Referrer Spam Info and Flagged as Malicious Today

I received this yesterday from WordFence. It is also in the tech news.

Dear WordPress Publisher,

If you would like to stop receiving WordPress security alerts and product updates from Wordfence, you can click here. You subscribed to this list via the Wordfence security plugin for WordPress. If you find this alert helpful, please give us a 5 star rating on

Google has flagged as malicious within the last few hours. It appears to be the entire site and not just the home page or a specific URL. We’re issuing this warning because is used daily by most WordPress core, plugin and theme developers to access PHP documentation.

The report Google is issuing for is available here . We haven’t been able to verify if has been hacked, but Google states they crawled the site yesterday and found 4 trojans hosted on 4 domains. If you’re a WordPress developer and need to visit to access PHP documentation, please take care until this is resolved. It is quite likely a false positive or due to simple backlinks to malicious domains appearing on, but the worst case scenario is that the site has been hacked and malware is hosted on the site itself.

I have just published an article on referrer spam and how it can impact your search engine rankings. I get quite a few questions about referrer spam and what it means when a malicious URL is found in a log file, where it comes from and it’s impact, so this blog entry will hopefully shed some light on the issue.

If you found this alert helpful, please give us a 5 star rating on on the right of the page.

Mark Maunder
Wordfence Creator & Feedjit Inc. CEO.

PS: If you aren’t already a member you can subscribe to our WordPress Security and Product Updates mailing list here . You’re welcome to republish this email in part or in full provided you mention that the source is If you would like to get Wordfence for your WordPress website, simply go to your "Plugin" menu, click "add new" and search for "wordfence".