Referrer spam (also known as Referer spam) can be of two primary types
1. Bot hits
A bot visits your page and pretends it is coming from somewhere it is not actually coming from. It is spoofing (faking) the HTTP_REFERER header. Your page loads the tracker code and is then fooled in to submitting incorrect information to your analytics. Bot hits will be visible in the Wordfence "Live Traffic" feed. This type of referrer spam can be stopped by blocking requests to your site that have a particular HTTP_REFERER. In Wordfence you can block this type of referrer spam by entering the referrers you would like to block on the Wordfence "Advanced blocking" page.
2. Ghost hits
A bot uses your Analytics code on a completely different site and submits fake traffic directly to Google Analytics (or another tracking service). Ghost referrer spam never touches your website. Thus this traffic will not be visible in your Wordfence "Live Traffic" feed and it is not possible to stop this traffic by adding any code to your website. Instead, you have to set filters in your analytics tool to filter out such traffic from your results. You can find some more information about that here.