As soon as you register a domain you will start getting spam and scam mails. When you put a contact form on your site you become a target for SEO boiler rooms. As you sign up to mailing lists the problem is only going to get worse.
Tip - where possible, don't use your normal email address for your niche site business.
Here are some of the things you need to know.
Domain Based Scams
The 4th message in my inbox here is a warning that my domain is about to expire. Shit! I'd better click on it and give them all my credit card info!
Or maybe not. It's an obvious fake, since I renewed that domain for 3 years not long ago. You'll get a bunch of scam mails like that.
Another one goes along the lines of 'domain misuse penalty'.
Just ignore everything. If you ever see something that might be legit, log in to your domain registrar (which you should bookmark) - not by clicking on any links - and see if there's any message for you in there.
Also in that image is a mail from PayPal warning me my account is about to be closed. Oh noes!
But wait, why doesn't it say PayPal in the 'from' field?
Because it's a phishing mail from some sub-human waste of space. Fuck those guys.
Related Domain Offers
I'm not sure if this one is an actual scam, but if you own carsforcriminals.com people will offer you carsforcriminals.net etc. There is no reason you should buy another domain so ignore it, and anyway, would you send money to some dude who sent you an email out of the blue?
Wordpress Hacks and Defence
One of the dumb things about Wordpress is that almost every admin gets the username 'admin', removing one difficulty for hackers.
There are plugins you can use to beef up your security. One good but overwhelmingly complicated one is 'Bulletproof Security'. There's one called Securi that costs a hundred bucks a year per site or something.
One thing you can do is choose a complicated admin username when setting up your site in the first place. You're using a password manager so it doesn't matter to you if your admin username is 09876tykghjbnko098-o][l.\;boobs
Imagine you build a site making 500 dollars a month. That has a value in the region of 20,000 dollars. Someone might hack your Wordpress and do some bad stuff, but as long as you have a backup and you control the domain, the worst they can do is waste your time. That's why you should enable 2-factor authentification on your domain registrar.
You will get thousands of emails from idiots offering to help you with your SEO. They are deeply stupid and can be ignored. On sites where I rank number 1 for EVERY CONCEIVABLE KEYWORD I get mails like 'hey I noticed you aren't doing well on Google duuuuuh'. MARK AS SPAM.
These people are SO STUPID it's hard to believe. Look at this:
How is your process so inept that you send the same email with two different names 3 minutes apart?
Guest Post Request
When your site starts getting traffic you might get people asking to dump their shitty articles onto your site. On my education sites these guys all come from websites promoting article writing services. So far I've only ever had one request from a real person whose website I wanted to be associated with.
Still, it's possible you will be approached by some good people, but that will be 5% and the other 95% you can INSTADELETE.
Google Analytics Fake Traffic
There's this absolutely worthless human who does his best to ruin the data you get in Google Analytics. You'll see weird spikes of traffic, strange messages, and all kinds of garbage. You have to filter out the shitty bits. It's a pain in the ass but at least it doesn't do any damage in any way.