No. This does not prevent brute force attacks. In a brute force attack, an attacker has control over all parameters of the HTTP request. ... (Almost) all brute force tools will allow the setting of a referer, and setting the site itself as a referer is pretty standard.