There will always be referral spam, it’s not a security issues. Bots browser the net leaving fake referrers behind just like bots browse the net leaving spam comments and botnets send spam emails. It’s just a fact of the web. Some stats systems allow you to create a blacklist for referrers (which simply filter them from your stats), and there are more manual ways of course https://codex.ww.wp.xz.cn/Combating_Comment_Spam/Denying_Access#Deny_Access_Referrer_Spammers but please be assured there’s absolutely nothing that referrer spam can do to harm your site.
Brute force attacks will also happen, not as common, but they hit everyone constantly for sure. It’s bots yet again, this time visiting common login forum URLs trying common username and password combinations. Just another fact of the web. Use a strong password https://support.mozilla.org/en-US/kb/create-secure-passwords-keep-your-identity-safe and you won’t have to worry. Two of my sites combined have logged 60,242 failed login attempts over just the past year, all blocked by the Protect module of Jetpack: https://ww.wp.xz.cn/plugins/jetpack/
Referrer spam will happen, it’s just bots randomly roaming the net leaving a fake referrer records, never a targeted attack, and never a danger. Similarly, brute force attacks will happen, they’re also bots, mostly just roaming the web, rarely a targeted attack, and rarely a danger if you’re already using a strong password and something that protects against them.
What I’m trying to say is, don’t give up on a security plugin just because they log failed logins. That means they’re doing their job. As for referrer spam, it’s going to happen, no security plugin blocks it, because it’s not a security concern.
In addition to plugins, you may want to implement some (if not all) of the recommended security measures: https://codex.ww.wp.xz.cn/Hardening_WordPress
Thread Starter
Gazal
(@gazal)
Thanks James, I will give Jetpack a go and implement recommended security measures.
