This post was most recently updated on September 5th, 2023
There are many ways to make money through your blog or website. You may be selling your own product or service (in which case, working out how to find affiliates for your product can be valuable), or your business model may center around making money from your site itself. If the second one is true, you probably have experience with hosting ads on your site and monetizing them via a Google AdSense account. This is a great way of generating passive income.
However, monetizing ads is not without its challenges. As amazing as it would be if you could simply set up ads on your site, sit back, and watch the money roll in, unfortunately, there may be problems to deal with. One of the most common, frustrating, and potentially destructive problems is known as click bombing.
If your customized videos or website includes AdSense ads, you receive a small payment every time somebody clicks on one. However, Google’s AdSense policy prohibits certain ways of getting clicks, including clicking on your ads yourself or requesting that other people click on them. Clicks that have been acquired this way are considered invalid traffic and can lead to your AdSense account receiving “strikes” for violating policy or even getting suspended entirely.
Click bombing is when an individual deliberately clicks repeatedly on ads on your site in an attempt to create this invalid traffic and cause Google to punish the account holder (in this case, you). Click bombers have managed to get many accounts suspended, cutting off a valuable (and for many, the only) source of revenue for many site owners.
Click bombers may be competitors or people who feel wronged by the account holder and want to take revenge or do not want their business to succeed for any other reason. Click bombers may be individuals, bots, or even sophisticated botnets.
There are ways to tell if you are a victim of click bombing. The first thing to do is to log in to your AdSense account and check the reports. For example, if you notice an abnormally high number of clicks in a very short span of time, this might mean that somebody has been having a click bombing session. If these clicks are all coming from the same country, this could be even more evidence.
If you use Google Analytics on your site (which, for various reasons, is highly recommended), you can find even more details about potential click bombing. For example, if the bounce rate is 100% from all of the suspicious clicks, this could be a sign of click bombing. Click bombers (whether bots or humans) are unlikely to spend much time on sites either, so this is another potential sign of invalid traffic.
Thankfully, there are ways to reduce the chances of your site becoming a victim of click bombing. Here are a few tricks.
There are countless sites selling cheap website traffic online. These sites can be very tempting, as they often promise huge increases in web traffic in return for relatively small (sometimes one-off) payments. Although buying cheap website traffic is a lot easier than doing the work to increase traffic organically, there can be significant drawbacks.
Cheap traffic usually comes from bots, and these bots are not necessarily used simply to increase traffic—in some cases, these bots can even carry out click bombing. If you want to increase your web traffic, investing in things like referral marketing software is usually a better bet than purchasing traffic itself.
Clicking ads on your website yourself may seem like an easy way of generating income via AdSense, but it is actually very likely to be flagged as invalid traffic. Don’t click bomb yourself or ask others to do it for you!
Although you probably do not want to get rid of ads on your site if they are an important part of your business model, it may be worth temporarily disabling ads if you are a victim of an ongoing click bombing campaign. Doing this can help you to avoid your AdSense account being suspended, and click bombers may abandon your site. Although they may return once your ads are enabled again, you can use this time to go through the following steps and strengthen your defenses in preparation.
There are a few WordPress plugins that can be used to help you to avoid click bombing. The plugin WordFence gives you an advantage over Google Analytics (although you should still be using Analytics as well!) in that it allows you to see the IP addresses of site visitors. You can block the IPs of users from accessing your site if you suspect these users of click bombing. Cross-referencing this data with your Google Analytics data can help you to get an accurate picture of which users are click bombing. Sometimes click bombing is carried out by bots rather than human users. In this case, a WordPress plugin called BlackHole for Bad Bots has an extensive blocklist of known bots and can prevent them from accessing your site.
Ad Invalid Click Protector is another useful WordPress plugin. This plugin allows you to configure the code of your ads so that they are only shown to each user once or twice within the same day. This stops desktop users (unfortunately this plugin does not yet work on mobile users) repeatedly refreshing the page to click bomb your ads. The Who Sees Ads plugin can actually alter which users are shown ads at all. For example, you can choose to only display ads to site visitors who have come from search engines (and are therefore more likely to be valid traffic). Using multiple WordPress plugins alongside each other can cover more bases in your fight against click bombing. If your site is hosted on premises vs cloud, you may need to use non-WordPress plugins.
There are other ways to restrict traffic to your site if you are unable to use plugins (for example, if your site is not hosted on WordPress or similar blogging platforms). If you have somebody with the required technical knowledge on your team, you could alter the site’s code to only show ads to visitors from search engines, prevent multiple clicks from one IP address, or even restrict access to your site entirely from certain countries. If you identify a click bomber, you could block that specific user from your site using its .htaccess file.
In fact, there are other benefits to building and hosting your own site or app. If you or somebody else on your team knows how to build an app from scratch, you may have even more command in customizing coding to prevent click bombing.
Building your own app is not necessarily that difficult. If this is something you are interested in, there is composable architecture available online that can help you massively with the process.
If you want to restrict site traffic without using either WordPress plugins or coding the site itself, you could use Cloudflare. Cloudflare is a service that allows you to set up a firewall that verifies users’ identities via Captcha or a browser check. Bots are unlikely to get through this firewall! You can also use Cloudflare to block specific IPs or even countries from accessing your site.
Avoiding click bombing is an ongoing task. Monitoring your traffic regularly is a good way to catch any potential click bombers before they can do real damage. Tools such as Google Analytics and WordFence are particularly useful. There are many more traffic monitoring tools available but not all are reliable, so do your own research before installing anything.
Click bombing is often carried out by dissatisfied site users. Just like how frustrated customers often spread the word about their negative experiences in order to harm a business’s profits, frustrated site users may engage in click bombing for similar reasons. Businesses often set up customer service contact centers as a way to address customer issues and avoid this happening.
If your site is selling a product or service, you can take action to prevent site users from becoming frustrated. For example, one of the benefits of using chatbots is that users can express complaints in a productive, non-destructive way. Even if your site is a simple blog that is not selling anything, you should still foster positive relationships with site users.
It may seem risky to report invalid traffic to Google—after all, they are the ones who could potentially shut down your AdSense account as a result of click bombing! However, reporting click bombing actually reduces the chance of your account being suspended. Google prefers users to be honest if their site is being click bombed, and they will usually simply remove the revenue from these specific clicks rather than suspending your account.
You can report invalid traffic to Google via their Invalid Clicks Contact Form. Simply fill out each field with as much information as you have—for example, users’ IP addresses obtained via WordFence can be especially useful. This enables Google to deal with the problem as quickly as possible without penalizing you.
While there is no surefire way of eliminating any chances of click bombing entirely, following the above steps and keeping a close eye on your traffic can significantly reduce the chances and impact of potential invalid traffic to your site.
Sam O’Brien is the Chief Marketing Officer for Affise—a Global SaaS Partner Marketing Solution. He is a growth affiliate marketing expert with a product management and design background. Sam has a passion for innovation, growth, and marketing technology. Sam O’Brien also published articles for domains such as Demio and VWO. Here is his LinkedIn.
Meet Aleesha Jacob, the #1 B2B AdTech Content and SEO Marketer with over 7 years of experience in crafting data-driven content that fuels conversions for SAAS businesses. Having worked with SAAS companies and clients like BMW and Heineken, Aleesha brings a wealth of expertise. With her unmatched skills in creating compelling content, she helps businesses of all sizes drive more leads & maximize revenue.
Here’s the course that 300+ pubs used to scale their ad revenue.
Paid to Publishers
Ad Requests Monthly