses various URL’s, i.e. *semalt.com and *semalt.semalt.com. Is that correct? Just checking. π
Thanks in advanced!
# block referer spam
RewriteEngine On
RewriteCond %{HTTP_REFERER} buttons\-for\-website\.com
RewriteRule ^.* – [F,L]
# Block visits from semalt.com
RewriteEngine on
RewriteCond %{HTTP_REFERER} ^https://([^.]+\.)*semalt\.com [NC]
RewriteRule (.*) https://www.semalt.com [R=301,L]
Hey Wendy,
I can’t honestly say for sure what the complete difference is but you should be able to use either/or syntax as they both appear correct to me. I would say try it out, no harm in that! Good luck!
Hi Mike, thanks for this post!
Although i know how to block it, it still makes me kinda mad. The source of this unwanted referrals should do something about it. With source i mean the host. As i’ve seen in the post on wordpress, the host is “worldstream”. After getting alot of traffic from buttons for websites, i decided to google about it and found the wordpress topic. After a whois on the domain i found out it was indeed “worldstream”. So i’ve mailed them (2 times so far). Zero response. I’m thinking to send 1 last mail, where i’ll let the host know that all traffic from buttons-for-websites will be redirected to their own homepage. Wondering already how long it wil take before they do contact me.
Anyway thanks for the blog post…
A angry dude on the web.
Hey! Yes, I completely agree that this is utter nonsense on all accounts. This was the same thing I dealt with when Semalt did this crap. Good to hear that you decided to go after the host for that site, I wouldn’t have thought of that actually! Hopefully, they will respond and if not, I like your idea! LOL
Hi Infinity,
Have you had any response yet?
No reply yet. And i dont expect they will. Decided to not re-route the traffic to the host, because the websites that get the referral traffic are not my own websites. Since i’ve been getting more and more of these “fake” visitors (up to 40 hits per day), i’ve decided i won’t deny access in the htaccess anymore. Because it’s not only buttons for websites, but also for example darodar, ilovevitalty, semalt and some others. Since a couple of days i just exclude them from my reports (google analytics). The amount of hits won’t hurt my customers (site speed, ranking etc), but it does hurt them analytic wise (vistor numbers, conversions etc).
Oh and Mike if you read this, last couple of days i get some weird direct visits. They seem to land on a non existing page title. The page title shows up in analytics as “Co.lumb”. I have been searching (just a few minutes) but couldn’t really find anything of use yet. Next couple of days i’ll see if it keeps happening and if there is a need to block/re-route these visits (maby something for a next article ;)).
Good to see people are fighting back and closing the doors for these internet trashers.
Hey there!
The Co.lumb page spam traffic results you are getting is actually the same as darodar referrer spam. They are coming from URL’s like forum.yadayada.com . I had a customer with the same spam , so I investigated it. Harmless but junk traffic.
[…] https://210mike.com/buttons-for-website/ […]
Hi Mike,
Crazy that people can spook the web like this – semalt, buttons, who will come along next?
Perhaps Infinity’s tactics should become the norm – redirect back to host en mass (love it)
Hey Jeremy,
I completely agree. I do like the idea of sending the traffic back to the host. I may try this the next time a crawler decides to be a pain in my arse!
Alas, I thought my stats were increasing! Bummer to discover otherwise, but thank you for writing this timely post. I’m on WordPress.com, but will reach out to WP support. Thank you for solving the mystery!
HI Melanie,
No problem! I am so glad to find that you thought it was useful. Keep up the work on your site and I am sure your traffic will increase (the good kind of traffic) π
Hi Mike, thank you for sharing how to solve this issue, so if I understand this correctly I add this two codes on the bottom part of my htacess to block the referrals?
# Block visits from semalt.com
RewriteEngine on
RewriteCond %{HTTP_REFERER} ^https://([^.]+\.)*semalt\.com [NC]
RewriteRule (.*) https://www.semalt.com [R=301,L]
# block referer spam
RewriteEngine On
RewriteCond %{HTTP_REFERER} buttons\-for\-website\.com
RewriteRule ^.* – [F,L]
HI Jenny,
No problem! And yes, that looks correct and should do the trick. If you need anything else, let me know!
Sorry Mike I’m a newbie at this I have one last question! Just checked out my htacess and I’m just confused on where the code. Could I add the code before the “end wordpress” or should be after the code “RewriteEngine on”? Thank you again!
# BEGIN W3TC Browser Cache
Bunch of code here
# END W3TC Browser Cache
# BEGIN W3TC Page Cache core
Bunch of code
# END W3TC Page Cache core
# BEGIN WordPress
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ – [L]
# uploaded files
RewriteRule ^([_0-9a-zA-Z-]+/)?files/(.+) wp-includes/ms-files.php?file=$2 [L]
# add a trailing slash to /wp-admin
RewriteRule ^([_0-9a-zA-Z-]+/)?wp-admin$ $1wp-admin/ [R=301,L]
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ – [L]
RewriteRule ^[_0-9a-zA-Z-]+/(wp-(content|admin|includes).*) $1 [L]
RewriteRule ^[_0-9a-zA-Z-]+/(.*\.php)$ $1 [L]
RewriteRule . index.php [L]
# END WordPress
Hey Jenny,
No problem. You can place it before “# Begin WordPress” starts up at the top and below your W3 cache rules. This should work fine. If you for some reason make a mistake, you will get a 500 error and you will need to simply remove the added code
Hello do you have a suggestion for a website hosted by weebly?
Hey Heidi!
Great question! Unfortunately, Weebly handles their own server side traffic it seems. You would have to contact them directly and ask them about blocking such referrer spam. However, from my limited research, it seems they will just tell you to “ignore” it rather than solve the issue. But good luck with that and consider coming to WordPress π
Thanks for the post Mike, I have made the necessary changes on my .htaccess
I noticed other domains as well have a look below
#Begin of denying spam referrals
SetEnvIfNoCase Referer darodar.com spambot=yes
SetEnvIfNoCase Referer buttons-for-website.com spambot=yes
SetEnvIfNoCase Referer make-money-online.7makemoneyonline.com spambot=yes
SetEnvIfNoCase Referer st3.cwl.yahoo.com spambot=yes
SetEnvIfNoCase Referer semalt.com spambot=yes
SetEnvIfNoCase Referer foxtechfpv.com spambot=yes
SetEnvIfNoCase Referer sound.ru spambot=yes
SetEnvIfNoCase Referer descargar-musica-gratis.net spambot=yes
SetEnvIfNoCase Referer icelinkjewelry.com spambot=yes
SetEnvIfNoCase Referer financialconsultant.asia spambot=yes
SetEnvIfNoCase Referer waterfallscanopy.com spambot=yes
SetEnvIfNoCase Referer musica.descargar-musica-gratis.net spambot=yes
SetEnvIfNoCase Referer youtube-downloader.savetubevideo.com spambot=yes
SetEnvIfNoCase Referer henfruit.co.uk spambot=yes
SetEnvIfNoCase Referer musicas.kambasoft.com spambot=yes
SetEnvIfNoCase Referer sound.ru spambot=yes
SetEnvIfNoCase Referer shou.tv spambot=yes
SetEnvIfNoCase Referer kisskiss.ch spambot=yes
SetEnvIfNoCase Referer icelinkjewelry.com spambot=yes
SetEnvIfNoCase Referer condomplanet.ch spambot=yes
Order allow,deny
Allow from all
Deny from env=spambot
# End of denying spam referrals
What do you think?
Hey Emali!
This looks good actually and should work well for you. Just remember that adding too many things to htaccess could eventually potentially slow down site performance. But currently this should not be a problem for you.
henfruit.co.uk is Our company’s domain name β are you getting spam referrals from our domain?
Hey Daniel
I have not personally noticed any spam showing up from your domain.
Just weighing in to say that Mike Price was VERY helpful in assisting me with Button for Website and Semalt spam referrers on my WP Engine install. A smooth, painless process to block these spammers. Thanks very much, Mike! Cheers.
Aww thanks TJ! I am happy that I was able to help you. Good luck on your web projects and have a great Christmas!
Hi! I’m experiencing the same issue with site like Semalt, buttons-for-websites and also 7makemoneyonline etc – though not on a WordPress site.. Can I just add them to my referral exclusion list on Google Analytics? Would this work, and are there any issues with doing this? I’m not a developer so am looking for an alternative to the suggestions here.
Thanks guys!
Hi Jen,
You can definitely add them to your exclusion list on GA but that will not prevent the actual traffic to your site. It will simply remove them from your analytics report. So, this is totally up to you as to how to handle this.
Hi Mike,
I’m using WordPress and I have a simple question.
Should I place all the code here in a single bracket
OR…
Should I place code in separate brackets for every redirect.
# Block visits from semalt.com
RewriteEngine on
RewriteCond %{HTTP_REFERER} ^https://([^.]+\.)*semalt\.com [NC]
RewriteRule (.*) https://www.semalt.com [R=301,L]
# block referer spam
RewriteEngine On
RewriteCond %{HTTP_REFERER} buttons\-for\-website\.com
RewriteRule ^.* β [F,L]
Thank you! π
Hi Mike,
Please ignore my previous comment.
I’m using WordPress and I have a simple question.
….If Module mod_rewrite.c…
Should I place all the code here in a single bracket
…If Module…
OR…
Should I place code in separate brackets for every redirect.
….If Module mod_rewrite.c…
# Block visits from semalt.com
RewriteEngine on
RewriteCond %{HTTP_REFERER} ^https://([^.]+\.)*semalt\.com [NC]
RewriteRule (.*) https://www.semalt.com [R=301,L]
…If Module…
….If Module mod_rewrite.c…
# block referer spam
RewriteEngine On
RewriteCond %{HTTP_REFERER} buttons\-for\-website\.com
RewriteRule ^.* β [F,L]
…If Module…
Thank you! π
Hey Ahsan,
You can do this either way you would like. Some prefer to separate them out but some like to put them into one long bracket. Hope this helps!
I have a huge amount of referrer traffic from buttons-for-websites and semalt, too. I have also started to see traffic from darodar (which resolves to alibaba express). What is there end game for sending all this? Do they think we’ll look at their pages and buy their products?
Does anyone know if the “all-in-one-SEO” plug in will rewrite the .htaccess file? Has anyone ever heard of an .htaccess file getting hacked? Or I added the code to rewrite the incoming traffic about two weeks ago and the spam referrals stopped. Today, i noticed more spam from buttons for websites in Google analytics. Now my .htaccess file and its is blank. I’m on tech support with my hosting provider now to see if they can check the logs. Just wanted to see if anyone else had that issue.
Hey Bill,
It is possible that All in one Seo rewrites htaccess as I know some of the SEO plugins do. As far as the darodar, I wouldn’t worry much about it except for excluding this on Google Analytics side because apparently these never actually visit your site but just hijack your Analytics code and piggy back off it. At least this is what I have read.
I was also getting referral spam traffic from Semalt and button-for-website when i started by brand new blog but after some days i realize that there is no backlink so why i’m getting this bullshit traffic and i blocked both site’s refferals via HTACCESS.
Thanks for Sharing!
Nikul,
No problem, so glad that you found this helpful. Take care!
Why does it happen? Why these spam visitors? I can’t understand the reason…what do they earn from “visiting” websites? I created my website and after a While I started to receive “Visits from Darodar, Iloveitaly and now blackthatworth!!! I can’t understand their reason…I put the filter on Analytics…
Hey Giorgio
Great question. Its annoying for sure and with Darodar spam specifically, they never visit your actual site but hijack your Google Analytics code for their use. Here is more information as to why they actually do this:
https://www.tythewebguy.com/how-to-block-darodar-referral-spam-to-your-website/
Hope this helps!
Hi All,
Another option is to just exclude these from your Google Analytics reports using segments. This is a great article that walks you through the process for semalt.com: https://priteshpatel.me/how-to-exclude-traffic-from-semalt-com-in-google-analytics-using-a-simple-filter/
Aloha!
Thanks for posting this solution as well. I didn’t mention it in my article because this doesn’t solve the issue of the actual traffic hit to your site. For some hosts like mine, you have to pay for each visitor including bots/spam so I like to stop it all together π
Hey Jillyn
Thanks for linking! I must say that the method shown in the video is for the Classic Google Analytics.
If you are using Universal Analytics then you just need to add the domain to the Referral Exclusion List in the Admin area (under tracking info). Really simple.
Worth also checking out this post to help keep up to date with new spam referrers: https://lonegoatuk.tumblr.com/post/107307494431/google-analytics-referral-spambot-list
Hey Pritesh,
Thank you for sharing! Good information to know.
From the month of December 2014 even my website started receiving referral traffic from Darodar, make money online, priceg, ilovevitaly, semalt, button for website, then I started searching for some solution to block these. Found your blog and made necessary changes in FTP access, now am not getting any traffic from these sites. From last week some new spam bot started showing in referral traffic, its something called blackhatworth.com. Hope I have to follow same steps for this bot also.
Hey Karen,
Sorry to hear this. But actually, Daroder and BlackHatWorth are the same spam group and they are not visiting your actual website. What they are doing is using your Google analytics code to show up in your reporting. But they are not really hitting your site.
Here is more information on this type of spam, which is called Ghost referrals:
https://www.analyticsedge.com/2014/12/removing-referral-spam-google-analytics/
https://www.tythewebguy.com/how-to-block-darodar-referral-spam-to-your-website/
[…] found Mike Priceβs post about this and learned that it was referral spam. Upon further research, I discovered that websites like this […]
[…] are just starting to take more notice of it. While some referral spam can easily be blocked with rewrite rules, some cannot […]
Hi Guys,
I’m having the same issues with the same sites (semalt, daroder and buttons for websites) but being a novice at web design I wondered if anyone could tell me how I go about making the changes Mike suggested to a Weebly site. Do I need to contact them or can I put the code in some place myself?
Hey Jules,
Daorder can’t be blocked using this method. Please see this article : https://210mike.com/block-ghost-referral-spam/ . As far as the others, you will need to contact Weebly but I doubt that they will block this for you. Unfortunately, there is no way for you to do this yourself on their platform. Good luck!
That’s a shame, thanks for your help anyway!
Jules
No problem at all Jules. Good luck!
Hi Mike,
I also had visits from these spam crawlers and before a moth ago I blocked their ip addresses via wordfence plugin, but for some reason, they found some way to pass this restriction, so I guess I’ll have to bloc them like you suggested. I just wonder, since my crawler comes from semalt.semalt.com site (other guys had semalt.com) is this code correct:
# Block visits from semalt.semalt.com
RewriteEngine on
RewriteCond %{HTTP_REFERER} ^https://([^.]+\.)*semalt\.semalt\.com [NC]
RewriteRule (.*) https://www.semalt.semalt.com [R=301,L]
# block referer spam
RewriteEngine On
RewriteCond %{HTTP_REFERER} buttons\-for\-website\.com
RewriteRule ^.* β [F,L]
and thanks for the darodar explanation π
HI Jasmin,
You can do this:
# BLOCK SITE REFERRERS
RewriteEngine on
RewriteCond %{HTTP_REFERER} semalt\.semalt\.com [NC]
RewriteRule .* – [F]
Hi Mike, thanks for this! On this Worpress forum page (https://wordpress.org/support/topic/buttons-for-websitecom/page/2?replies=47#post-6498949), this code was suggested (added to htaccess), and it’s working for me:
SetEnvIfNoCase Referer buttons-for-website.com spambot=yes
Order allow,deny
Allow from all
Deny from env=spambot
All this is way over my head, and I’m just curious, how does this differ from
RewriteEngine On
RewriteCond %{HTTP_REFERER} buttons\-for\-website\.com
RewriteRule ^.* – [F,L]
?
Are these two ways of accomplishing the same thing, or are there some important differences?
Thanks much!
Hey Dave,
Basically its just to ways in Apache to solve the same problem. You can see that both cases work to block the referrers:
https://www.askapache.com/htaccess/blocking-bad-bots-and-scrapers-with-htaccess.html
Hope that helps!
Thanks Mike, good to know, and thanks for the link if I feel the need to dig in.
No problem at all!
Does anyone know if there is a plugin that does this for those of us that get queasy at the thought of editing key system files each time this comes up?
Hi Tom,
Unfortunately, I have searched plenty and have come up empty for a plugin to do such a thing.
[…] this time I’m also seeing a lot of traffic from the referrer buttons-for-website.com, this is another spam referrer you may want to block using the same methods […]
Hello and THANK YOU for this article! I use Zenfolio…could you tell me how to stop the buttons and semalt traffic? THANKS!
Hi Brittany,
Glad you found the article useful! Unfortunately, I am a WordPress guy and don’t know a lot about Zenfolio. However, it seems they don’t give you access to anything like htaccess file etc. You would need to contact them directly for help:
https://www.zenfolio.com/z/help/support-center#/
Maybe they will be able to provide assistance but it also might be something that you will only be able to filter in your Google analytics reporting. Good luck!
Thanks Mike, your information is so valuable. Everyday my site always get traffic from button-for-website, but after I click the link that is a spam. And I’m glad to reach your posting about this. It’s so helpful.
Thanks again Mike.
Hey Ahmad,
Thanks so much, glad this was helpful information for you! π
[…] saya nanya aja mbah Google,Β apa sih buttons-for-website? Yang saya dapatkan posting terkait buttons-for-website spam yang dijelaskan oleh Mike Price di situsnya. Dia pun sama pernah mengalami kejadian seperti […]
Thanks for the post Mike. It was very helpful for me and my ecommerce site, non word press. Great comment support as well.
Hey Chris,
So glad to hear this was helpful for you. Thank you for the kind comments π
[…] also are some more technical ways to actually try to block those bots in the first place (from 210mike.com).Please note, this doesn’t work for all ghost […]