Title: WordPress security Last modified: August 31, 2016 --- # WordPress security * Resolved [Gazal](https://wordpress.org/support/users/gazal/) * (@gazal) * [10 years ago](https://wordpress.org/support/topic/wordpress-security-13/) * Hi, I have been having issues with my website due to Referral spam, brute force attacks etc. I have tried shield plugin, wordfence and all in one security plug in. There are bots trying to crack into the admin area of my website, referral spam using up my monthly bandwidth. * 2 months ago I had to shut down my website as it was compromised. There were admin login from countries like ukraine, russia etc and so many files were added to my database and php was edited. * HAs anyone else been in a similar situation? any suggestions on how to secure a wordpress site? Viewing 3 replies - 1 through 3 (of 3 total) * Moderator [James Huff](https://wordpress.org/support/users/macmanx/) * (@macmanx) * [10 years ago](https://wordpress.org/support/topic/wordpress-security-13/#post-7357108) * There will always be referral spam, it’s not a security issues. Bots browser the net leaving fake referrers behind just like bots browse the net leaving spam comments and botnets send spam emails. It’s just a fact of the web. Some stats systems allow you to create a blacklist for referrers (which simply filter them from your stats), and there are more manual ways of course [https://codex.wordpress.org/Combating_Comment_Spam/Denying_Access#Deny_Access_Referrer_Spammers](https://codex.wordpress.org/Combating_Comment_Spam/Denying_Access#Deny_Access_Referrer_Spammers) but please be assured there’s absolutely nothing that referrer spam can do to harm your site. * Brute force attacks will also happen, not as common, but they hit everyone constantly for sure. It’s bots yet again, this time visiting common login forum URLs trying common username and password combinations. Just another fact of the web. Use a strong password [https://support.mozilla.org/en-US/kb/create-secure-passwords-keep-your-identity-safe](https://support.mozilla.org/en-US/kb/create-secure-passwords-keep-your-identity-safe) and you won’t have to worry. Two of my sites combined have logged 60,242 failed login attempts over just the past year, all blocked by the Protect module of Jetpack: [https://wordpress.org/plugins/jetpack/](https://wordpress.org/plugins/jetpack/) * Referrer spam will happen, it’s just bots randomly roaming the net leaving a fake referrer records, never a targeted attack, and never a danger. Similarly, brute force attacks will happen, they’re also bots, mostly just roaming the web, rarely a targeted attack, and rarely a danger if you’re already using a strong password and something that protects against them. * What I’m trying to say is, don’t give up on a security plugin just because they log failed logins. That means they’re doing their job. As for referrer spam, it’s going to happen, no security plugin blocks it, because it’s not a security concern. * In addition to plugins, you may want to implement some (if not all) of the recommended security measures: [https://codex.wordpress.org/Hardening_WordPress](https://codex.wordpress.org/Hardening_WordPress) * Thread Starter [Gazal](https://wordpress.org/support/users/gazal/) * (@gazal) * [10 years ago](https://wordpress.org/support/topic/wordpress-security-13/#post-7357131) * Thanks James, I will give Jetpack a go and implement recommended security measures. * Moderator [James Huff](https://wordpress.org/support/users/macmanx/) * (@macmanx) * [10 years ago](https://wordpress.org/support/topic/wordpress-security-13/#post-7357175) * You’re welcome! Viewing 3 replies - 1 through 3 (of 3 total) The topic ‘WordPress security’ is closed to new replies. ## Tags * [brute force attacks](https://wordpress.org/support/topic-tag/brute-force-attacks/) * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/) * 3 replies * 2 participants * Last reply from: [James Huff](https://wordpress.org/support/users/macmanx/) * Last activity: [10 years ago](https://wordpress.org/support/topic/wordpress-security-13/#post-7357175) * Status: resolved ## Topics ### Topics with no replies ### Non-support topics ### Resolved topics ### Unresolved topics ### All topics