WP referrer spam blacklist (fight 2040+ Referrer Spammers in (Google/Matomo) Analytics) Security & Risk Analysis
wordpress.org/plugins/wp-referrer-spam-blacklistWordPress plugin to fight with 2040+ referrer spammers (like semalt, buttons-for-website and many more).
Is WP referrer spam blacklist (fight 2040+ Referrer Spammers in (Google/Matomo) Analytics) Safe to Use in 2026?
Generally Safe
Score 85/100WP referrer spam blacklist (fight 2040+ Referrer Spammers in (Google/Matomo) Analytics) has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "wp-referrer-spam-blacklist" plugin v1.3.0, based on the static analysis, exhibits an excellent security posture with no identified entry points into the code that are unprotected. The absence of AJAX handlers, REST API routes, shortcodes, and cron events significantly limits the potential attack surface. Furthermore, the code demonstrates strong practices by exclusively using prepared statements for all SQL queries, indicating no risk of SQL injection vulnerabilities. The analysis also shows no critical or high-severity taint flows, suggesting that user-supplied data is not being mishandled in a way that could lead to immediate exploitation. However, the plugin's output escaping is a notable concern, with 100% of its outputs not being properly escaped. While there are no known CVEs or historical vulnerabilities, this lack of output escaping presents a risk of Cross-Site Scripting (XSS) if any user-provided data is ever rendered directly to the browser without sanitization. The plugin also makes an external HTTP request, which, without further context, could potentially introduce risks if the target endpoint is compromised or if data is sent without proper validation.
Key Concerns
- All outputs are unescaped
- Makes external HTTP requests
WP referrer spam blacklist (fight 2040+ Referrer Spammers in (Google/Matomo) Analytics) Security Vulnerabilities
WP referrer spam blacklist (fight 2040+ Referrer Spammers in (Google/Matomo) Analytics) Code Analysis
Output Escaping
WP referrer spam blacklist (fight 2040+ Referrer Spammers in (Google/Matomo) Analytics) Attack Surface
WordPress Hooks 3
Maintenance & Trust
WP referrer spam blacklist (fight 2040+ Referrer Spammers in (Google/Matomo) Analytics) Maintenance & Trust
Maintenance Signals
Community Trust
WP referrer spam blacklist (fight 2040+ Referrer Spammers in (Google/Matomo) Analytics) Alternatives
Human Presence – Stop Form Spam Without ReCaptcha
ellipsis-human-presence-technology
The #1 Plugin for Blocking Form Spam on WordPress
LH Zero Spam
lh-zero-spam
Zero Spam makes blocking spam comments and registrations easy.
Language-based Comment Spam Condom
language-based-anti-spam-plugin
This plugin prevents comments spamming using language verification.
Akismet Anti-spam: Spam Protection
akismet
The best anti-spam protection to block spam comments and spam in a contact form. The most trusted antispam solution for WordPress and WooCommerce.
Antispam Bee
antispam-bee
Sophisticated antispam plugin for effective daily comment and trackback spam-fighting. Built with data protection and privacy in mind.
WP referrer spam blacklist (fight 2040+ Referrer Spammers in (Google/Matomo) Analytics) Developer Profile
2 plugins · 710 total installs
How We Detect WP referrer spam blacklist (fight 2040+ Referrer Spammers in (Google/Matomo) Analytics)
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/wp-referrer-spam-blacklist/style.css/wp-content/plugins/wp-referrer-spam-blacklist/js/script.jshttps://simplemediacode.com/?utm_source=wp-referrer-spam-blacklist-1.3.0/wp-content/plugins/wp-referrer-spam-blacklist/js/script.jswp-referrer-spam-blacklist/style.css?ver=wp-referrer-spam-blacklist/js/script.js?ver=HTML / DOM Fingerprints
<!-- Referral spam blacklist 1.3.0 by Rolands Umbrovskis (rolandinsh) https://umbrovskis.com/ -->name="generator"