Using Google AdSense, we may encounter issues with an ad serving limit placed on the account due to invalid traffic concerns.
There are many spam bots and automated scripts running on the Internet which may contribute to website traffic, but this traffic does not represent legitimate users.
Specifically to WordPress sites, the first step to eliminate the invalid traffic is to install plugins to block spam and click fraud. Two good options are given below.
For preventing click fraud:
ClickCease Click Fraud Protection
For preventing comment spam:
Further, one of the sources of the invalid traffic is automated hacking attempts from various scripts.
Bots scanning websites are attempting to run exploits, e.g. against login pages.
Therefore, we see many requests in the server logs with attempts to reach:
/wp-admin/login/
/wp-admin/login/login.php
and so on.
If the login page URL is completely unknown, it helps to stop these kinds of requests: if the usual default login URL returns a 404 a script will likely not try as many further malicious requests.
We want to make it difficult to predict the actual valid URL.
First, generate a UUID (Universally Unique ID) for the login page using:
The custom login URL can be, for example:
{some-site.com}/{UUID}_custom_login
Because the probability of guessing a specific UUID is very low, it should be very difficult to reach the valid custom login URL from any external script.
To change the login URL use the plugin:
This adds new settings in WordPress. Look under:
Settings / Permalinks / Change wp-admin login
Enter the customized URL here and click Save Changes.