AffiliateWP includes a powerful set of fraud prevention tools designed to protect your affiliate program from suspicious activity. Whether you’re dealing with affiliates clicking their own links, fake account registrations, or unauthorized paid advertising, the Anti-Fraud settings give you control over how these situations are handled.
Enable self-referral prevention
Self-referral fraud is the most common type of affiliate fraud. It happens when affiliates use their own referral links to earn commissions on their own purchases. Enabling self-referral prevention should be your first line of defense, and it only takes a moment to configure.
- Navigate to AffiliateWP » Settings » Anti-Fraud in your WordPress admin
- Find the Self-Referral Prevention section
- Set the mode to Reject (this is the default)
- Click Save Changes
That’s it. AffiliateWP will now automatically block any referral where the customer’s email matches the affiliate’s email, or where a logged-in affiliate is making a purchase through their own link.
Why “Reject” instead of “Flag”? Self-referrals are almost always intentional. Rejecting them automatically saves you from reviewing each one manually. The affiliate won’t receive a notification, so they can’t adjust their behavior to avoid detection.
When to use “Flag” instead: If your program intentionally allows affiliates to earn on their own purchases (as a member discount program, for example), set this to Allow. If you allow it only sometimes, use Flag to review each case.
Enable advanced detection
If you have an AffiliateWP Pro plan, you have access to four additional detection methods that monitor for unauthorized referring websites, suspicious conversion patterns, paid advertising traffic, and fake account registrations. The sections below follow the same order as the settings page in the plugin.
Referring Site Detection
Referring Site Detection verifies that affiliates are sending traffic from the websites they registered with during sign-up. This prevents affiliates from promoting your program on unauthorized sites or using domain spoofing to hide where their traffic actually comes from.
- Find Referring Sites Detection on the Anti-Fraud settings page
- Set the mode:
- Flag to monitor without blocking
- Reject to strictly enforce registered domains only
- Click Save Changes
This feature only works when Allow Affiliate Registration is enabled in AffiliateWP » Settings » General, because it needs the website URL that affiliates provide during registration.
Conversion Rate Detection
Conversion Rate Detection monitors each affiliate’s ratio of visits to referrals and flags those whose performance falls outside normal patterns. An unusually high conversion rate may indicate fraud like self-referrals or cookie stuffing, while an unusually low rate could suggest click fraud or bot traffic.
- Find Conversion Rate Detection on the Anti-Fraud settings page
- Set the mode to Flag
- Set your thresholds:
- Minimum Conversion Rate: 2% (default)
- Maximum Conversion Rate: 20% (default)
- Click Save Changes
Detection only triggers after an affiliate has 10 or more referrals, preventing false positives from small sample sizes.
Conversion Rate Detection only supports Allow and Flag modes (no automatic rejection). Abnormal conversion rates require context, as a high rate could mean fraud or an exceptionally targeted audience, so manual review is always required.
PPC Traffic Detection
Many affiliate programs prohibit paid advertising because affiliates can bid on your brand name in search engines, driving up your advertising costs while earning commissions from those same customers. PPC Traffic Detection automatically identifies referrals that come from paid advertising sources and lets you flag or reject them.
- Find PPC Traffic Detection on the Anti-Fraud settings page
- Set the mode:
- Flag if you want to review PPC traffic case-by-case
- Reject if your terms strictly prohibit all paid advertising
- Click Save Changes
AffiliateWP automatically detects traffic from Google Ads, Facebook Ads, Microsoft Advertising, TikTok Ads, LinkedIn Ads, Pinterest Ads, Snapchat Ads, Reddit Ads, Twitter Ads, and other ad platforms by checking for click ID parameters (gclid, fbclid, msclkid), UTM parameters (utm_medium=cpc), and referrer domains.
IP Velocity Detection
IP Velocity Detection helps you catch affiliates who create multiple fake accounts from the same location to multiply their commissions. When too many affiliate registrations come from the same IP address within a short time window, the system flags them for your review.
- Find IP Velocity Detection on the Anti-Fraud settings page
- Set the mode to Require Approval (recommended)
- Configure the thresholds:
- Registration Threshold: 3 (default), triggers after 3 registrations from the same IP
- Time Window: 24 hours (default), how far back to look
- Click Save Changes
This feature requires IP logging to be enabled. If you’ve disabled IP logging in AffiliateWP » Settings » Advanced for GDPR compliance, IP Velocity Detection won’t function and you’ll see a notice on the settings page.
Block known bad domains
The Blocked Referring Sites feature lets you manually prevent visits from specific domains you know are sending fraudulent or spam traffic. This is available on all plans and gives you direct control over which traffic sources are allowed into your program.
- On the same Anti-Fraud settings page, scroll to Blocked Referring Sites
- Enter domain names in the textarea
- Click Save Changes
Visitors arriving from blocked domains are completely prevented from creating visits or referrals.
Tips for building your block list:
- Check your AffiliateWP » Visits page for unfamiliar referring domains
- Add domains gradually as you identify bad traffic sources
- Don’t add advertising platform domains (google.com, facebook.com) here. Use PPC Traffic Detection instead for more granular control
- Domain matching is flexible: blocking
example.comalso blockswww.example.comand all subdomains likeblog.example.com
Verify your configuration
After saving your settings, it’s a good idea to confirm everything is working as expected.
- Review your settings summary. Scroll through the Anti-Fraud page and confirm each section shows the mode you selected.
- Test self-referral detection. If you have a test affiliate account:
- Visit your site through the test affiliate’s referral link
- Make a test purchase using the same email as the affiliate account
- Check AffiliateWP » Referrals. You should see a rejected referral with a self-referral flag.
- Check for flagged items. After a few days of normal traffic, review:
- AffiliateWP » Referrals for red flag icons next to referral IDs
- AffiliateWP » Affiliates filtered by “Pending” status to see any IP velocity flags
What happens next
Once fraud detection is active, AffiliateWP works in the background to monitor your program. Here’s what to expect:
- Flagged referrals appear in AffiliateWP » Referrals with a red flag icon. Click the referral to review the details and approve or reject it.
- Flagged affiliates appear in AffiliateWP » Affiliates with a pending status and a flag icon. Click “Review” to see the fraud details and accept or reject the affiliate.
- Rejected items are logged automatically. You can review all rejected referrals by filtering the Referrals page by status.
- Reports provide an overview of your fraud prevention effectiveness. Navigate to AffiliateWP » Reports » Anti-Fraud to see metrics like money saved, fraud rate, and trends over time.
We recommend checking your flagged items at least once a week when you first enable fraud detection. As you learn your program’s patterns, you can adjust thresholds and switch from Flag to Reject mode for detection methods where you’re confident in the results.
Frequently asked questions
Can I enable fraud detection on an existing program?
Yes. Enabling fraud detection doesn’t affect existing referrals or affiliates retroactively. It only applies to new activity going forward. You can safely turn on any detection method without impacting referrals that have already been created or paid.
Will fraud detection slow down my site?
No. Fraud checks run during referral creation and affiliate registration, which are events that happen infrequently compared to normal page views. The checks add negligible processing time and don’t affect your site’s frontend performance.
Do I need all detection methods enabled?
No. Start with Self-Referral Prevention (recommended for all programs) and add other methods as needed based on your program’s size and risk profile. Each method is independent, so you can enable, disable, or adjust any of them at any time without affecting the others.
How do I know if fraud detection is working?
After enabling detection:
- Check AffiliateWP » Referrals periodically for flagged or rejected referrals
- Review the Anti-Fraud reports tab (when available) for overall fraud metrics
- Look for the red flag icon next to referral IDs, which indicates a detected fraud pattern
If you see no flags after several weeks of normal traffic, that’s a good sign. It likely means your program doesn’t have fraud activity.