A common question from publishers and AdSense users in our support desk is how they can prevent click fraud. In other words, a visitor clicks on the embedded AdSense ads excessively, thus risking that your account will be closed.
If you have been around for a while, you probably feel that once an AdSense account is gone, you will never be able to get it back. Therefore, it is more than reasonable to protect it, especially against issues you can’t control.
Since this question comes up regularly, I dug deeper into the topic of click fraud and click bombing. I will discuss the real danger behind it and point out solutions.
Table of Contents
I am writing from two perspectives. First, I was a publisher with millions of page impressions per month that I have monetized with ads from networks like AdSense. Second, I am the developer of Advanced Ads. So this question is also of high interest to me.
What is click fraud?
Click fraud means that a user or machine clicks on an ad with the intention to harm the publisher or advertiser. First, click fraud is a problem for advertisers, the person paying for an ad. Second, it becomes a problem for the publisher when the advertiser or ad network stops paying for ads due to the invalid clicks.
Click Fraud is also happening when you click on ads by yourself or ask someone else to click on AdSense ads on your website.
If your mother clicks multiple times on ads on your website to help you make a living from your dream, even though she meant well, she is also involved in click fraud. It does not harm if she only clicks on ads that interest her.
No need to panic about real accidental clicks on your ads, though. A single click doesn’t make a difference. AdSense calls the mentioned behavior Invalid clicks and impressions and explains it in their program policies like the following:
Clicks on Google ads must result from genuine user interest. Any method that artificially generates clicks or impressions on your Google ads is strictly prohibited. These prohibited methods include, but are not limited to, repeated manual clicks or impressions, automated click and impression generating tools and the use of robots or deceptive software. Please note that clicking your own ads for any reason is prohibited.Google AdSense Program Policies
With the same reasoning, AdSense prohibits encouraging users to click on ads by asking them directly or placing ads where they could be misunderstood for other elements.
What is click bombing?
You could see click bombing just as one form of click fraud. But I thought I’d use a different term to show another motivation behind the problem. This is the one most publishers fear.
If you know that AdSense doesn’t tolerate click fraud and might close your AdSense account without warning and block not only future revenue but also earnings not paid out yet, then your competitors know that too.
Let’s call it “click bombing” when a user clicks on AdSense ads on your site to get your account suspended and you in trouble.
What can you do about click fraud?
The easiest thing you can do is comply with the AdSense rules by not clicking on AdSense ads on your site. You don’t need to be obsessive about telling all your friends and family not to click either. I can say from own experience that most people who wanted to help me with that clicks told me at some point. Then I had a chance to thank and ask them only to click when the ad is appealing.
None of my friends made a lot of clicks, so I was never afraid that they endangered my business.
With people who use click bombing to harm you intentionally, you can, of course, not reason like that.
Since you are not the only publisher who feels powerless about click fraud, many businesses and solutions evolved over the last years.
I have seen some of these companies to advertise with a picture of someone with a mask and the headline to protect your AdSense revenue from potential thieves.
Let’s put the emotional fact aside and look at what these products could really do for you.
How Click Protection works
All the solutions I tested prevent click fraud and click bombing by merely hiding the ad. You can’t click on something you don’t see. They often allow a user to click once on the same ad and only then hide it.
There are two methods to do that.
The second method identifies the user based on her IP address and stores this address in a database table. The user could switch to another browser or maybe even another device and would still not see the same ad.
Both methods can be circumvented and come with drawbacks you should be aware of.
Risks of click fraud protection
Let’s remind us that we are not talking about people who only want your best. They will probably not try to circumvent your protection by all means. But if someone wants to hurt you, they might try harder to find a solution around your click fraud protection.
I checked two solutions built for WordPress for this purpose: click fraud monitoring and invalid click protectors.
Let’s start with the most obvious question. You are trying to protect your AdSense account with a click fraud monitor of any kind. But is that protection itself compliant with the AdSense terms?
Click tracking on AdSense ads
I was starting to look at click fraud monitors to learn how they track those clicks. There are two problems here:
- AdSense does not allow to alter the code and make click tracking easier
- tracking the click before the user leaves your site
The first issue is the most serious here. If AdSense does not allow most kinds of manipulation of their ad code and ad code behavior, developers need to implement some tricks to do it.
This brings us to the second issue. Depending on the method selected, the click might not be tracked in time. Especially when AJAX is used to send the event to the database, the user will be long gone to the advertiser’s page before the information is stored.
In my tests, most clicks that I made like this were not counted. And I was still able to click multiple times – on a dummy ad of course 😉.
Hiding AdSense with CSS
Invalid click protectors are hiding ads using CSS. Don’t worry if you don’t know what CSS is. But if you know the AdSense terms a bit, then this should raise a red flag.
It is forbidden to hide AdSense ads using CSS because that does not prevent them from being loaded and generate an impression. Since AdSense no longer pays per click only, but sometimes also for impressions. You might understand now why this is a violation of their policies and on the same level as click fraud.
Ignoring the problem mentioned above, hiding ads with CSS is also easy to circumvent by anyone who wants it. They could just define custom CSS rules that override hiding the ads in their browser and go on with whatever they intend.
I only tested WordPress plugins here, but I expect external services to work similarly.
Issues with PHP-based tracking
I mentioned the use of IP addresses as another method from click protection software. If they store that information locally and use the server-side language PHP to hide the ad code entirely from your site, a small CSS hack is not enough to harm you anymore.
If they are serious about harming you, they could probably use a bot network that runs different browsers in very different locations (and IP addresses). I don’t know if that is a thing, though, you would need a lot of skill to build that.
There are a few real issues, though, which I only know after experiencing them myself.
Click Fraud and caching
The first issue is caching. If you are using a caching solution, then the chances are high that the page is cached for visitors who should not see ads. The next visitors will see the same, ad-less pages and not be able to click. It could also happen the other way, and a user who should not see ads anymore still does.
Multiple IP addresses
Another issue is the usage of the same IP for sometimes a substantial number of people. I bet most of you are not aware of this. We learned this the hard way when we started to block some IP addresses after making a more significant number of page impressions in a short time.
A lot of visitors complained that they were not able to visit our website anymore. We found out that they lived in an area or worked in a building that shared the same IP address for many users. So when multiple users from the same area visited our site, we detected a thread and blocked them.
In the case of click fraud, this could prevent more users from seeing ads than those who already clicked them.
Server-side techniques to store and evaluate whether a single visitor is a potential threat or not will drain your server’s performance. With a lot of clicks, a table used for that can grow quite large and needs not only performance but also storage.
The Advanced Ads click fraud protection
Advanced Ads provides a lightweight and cache-compatible click fraud protection.
The principle behind this click fraud protection is to hide all ads from a visitor who is suspected of clicking on them too often.
The click fraud protection allows you to define a click limit for each user for a specified period. If this limit is exceeded, all ads for this user will be removed. Really all.
Click on the preview image to load and start the video from YouTube. By clicking you agree that your information will be sent to and processed by YouTube, LLC, 901 Cherry Avenue, San Bruno, CA 94066, USA. Read more
Is Click Fraud a real threat?
If you asked me if click fraud is a problem in general, my answer is definitely YES. Industry reports show that a lot of money is lost by paid clicks that were fraudulent and without any interest in the ad content.
In the case of AdSense, this is a problem for advertisers and ad networks. It is not YOUR problem.
You read it correctly. The reason I am saying that it is not your problem is that AdSense does take care of this for you.
Did you already notice the “Invalid Traffic” reduced from your payments? If your account has more than a few clicks, there is no chance that this value is zero anymore.
Invalid clicks – made for whatever reason – are reduced from your earnings. Well, not cut from the valid revenue, of course, but neutralized as if never happened.
Invalid clicks are not the only kind of invalid Traffic. The wrong implementation of AdSense ads, e.g., in a PopUp, would also count here. So it is worth revising your setup if this amount is significant.
What are Click Fraud Monitoring and solutions worth?
If my websites were targeted by click bombing attacks and my AdSense account would be in real danger, then AdSense-approved click protection would be worth multiple times of what the most expensive solution on the market costs now.
With my experience and the knowledge I have about how these solutions work, the risks they bring with them, and that ad networks take measures to solve the issue on their end. I don’t see a real threat here.
In my years as a publisher, ad consultant, and with our Advanced Ads plugin running on over 100.000 sites right now, I never saw an AdSense account being banned by invalid clicks made from a third person. Maybe that made me naive and ignorant.
What about ads not coming from AdSense?
This article focuses on the pro and cons of using a click fraud monitor with AdSense. But of course, this is not the only ad network.
In September 2015, I visited dmexco in Cologne, the colossal gathering of online marketing and advertising professionals (+55.000 of them). All major ad networks and tech providers were there. I was surprised to find many companies that offer ad security and click fraud protection for ad networks and larger publishers. A lot is happening before ads are reaching out.
I reached out to three ad networks we are currently working with to ask about their measures against click bombing and publishers’ risk. They all confirmed that they look into those cases manually but not had an account that was banned yet.
As Sulvo confirmed, Their more considerable concern is invalid clicks made without an interest in the ad, but by accidental clicks caused by wrong implementations. They are also looking into these cases and work with the publishers on fixing them.
Click Bombing Bots
Our Tracking add-on does not track activity from bots by default. Since the number of bots is continuously increasing, the list of bots can also be extended for your site.
I have no reason to doubt that there are valid cases of blocked AdSense account due to click fraud not initialized by the publisher. Still, I believe that in most cases it is more complex than just a competitor visiting your site and click-bombing your AdSense ads.
A basic click fraud protection could help prevent real accidental clicks before AdSense gets wind of it. Still, there is no solution that could guarantee you one hundred percent safety, especially if you have a very big competitor with endless resources.
If you want to use an extra layer of protection, then please go ahead. This article should give an overview of what you should look out for. The mentioned offers could be updated after publishing this article and becoming more reliable and compliant with AdSense.