Wordfence 5.3.2 Released, now with Referer Blocking
This entry was posted in Wordfence, WordPress Security on November 17, 2014 by Mark Maunder 9 Replies
The newest version of Wordfence includes a much requested feature and you can thank Tim Cantrell for listening to your requests and getting us to put this in 5.3.2. You can now set up blocking in Wordfence to block certain referring websites. Many of you have asked for this feature because of the referrer spam problem out there.
First a quick primer: When a web browser or robot arrives at your website, it sends a piece of data called a referer (see footnote below if you want to know why this is misspelled). This tells your website which website the visitor arrived from. It’s quite easy to fake this data and to create a web crawler that goes around claiming that it’s arriving from some spammy website when in fact it’s just visiting your site directly.
I wrote about this over a year ago and so have others, but referer spam is when a robot arrives at your website pretending to be arriving from an external site. That external site is often malicious. So your logging applications like Google Analytics will log that the malicious site sent you traffic and put the name of that site in your logs.
This helps the malicious site in two ways. If they send you enough hits, you take a look at your logs, are curious what this wonderful new site is that’s sending you traffic and visit the website. Mission accomplished on the spammers part.
The second way it helps them is if you display your top referers anywhere on your site. Their site will appear at the top with a back-link which helps them in the search rankings.
Each request they send you with a fake referer consumes your site resources and pollutes your logging.
So now, as of Wordfence 5.3.2 which was released a few minutes ago, if you have a referer spam problem you can set up a pattern in advanced blocking to simply stop the rogue crawlers that are spamming you in their tracks. You can read the documentation for how to set up referer blocking on the official Wordfence documentation website.
Wordfence 5.3.2 also includes a new API call which allows the developers of other plugins you use to whitelist their own server IP addresses and ensure interoperability between Wordfence and other plugins.
We regularly work with other plugin authors and vendors to ensure interoperability between Wordfence and the other products that you use, and this feature was a product of that ongoing work.
Footnote: Incidentally if you’re interested in why I’m misspelling “referer” in this blog entry and our documentation, here’s the history of why “referrers” on the web became known as “referers”.