Your Website Was Stolen, and Your Analytics Along with It

Over the years, I’ve come across situations where an entire website has been copied and hosted on a server in some far-off land. I’ve never really understood the purpose, but I know it can sometimes wreak havoc on your analytics. After all, when an entire website is copied, that includes your analytics code, TMS snippet, etc. This results in data from the copied version of your website getting captured with your real website’s data. In short, it can get messy.

While addressing the core issue of a stolen website may be a bigger challenge, preventing this data from flowing into your analytics tool doesn’t have to be, especially if your analytics logic loads through a tag management system (TMS). Let’s look at some of your options:

  • Tag-/Rule-specific conditions — You could create either tag-/rule-specific conditions limiting execution to your specific domain(s). With some tag managers, this means touching each and every rule/tag to include the new condition.
  • Global conditions —This is similar to tag-/rule-specific conditions, but with less mess. Some tag managers allow you to mandate a global condition(s) across everything in your property, profile, or space. While convenient and less meticulous than touching each and every rule/tag, there are potential dangers with a shotgun approach.

Another consideration is whether to build your condition(s) using an allow approach, or a blocking approach. Both have their pros and cons:

  • Building an allow list — With an allow list, you are explicitly saying which pages (probably domains/hostnames) are allowed to execute your code and, thereby, fire off marketing and analytics beacons. It’s a great approach if you have a relatively short, static list of domains, as you can kind of set it and forget it, with confidence that you’re keeping the garbage out without blocking legitimate traffic.
  • Building a block list — The block list allows your code to execute everywhere except for those locations where you explicitly don’t want it to execute. This is a great approach if you’re constantly trying to keep up with domain updates that don’t find out about until after the fact. It ensures you’re always ahead of the game. However, it requires you to stay on top of data from undesired sources and to be able to react quickly to update your list of nefarious (ie// blocked) domains.

As an added bonus, if you find yourself in this situation, you also have some level of control over what’s running on the copied website. With a TMS, you maintain control over the loading of remote scripts on that website. Consider some options:

  • Blank out the copied website when the pages load
  • Display a message such as “This website stolen from…”
  • Redirect the visitors back to your actual website

Whatever options you choose, know that you do have options.

Has this ever happened to you? What was your response?



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Brian Johnson

Brian Johnson

Sharing what little I know with the world.