A common question from publishers and AdSense users in our support desk is how they can prevent visitors from click fraud – a user clicking extensively on their AdSense ads and risk their account being closed.

A month after I published this article, we added a lightweight and cache-compatible click fraud protection to Advanced Ads. My opinion about it didn’t change, but this still was the highest ranking feature request so we honored it. Check out the click fraud protection feature.

If you have been around for a while, then you probably get the feeling that once an AdSense account is gone, you will never be able to get it back.

Click Fraud

Therefore, it is more than normal that you want to protect it, especially against issues you can’t control.

Since this question comes up regularly, I dug deeper into the topic of click fraud and click bombing, the real danger, and solutions behind it.

I am writing from two perspectives here: first, I am a publisher with millions of page impressions per month monetized with ads from networks like AdSense. Second, I am the developer of Advanced Ads, the ad management solution for WordPress. So this question is also of high interest to me.

You're using WordPress and would like to get Advanced Ads for free?

What is click fraud?

The problem of click fraud is only yours when your account is banned. From the perspective of AdSense, it is about protecting advertisers from paying for clicks that are not made out of genuine interest for the ad content but to either earn more money or harm the advertiser.

Click fraud is also happening when you click on ads yourself or ask someone else to click on AdSense ads on your home page.

And even though she meant well, if your mother clicks multiple times on ads on your website to help you make a living from your dream then she is also involved in click fraud. No harm is done if she only clicks on ads they interest her, though.

No need to panic about real accidental clicks on your ads though. A single click doesn’t make a difference.

AdSense calls the mentioned behavior Invalid clicks and impressions and explains it in their program policies like following:

Clicks on Google ads must result from genuine user interest. Any method that artificially generates clicks or impressions on your Google ads is strictly prohibited. These prohibited methods include, but are not limited to, repeated manual clicks or impressions, automated click and impression generating tools and the use of robots or deceptive software. Please note that clicking your own ads for any reason is prohibited.

With the same reasoning, you are also not allowed to encourage users for clicking on ads either by asking them directly or placing ads where they could be misunderstood for other elements.

What is click bombing?

You could see click bombing just as one form of click fraud, but I thought I’d use a different term to show another motivation behind the problem. This is the one most publishers fear.

If you know that AdSense doesn’t tolerate click fraud and might close your AdSense account without warning and block not only future revenue but also earnings not paid out yet, then your competitors know that, too.

Let’s call it “click bombing” when a user clicks on AdSense ads on your site to get your account suspended and you in trouble.

What can you do about click fraud?

The easiest thing you can do is to comply with the AdSense rules by not clicking on AdSense ads on your site. You don’t need to be obsessive about telling all your friends and family not to click either. I can say from my own experience that most people who wanted to help me like that told me at some point and then I had a chance to thank and ask them only to click when the ad is interesting for them.

None of them actually made a lot of clicks, so I was never afraid that they endangered my business.

With people who use click bombing to harm you intentionally, you can of course not reason like that. And the feeling of being powerless has helped a lot of solutions to evolve over the last years.

Once I visited their sites, I am now retargeted by their online ads with dark monospace font types and people with masks who try to steal my earnings and AdSense accounts.

These ads and offers all claim that they can protect me against click fraud. While I believe that there could be a solution that prevents visitors from clicking multiple times on the same ad, they all come with a price.

I am not only referring to money here, but also to others risks. They range from preventing valid clicks to not being AdSense compliant and therefore risk your AdSense account after all.

How Click Protection works

All the solutions I tested prevent click fraud and click bombing by simply hiding the ad. You can’t click on something you don’t see.

They often allow a user to click once on the same ad and only then hide it.

There are two methods to do that.

The first is by hiding the ad using JavaScript in the user’s browser. This means that the same user would not see the ad for some time as long as he uses the same browser.

The second method identifies the user based on her IP address and stores this address in a table. The user could switch to another browser or maybe even another device and would still not see the same ad.

Both methods can be circumvented and come with drawbacks you should be aware of.

Risks of click fraud protection

Let’s remind us that we are not talking about people who only want your best. They will probably not try to circumvent your protection by all means. If someone really wants to hurt you, they might try harder to find a solution around your protection.

I checked two solutions built for WordPress for this purpose: Click Fraud Monitoring and Invalid Click Protector.

Let’s start with the most obvious question. You are trying to protect your AdSense account with a click fraud monitor of any kind, but is that protection itself compliant with the AdSense terms?

Click tracking on AdSense ads

The reason I was starting to look at click fraud monitors was to learn how they track those clicks. There are two problems here:

  1. AdSense does not allow to alter the code and make click tracking easier
  2. tracking the click before the user leaves your site

The first issue is the most serious here. If AdSense does not allow most kinds of manipulation of their ad code and ad code behavior, developers need to implement some tricks to actually do it.

This brings us to the second issue. Depending on the method selected, the click might not be tracked in time. Especially, when AJAX is used to send the event to the database, the user will be long gone to the advertiser’s page before the information is stored.

In my tests, most clicks I made like this were not counted and I was still able to click multiple times – on a dummy ad of course 😉

Hiding AdSense with CSS

Invalid Click Protector is hiding ads using CSS. Don’t worry of you don’t know what CSS is, but if you know the AdSense terms a bit then this should raise a red flag.

It is forbidden to hide AdSense ads using CSS because that does not prevent them from being loaded and technically generate an impression.

Since AdSense no longer pays per click only, but sometimes also for impressions. You might understand now why this is a violation of their policies and on the same level as click fraud.

Ignoring the problem mentioned above, hiding ads with CSS is also easy to circumvent by anyone who wants it. They could just define custom CSS rules that override hiding the ads in their browser and go on with whatever they intend.

I only tested WordPress plugins here, but I expect external services to work similarly.

Issues with PHP-based tracking

I mentioned the use of IP addresses as another method from click protection software. If they store that information locally and use the server-side language PHP to hide the ad code completely from your site, a small CSS hack is not enough to harm you anymore.

If they are serious about harming you, they could probably use a bot network that runs different browsers in very different locations (and IP addresses). I don’t know if that is a thing though and there is a lot of skill needed to build that.

There are a few real issues though which I only know after experiencing them myself.

Click Fraud and caching

The first issue is caching. If you are using a caching solution, then chances are high that the page is cached for a visitor who should not see ads. The next visitors will see the same, ad-less pages and not be able to click. It could also happen the other way around, and a user who should not see ads anymore still does.

Multiple IP addresses

Another issue – and I bet most of you are not aware of this – is the usage of the same IP for sometimes a substantial number of people. We learned this the hard way when we started to block some IP addresses after they made a larger number of page impressions in a very short time.

A lot of visitors complained that they were not able to visit our website anymore. We found out that they lived in an area or worked in a building that shared the same IP address for a lot of users. So when multiple users from the same area visited our site, we detected a thread.

In case of click fraud, this could prevent more users from seeing your ads than those who already clicked on them. This might not be significant to you but shows that the devil is in the details.


Do you care about Privacy? Maybe you don’t, but in a lot of countries, you are not allowed to track IP addresses from your visitors. At least, you need to make them aware of this in your privacy policy.


Especially with the use of server-side techniques to store and evaluate whether a single visitor is a potential threat or not will drain your performance. With a lot of clicks, a table used for that can grow quite large and needs not only performance but also storage.

Is Click Fraud a real threat?

If you asked me if click fraud is a problem in general, then my answer is definitely YES. Industry reports show that a lot of money is lost by paid clicks that were made without interest in the ad content.

In case of AdSense, this is a problem for advertisers and ad networks. It is not YOUR problem.

You read correctly. The reason I am saying that it is not your problem is that AdSense does take care of this for you.

Did you already notice the “Invalid Traffic” reduced from your payments? If your account has more than a few clicks, then there is a chance that this value is not zero anymore.

Invalid clicks – made for whatever reason – are reduced from your earnings. Well, not reduced from the valid revenue of course, but neutralized as if never happened.

Invalid clicks are not the only kind of invalid Traffic. A wrong implementation of AdSense ads, e.g., in a PopUp would also count here, so it is worth revising your setup if this amount is significant.

What are Click Fraud Monitoring and solutions worth?

If my websites were targeted by click bombing attacks and my AdSense account would be in real danger, then an AdSense-approved click protection would be worth multiple times of what the most expensive solution on the market costs now.

With my experience and the knowledge I have about how these solutions work, the risks they bring with them, and that ad networks take measures to solve the issue on their end. I don’t see a real threat here.

I must also say that in my years as a publisher, ad consultant and with our Advanced Ads plugin running on over 40.000 sites right now, I never saw an AdSense account being banned by invalid clicks made from a third person. Maybe that made me naive and ignorant.

What about ads not coming from AdSense?

This article focusses on pro and cons of using a click fraud monitor with AdSense, but of course, this is not the only ad network.

In September 2015 I visited dmexco in Cologne, the huge gathering of online marketing and advertising professionals (+55.000 of them). All major ad networks and tech providers were there. I was surprised to find many companies that offer ad security and click fraud protection for ad networks and larger publishers. There is a lot happening before ads are reaching out.

I reached out to three ad networks we are currently working with to ask them about their measures against click bombing and the risk for publishers. They all confirmed that they look into those cases manually, but not had an account that was banned yet.

As Sulvo confirmed, Their larger concern is invalid clicks made without an interest in the ad, but by accidental clicks caused by wrong implementations of the ads. They are also looking into these cases and work with the publishers on fixing them.

Click Bombing Bots

How much can an automatic bot harm your AdSense account? The answer is simple: it is very unlikely that this could be a problem because bots can not even load AdSense ads since they typically don’t execute JavaScript. Hence, there is no risk from them.

Still, bots could be a problem if you are hosting static ad content (like images) on your site and have a non-JavaScript based impression and click tracking. Even harmless bots that crawl your site for search engines or other services can produce impressions and even clicks.

Our Tracking add-on does not track activity from bots by default. Since the number of bots is constantly increasing the list of bots can also be extended for your site.


Intentional click fraud is happening. The question is rather if this is something you need to be worried about. In my personal experience, ad networks take care of it for you.

I know that my statement about Click Fraud not being your problem will cause some readers to disagree. There are too many stories out there from publishers who claim that they or a friend of a friend were banned from AdSense due to invalid clicks made by a competitor.

I have no reason to doubt those reports but also never found someone this happened to recently and who wanted to give me more details so that I can see and verify the story. If this happened to you, then please don’t feel offended and reach out to me with your story.

There is even a chance that we will add it to our Advanced Ads plugin if the requests for a click fraud monitoring solution is staying at a high level. I hope that this article helps us to discuss and decide.

A month after I published this article, we added a lightweight and cache-compatible click fraud protection to Advanced Ads. My opinion about it didn’t change, but this still was the highest ranking feature request so we honored it. Check out the click fraud protection feature.

If you want to use an extra layer of protection, then please go ahead. This article is not about specific solutions, but should rather give an overview of what you should look out for. The mentioned offers could be updated after publishing this article and become more reliable and compliant with AdSense in the future.

The Author


  1. latest sp flash tool

    Thanks alot now after reading your statement that “ad networks will take care of it” i am totally relaxed

  2. Kevin

    I’m glad you mentioned that this should be taken care of by the ad networks Thomas.. and it should. How can one be held responsible for the actions of 3rd parties with whom there is no relationship.

    I’ve had Adsense on various different sites for a while and am actually just now building a new site in the Internet marketing arena, where people can often be a little click happy. But I have to admit that in the years that I’ve had Adsense on various sites, I’ve never had an issue regarding the banning of my account (even though I’ve seen invalid clicks notifications from time to time).

    So I’m inclined to go with your consideration that it should not be a problem (in general) and that no specific additional action is necessary. And when all’s said and done, if you’re writing useful and good content that gives value, would you really be likely to attract so much unsavoury attention from competitors?

    I don’t tend to battle it out for keywords – at least not yet, my site is way too young and under-developed (I’m just trying to get some content in place for the moment). So realistically, who would go to of their way to try and “click bomb” me anyway (and why).

    Perhaps I too am being naive here and when I/my site get’s bigger (and it will happen), then others may sit up and take notice. But I can’t help thinking there is more good in people than bad and as long as any relationships you build are well and pleasantly maintained, no-one should have a reason to attack you.

    Certainly I feel, for little people like me (or at least as I am right now)… “click bombing” is highly unlikely to be an issue.

  3. Adekunle Olamide

    Thanks a lot for all the tips, i have tried so many times to prevent this but with no successful result, is like i skip the paragraph where you mention cache plugin, so after a lot of troubleshooting your idea really help.

    Click bombing is very risky when it comes to google adsense and getting disable is really hurts, i give your article a 5 star rating. Big Up

  4. Siju George

    You are right Thomas, click bombing is a real threat for an AdSense publisher. I run several websites and a few years back my AdSense account showed invalid click warning and even deducted a few amount in the finalized earnings. Luckily I didn’t loose my account. While checking I saw huge increase in the number of clicks on ads placed on one of my websites. In order to avoid loosing my AdSense account I removed ads code from that website and till today that website is not having it. I didn’t know there are services offered to prevent click bombing until I read your blog. However, by that incident I learned how to monetise a website using affiliate programs .

  5. Rose

    Great post. I’m new to blogging and adsense and all that, this was very informative 🙂 Thank You!

  6. Kenny

    Wow, I was literarily glued to this post from the very beginning to the end. I wish I could learn to write like you!
    On the topic, you really got my heart-beat high with the threats and consequences of click fraud and I feared greatly for my Adsense account just before you drove me right back to the reality – that google takes care of it!
    Many thanks for this masterpiece , I would love to read your next post.

  7. Kenedy

    Wow, this is very educative. Can I re-publish this article on wakanda.ng and give you due credits please?
    Thanks in advance for any reply you give.

    1. Thomas Maier Article Author

      Thanks for your kind comment. Please don’t republish it. You can write a summary and link to this article if you want to help us.

  8. Foodie Pro Theme

    Thanks Thomas, for the additional information. Truely, Click fraud is really a thing that need to be handled wisely. It can destroy your AdSense career.