Comment by nolist_policy

I’m not sure how much of this is due to spammers and how much is due to “growth & engagement” that wants to make sure a human’s time is being wasted.

To stop spammers, you implement measures before posting, not before viewing. Spam is just a minor technical nuisance. It's automated interaction that really makes their executives sweat and shiver.

and hackers..

install a fresh wordpress and you'll be blocking hundreds of Digital Ocean Ip addys within 24 hours..

Or you won't.

If you add a failed login detector you'll see DO, OVH Hetzer and similar are non-stop password guessing your logins everyday.

Maybe your admin password is so long they will never get in, maybe you don't care that your server gets slower responses for actual users as it serves pages and does DB lookups for all the bots trying to use a different password every minute.

Maybe the website owner doesn't know any of these and the open internet is actually legoland where everything is awesome all the time.