How To Prevent Google AdSense Click Bombing and Invalid Traffic in 2022
Picture this: you have started a blog, got some traffic, installed AdSense ads to monetize it, and everything is going well…until suddenly *BOOM* you now have to deal with AdSense click bombing and invalid traffic.
Does that sound familiar?
Well, chances are that if you’re reading this article you might be already dealing with something that’s known as AdSense click bombing.
But even if you’ve not dealt with this before, if you have an AdSense account and monetize a site or a blog using AdSense ads, you might want to continue reading, in order to prevent this from happening to you and risk your account getting banned.
What Is Click Bombing?
Click bombing is what happens when someone with malicious intent visits your site or blog and starts blasting hundreds of clicks on your AdSense ads with the intention of getting your AdSense account suspended.
Google is very strict about their AdSense program policy and explicitly forbids getting clicks on your ads in shady and suspicious ways such as clicking the ads yourself, or asking friends or people on the internet to click on them. If an AdSense account has a very high invalid traffic activity, that will raise some red flags with Google and you might get policy violation strikes on your account and potentially even get your whole AdSense account suspended.
Because of that, if someone wants to harm someone’s else AdSense revenue (for example a competitor, or what I call…a hater), will simply start clicking hundreds of times in a short amount of time on all the ads on a website hoping to get your account banned.
Google is not dumb, they can easily detect when a user clicks on their ads themselves in order to earn a quick dollar, versus when an AdSense account gets click bombed into oblivion.
Even though ultimately the responsibility of a website’s traffic and AdSense revenue is solely on the publisher, there are some steps that you can do in order to minimize the risk of getting your account banned and how to prevent this from happening in the future.
How To Detect If Someone Is Click Bombing Your Ads
Due to the nature of this “attack” it’s pretty easy to detect when click bombing occurs on your AdSense account. You will notice a very high amount of clicks on your ads mostly from the same country.
Ideally you should already have Google Analytics installed on your website (linked to the AdSense account). This way you can easily identify more details about the attack. You will need to know some of this stuff later on (as you will see).
What To Do If Your Site Is Being Click Bombed?
Unfortunately there aren’t many things that you can do to prevent your adsense account from being click bombed. If someone truly wants to sabotage your site and your AdSense account, they will hit you with everything they got.
However there are some solutions to mitigate the risk of having your AdSense account suspended. The first one would be to immediately report the invalid clicks to AdSense, but also to investigate and stop the invalid traffic that is coming to the site.
So let’s break it down, even further and start with reporting the invalid clicks to AdSense.
How to Report Invalid Clicks to AdSense
First thing that it’s a good thing to do is to report the invalid clicks and traffic to Google itself. Sure this seems like shooting yourself in the foot and it might seem like it’s riskier to actually tell Google about this because you might get your account suspended. But from my experience I think that Google prefers it if you come forward and tell them about an issue with the clicks and revenue that you have received on your site.
When I had one of my niche websites click bombed to death by some haters from Taiwan and China, I immediately contacted Google and let them know about this issue.
They never replied (they usually won’t reply back unless it’s a big problem or they need more info) but they simply removed the revenue that was generated using click bombing from my account and counted it as invalid clicks and then paid me.
So nothing bad really happened, I didn’t got my account suspended and I also got paid for the legit traffic and clicks for that month.
You can report your invalid traffic and clicks to Google by going to their official help page here.
Make sure to give them as many data and info as possible, such as the exact date and time that it happened, the user IP address (if you have them), the countries or cities, the devices, etc.
Like I said all the info you can get from Analytics is pretty instrumental in fighting click bombing attacks.
How to Stop Click Bombing and Invalid Traffic in AdSense
Reporting the invalid traffic and click bombed ads to Google is a start, but it’s not enough. You need to try and stop the source of the attack as fast as possible if you want to avoid lost revenue and prevent your AdSense account from getting suspended.
The best way to do that is to block the access to the website of the users and IP addresses that are click bombing your AdSense ads.
With the help of a few plugins and tools you can easily achieve this. In fact I went so far as to block entire countries all together from viewing most of my AdSense sites.
Below I’m going to go a bit in-depth into these methods.
How To Protect Adsense Account from Click Bombing
1. Use WordPress Plugins
There are a couple of WordPress plugins that you can use to try and prevent click bombing from happening, especially if you have started a blog on WordPress.
First plugin I suggest you to install would is: WordFence. With WordFence you can enable an option to see all the live traffic that is entering your website, complete with details about the user such as: location, device model, IP address, the traffic / websites that it’s coming from, exact date and time when they entered the site, and more.
This is super helpful info to have because you can’t see the IPs of users in Google Analytics.
Not only that, but you can choose to block IPs of shady users with a click of a mouse directly from inside the Live traffic tool of the WordFence plugin.
Let’s say tomorrow you open up your AdSense account to check your revenue for the day. Instead of the usual daily ads revenue that you’re used with, you immediately notice a huge increase in money and clicks that seem to come out of nowhere.
What’s more interesting they might be all coming from one country (you can check that easily in AdSense and in Analytics).
Maybe a country that your site is not usually getting any traffic or revenue from (such as in my case with Taiwan).
At that point if you’re using WordFence you can log into your WordPress dashboard and go to the Live Traffic Tool and check out the activity on your site for the past 24 hours (or more), and see if anything shady is going on.
If you suspect that your site is getting click bombed you can then proceed to block the IPs from ever accessing your blog.
You can also use BlackHole for Bad Bots to block known malicious bots from scraping and randomly clicking on your site.
Another good plugin to use would be Ad Invalid Click Protector, this plugin will give you a code to wrap your already existing AdSense ad units code into, and you can configure it so that ads are only shown 1 or 2 times in the span of 24 hours (or less) to users.
This is an awesome plugin that can deal wonderfully with the click bombing issue, however a big downside is that it only works for desktop traffic, if the invalid and fraudulent traffic is generated from a mobile device then the plugin won’t work in protecting your ads.
2. Use Cloudflare
Another great solution to protect your AdSense account from click bombing is by using a service such as Cloudflare.
Cloudflare is mainly used by large websites that are dealing with DDoS traffic but also smaller sites looking to optimize the speed and security of their site.
With Cloudflare you can set up the firewall on the “under attack” mode, and this will make it so that every user entering your website will have to get verified first by either a Captcha service or automatically via a browser integrity check.
If the user (or the bot) doesn’t pass the verifications, then they will simply not be able to access your site, and so they won’t be able to click bomb your ads.
One other way you can use Cloudflare is to block IPs, or even entire countries from ever accessing your websites.
If you’re noticing a ton of invalid traffic and clicks from specific countries you can take the drastic decision and block the whole country all together (provided that it won’t affect your revenue too much).
3. Restrict Traffic via .htaccess
If your site is not running on WordPress (or if you don’t want to install extra plugins), and Cloudflare is not a good fit for you also, then you can choose to block users from your site via your .htaccess file.
Of course this method only works if you’re website is running on an Apache server and you know what you’re doing.
I don’t bother with htaccess edits myself since all my sites run on Nginx not on Apache, but you can follow this tutorial if you want to know how to do this on a server level.
4. Don’t Buy Shady Traffic
Another good tip to avoid invalid traffic and protect your AdSense account from click fraud is to make sure that your website is only getting legit and quality traffic.
I’ve wrote an extensive list of my cheap website traffic sources that you can check out if you want, but to make a long story short: Don’t buy crap and cheap traffic from stupid sites that promise you 50k visits for $5. That’s all bot and fake and will put your AdSense account at risk.
Stay away from bux traffic, exchange traffic, pop traffic (for websites monetized with AdSense ads), doorway traffic, incentivized traffic, adult and warez sites, and pretty much any other site with questionable content.
5. Constantly Monitor Your Traffic
Not only you need to buy or get free traffic from legit places, you also need to constantly monitor your AdSense account and website traffic.
This is the best way to ensure that if someone decides to sabotage your site and click bomb your ads to death, you can catch the attack early in it’s tracks and put an end to it immediately by either removing the ads or implementing some of the methods I’ve talked above.
If you’re also doing AdSense Arbitrage and you buy a huge amount of traffic on a regular basis I suggest you to always have analytics open on the Real Time traffic tab and another tab in your browser with AdSense on a refresh.
Well, that’s it for now. Look, I know that getting click bombed is a scary thing to go through, we’re all fearful and protective of our AdSense accounts, but trust me, Google is not stupid.
They know when it’s click fraud (you or your friends clicking on ads), vs when someone is sabotaging (or click bombing) your ads.
At the end of the day, we’re the only ones responsible for our website traffic and indirectly for the people that click on the ads, sure it doesn’t seem fair since there’s little that we can do to prevent this from happening all together. But we can rest easy knowing that most of the times nothing will ever happen to your AdSense account other than Google getting a refund for the fake clicks and invalid traffic at the end of the month.
Hope this helps, and if you have any extra tips on how to deal and avoid getting click bombed on Google AdSense, please leave a comment.
Very useful article and we ended up using cloudflare. Thank you friend.
Glad to hear Cloudflare helped. It’s usually my first go-to as well.
To say the fact, content on this about Adsense is very amazing and informative. Thanks for this
Thanks for reading. 🙂
Click bombing and bot traffic is the only real bad downside of Google and Bing ads. Helping to understand how to prevent and stop it like you show… 10/10 is actually helpful content for people. Good stuff my friend!
Hi Jon, thanks for reading 🙂