A common question from publishers and AdSense users in our support desk is how they can prevent visitors from click fraud – a user clicking extensively on their AdSense ads and risk their account being closed.

If you have been around for a while, then you probably get the feeling that once an AdSense account is gone, you will never be able to get it back.

Click Fraud

Therefore, it is more than normal that you want to protect it, especially against issues you can’t control.

Since this question comes up regularly, I dug deeper into the topic of click fraud and click bombing, the real danger, and solutions behind it.

I am writing from two perspectives here: first, I am a publisher with millions of page impressions per month monetized with ads from networks like AdSense. Second, I am the developer of Advanced Ads, the ad management solution for WordPress. So this question is also of high interest to me.

Are you looking for an AdSense alternative? Try out Sulvo, the ad serving partner we suggest to all of our clients.

Apply now

What is click fraud?

The problem of click fraud is only yours when your account is banned. From the perspective of AdSense, it is about protecting advertisers from paying for clicks that are not made out of genuine interest for the ad content but to either earn more money or harm the advertiser.

Click fraud is also happening when you click on ads yourself or ask someone else to click on AdSense ads on your home page.

And even though she meant well, if your mother clicks multiple times on ads on your website to help you make a living from your dream then she is also involved in click fraud. No harm is done if she only clicks on ads they interest her, though.

No need to panic about real accidental clicks on your ads though. A single click doesn’t make a difference.

AdSense calls the mentioned behavior Invalid clicks and impressions and explains it in their program policies like following:

Clicks on Google ads must result from genuine user interest. Any method that artificially generates clicks or impressions on your Google ads is strictly prohibited. These prohibited methods include, but are not limited to, repeated manual clicks or impressions, automated click and impression generating tools and the use of robots or deceptive software. Please note that clicking your own ads for any reason is prohibited.

With the same reasoning, you are also not allowed to encourage users for clicking on ads either by asking them directly or placing ads where they could be misunderstood for other elements.

What is click bombing?

You could see click bombing just as one form of click fraud, but I thought I’d use a different term to show another motivation behind the problem. This is the one most publishers fear.

If you know that AdSense doesn’t tolerate click fraud and might close your AdSense account without warning and block not only future revenue but also earnings not paid out yet, then your competitors know that, too.

Let’s call it “click bombing” when a user clicks on AdSense ads on your site to get your account suspended and you in trouble.

Your first step to increase your ad revenue

Subscribe to my monthly newsletter and get additional ad optimization tips to boost your ad revenue. It is free and you can opt out at any time.

What can you do about click fraud?

The easiest thing you can do is to comply with the AdSense rules by not clicking on AdSense ads on your site. You don’t need to be obsessive about telling all your friends and family not to click either. I can say from my own experience that most people who wanted to help me like that told me at some point and then I had a chance to thank and ask them only to click when the ad is interesting for them.

None of them actually made a lot of clicks, so I was never afraid that they endangered my business.

With people who use click bombing to harm you intentionally, you can of course not reason like that. And the feeling of being powerless has helped a lot of solutions to evolve over the last years.

Once I visited their sites, I am now retargeted by their online ads with dark monospace font types and people with masks who try to steal my earnings and AdSense accounts.

These ads and offers all claim that they can protect me against click fraud. While I believe that there could be a solution that prevents visitors from clicking multiple times on the same ad, they all come with a price.

I am not only referring to money here, but also to others risks. They range from preventing valid clicks to not being AdSense compliant and therefore risk your AdSense account after all.

How Click Protection works

All the solutions I tested prevent click fraud and click bombing by simply hiding the ad. You can’t click on something you don’t see.

They often allow a user to click once on the same ad and only then hide it.

There are two methods to do that.

The first is by hiding the ad using JavaScript in the user’s browser. This means that the same user would not see the ad for some time as long as he uses the same browser.

The second method identifies the user based on her IP address and stores this address in a table. The user could switch to another browser or maybe even another device and would still not see the same ad.

Both methods can be circumvented and come with drawbacks you should be aware of.

Risks of click fraud protection

Let’s remind us that we are not talking about people who only want your best. They will probably not try to circumvent your protection by all means. If someone really wants to hurt you, they might try harder to find a solution around your protection.

I checked two solutions built for WordPress for this purpose: Click Fraud Monitoring and Invalid Click Protector.

Let’s start with the most obvious question. You are trying to protect your AdSense account with a click fraud monitor of any kind, but is that protection itself compliant with the AdSense terms?

Click tracking on AdSense ads

The reason I was starting to look at click fraud monitors was to learn how they track those clicks. There are two problems here:

  1. AdSense does not allow to alter the code and make click tracking easier
  2. tracking the click before the user leaves your site

The first issue is the most serious here. If AdSense does not allow most kinds of manipulation of their ad code and ad code behavior, developers need to implement some tricks to actually do it.

This brings us to the second issue. Depending on the method selected, the click might not be tracked in time. Especially, when AJAX is used to send the event to the database, the user will be long gone to the advertiser’s page before the information is stored.

In my tests, most clicks I made like this were not counted and I was still able to click multiple times – on a dummy ad of course 😉

Hiding AdSense with CSS

Invalid Click Protector is hiding ads using CSS. Don’t worry of you don’t know what CSS is, but if you know the AdSense terms a bit then this should raise a red flag.

It is forbidden to hide AdSense ads using CSS because that does not prevent them from being loaded and technically generate an impression.

Since AdSense no longer pays per click only, but sometimes also for impressions. You might understand now why this is a violation of their policies and on the same level as click fraud.

Ignoring the problem mentioned above, hiding ads with CSS is also easy to circumvent by anyone who wants it. They could just define custom CSS rules that override hiding the ads in their browser and go on with whatever they intend.

I only tested WordPress plugins here, but I expect external services to work similarly.

Issues with PHP-based tracking

I mentioned the use of IP addresses as another method from click protection software. If they store that information locally and use the server-side language PHP to hide the ad code completely from your site, a small CSS hack is not enough to harm you anymore.

If they are serious about harming you, they could probably use a bot network that runs different browsers in very different locations (and IP addresses). I don’t know if that is a thing though and there is a lot of skill needed to build that.

There are a few real issues though which I only know after experiencing them myself.

Click Fraud and caching

The first issue is caching. If you are using a caching solution, then chances are high that the page is cached for a visitor who should not see ads. The next visitors will see the same, ad-less pages and not be able to click. It could also happen the other way around, and a user who should not see ads anymore still does.

Multiple IP addresses

Another issue – and I bet most of you are not aware of this – is the usage of the same IP for sometimes a substantial number of people. We learned this the hard way when we started to block some IP addresses after they made a larger number of page impressions in a very short time.

A lot of visitors complained that they were not able to visit our website anymore. We found out that they lived in an area or worked in a building that shared the same IP address for a lot of users. So when multiple users from the same area visited our site, we detected a thread.

In case of click fraud, this could prevent more users from seeing your ads than those who already clicked on them. This might not be significant to you but shows that the devil is in the details.

Privacy

Do you care about Privacy? Maybe you don’t, but in a lot of countries, you are not allowed to track IP addresses from your visitors. At least, you need to make them aware of this in your privacy policy.

Performance

Especially with the use of server-side techniques to store and evaluate whether a single visitor is a potential threat or not will drain your performance. With a lot of clicks, a table used for that can grow quite large and needs not only performance but also storage.

Is Click Fraud a real threat?

If you asked me if click fraud is a problem in general, then my answer is definitely YES. Industry reports show that a lot of money is lost by paid clicks that were made without interest in the ad content.

In case of AdSense, this is a problem for advertisers and ad networks. It is not YOUR problem.

You read correctly. The reason I am saying that it is not your problem is that AdSense does take care of this for you.

Did you already notice the “Invalid Traffic” reduced from your payments? If your account has more than a few clicks, then there is a chance that this value is not zero anymore.

Invalid clicks – made for whatever reason – are reduced from your earnings. Well, not reduced from the valid revenue of course, but neutralized as if never happened.

Invalid clicks are not the only kind of invalid Traffic. A wrong implementation of AdSense ads, e.g., in a PopUp would also count here, so it is worth revising your setup if this amount is significant.

What are Click Fraud Monitoring and solutions worth?

If my websites were targeted by click bombing attacks and my AdSense account would be in real danger, then an AdSense-approved click protection would be worth multiple times of what the most expensive solution on the market costs now.

With my experience and the knowledge I have about how these solutions work, the risks they bring with them, and that ad networks take measures to solve the issue on their end. I don’t see a real threat here.

I must also say that in my years as a publisher, ad consultant and with our Advanced Ads plugin running on over 40.000 sites right now, I never saw an AdSense account being banned by invalid clicks made from a third person. Maybe that made me naive and ignorant.

What about ads not coming from AdSense?

This article focusses on pro and cons of using a click fraud monitor with AdSense, but of course, this is not the only ad network.

In September 2015 I visited dmexco in Cologne, the huge gathering of online marketing and advertising professionals (+55.000 of them). All major ad networks and tech providers were there. I was surprised to find many companies that offer ad security and click fraud protection for ad networks and larger publishers. There is a lot happening before ads are reaching out.

I reached out to three ad networks we are currently working with to ask them about their measures against click bombing and the risk for publishers. They all confirmed that they look into those cases manually, but not had an account that was banned yet.

As Sulvo confirmed, Their larger concern is invalid clicks made without an interest in the ad, but by accidental clicks caused by wrong implementations of the ads. They are also looking into these cases and work with the publishers on fixing them.

Click Bombing Bots

How much can an automatic bot harm your AdSense account? The answer is simple: it is very unlikely that this could be a problem because bots can not even load AdSense ads since they typically don’t execute JavaScript. Hence, there is no risk from them.

Still, bots could be a problem if you are hosting static ad content (like images) on your site and have a non-JavaScript based impression and click tracking. Even harmless bots that crawl your site for search engines or other services can produce impressions and even clicks.

Our Tracking add-on does not track activity from bots by default. Since the number of bots is constantly increasing the list of bots can also be extended for your site.

Conclusions

Intentional click fraud is happening. The question is rather if this is something you need to be worried about. In my personal experience, ad networks take care of it for you.

I know that my statement about Click Fraud not being your problem will cause some readers to disagree. There are too many stories out there from publishers who claim that they or a friend of a friend were banned from AdSense due to invalid clicks made by a competitor.

I have no reason to doubt those reports but also never found someone this happened to recently and who wanted to give me more details so that I can see and verify the story. If this happened to you, then please don’t feel offended and reach out to me with your story.

There is even a chance that we will add it to our Advanced Ads plugin if the requests for a click fraud monitoring solution is staying at a high level. I hope that this article helps us to discuss and decide.

If you want to use an extra layer of protection, then please go ahead. This article is not about specific solutions, but should rather give an overview of what you should look out for. The mentioned offers could be updated after publishing this article and become more reliable and compliant with AdSense in the future.

The Author

Leave a Reply

Your email address will not be published. Required fields are marked *