What is a Brute-Force Attack?

I’m sure you’ve heard the phrase ‘brute-force’ at some point in time. Whether used to describe an army invading a castle or a raging river, it simply speaks to the sheer volume and power of the force. In recent years, the phrase “brute force” has taken on a new meaning. Today, a brute-force attack is one of the most common and cornering security threats to any website or secured login. Thankfully, there are a couple of great options for preventing our sites, especially WordPress sites, from falling victim to a brute-force attack.

A brute-force attack is a trial and error type of method used to guess useful information, such as username and password. Just like a river slowly and gently flowing downstream isn’t too big of a concern, a person sitting and guessing usernames and passwords isn’t that big of a concern (though still not appreciated). The concern with the river and our logins, is simply in the sheer brute force. To accomplish this, spammers and hackers will use a software-based algorithm to automatically generate a large number of guesses for the desired piece of information. Some sources that these guesses can be as numerous as up to 350 billion per second. As you can probably guess, 350 guesses per second can be a problem – and 350 billion per second can be catastrophic. The obvious concern is that the attacker could gain access into your site and wreak havoc. The problem with that many hits on a page (attempts to login) is that it will eventually cause your website to crash and simply be down. While that can stop the attacker, it also means legitimate users can’t access your site. Thankfully, there are several easy-to-implement security protocols in WordPress as well as basic practices that can help eliminate the risk for brute-force attack.

First things first – I gotta say this, and I know you’ve heard it before: PASSWORD for your password is a HORRIBLE idea! 1234 is a horrible idea! When you’re setting up your password in WordPress, one of its great security features is that WordPress will let you know how secure it feels your password is. Simply keep adding to your password until it comes up as Very Strong. To do this, you’ll most likely be using a combination of lower and uppercase letters, numbers, and special characters (!, @, #,$, etc.). For example, as I’m writing this, I’m listening to Quiet Riot. A musically influenced strong password would be something like Qu!t3#Ri0t#coftnoize – (Quiet Riot, Come On Feel the Noize). I added in uppercase, lowercase, numbers, and characters.

Okay, so now that we got the obvious one out of the way…. You can also install a plugin such as WordFence and customize its installation to protect your site further. With WordFence, you can take additional steps such as blocking a username. I never set up the username ‘admin’ – that’s far too obvious. With WordFence, if anyone tried to use that username, they’d be automatically blocked from being able to login for however long you specify. You can also set it up so that if they do try a legitimate username but miss the password a certain number of times (10 or 20 ideally, if you use strong passwords), it will again lock them out.

With WordFence, you can also run a scan on your site to see if there are any effected or infected files on your site that need to be cleared up. If there are any suspicious files, the program will let you know which ones are causing concern and which specific folders they’re in so you (or your web developer) can check them out and remove them if necessary. While this won’t stop a brute-force attack from hitting or entering your site, this scan can help prevent the amount of damage that can be caused by an attack.

Thankfully, there are several simple and easy-to-implement tools and plugins to help prevent brute-force attacks. Unfortunately, cyber threats such as a brute-force attack are one of the most common and concerning security threats that we face with websites, and the problems (the hackers/spammers/evil-doers) won’t be going away anytime soon. Just like when an invading army would storm a castle or the water in a river rages, we can be proactive and ready to counter these attacks when they come.

Different Authors?

Some of our clients have multiple individuals writing blogs for their website. Having content from different perspectives is a great way to showcase all that your business has to offer. However, you may not always want to give admin access to all blog contributors. Thankfully, with WordPress, there are two really great options.

The first option is to set the additional writers up with a WordPress account and set their role as “author.” By doing this, those contributors will be able to login as needed, create new blog posts (and a select few other types of posts, depending on the plugins used on the site), and edit older posts. They will not, however, be able to add new pages or edit older ones. With this account role, your additional writers can edit their personal WordPress accounts, but they will not be able to create any new accounts or change their own role.

Alternatively, a business may opt to not allow individual authors WordPress access. We’ve had a few clients who have had additional blog writers contribute, but all content had to be approved by one person before that content could go live. To achieve this, the client simply created a user account for each writer, but did not share any login information with them.

That way, when the client (or other approver within the organization) received the written information from the author, the client could simply copy and paste the blog into WordPress and manually select the name of the author for that particular post.

With WordPress, there are some easy-to-use options that allow for multiple writers on a blog. Whether each writer has their own login or not, having multiple writers on a blog is a great way to show different perspectives and viewpoints: just one more way to make the most out of your blog and website.

What should you do if your website is down?

In the past month, a couple of clients have notified me that their website was down. For them, it was an easy process to correct the issue. They reached out to us at Full Scope and we walked them through fixing the issue. In each of these particular cases, the domain names had expired. We were able to walk them through the process of getting the domain name renewed. If you don’t happen to host your website with Full Scope, here are a couple of great tools that can help.

First, go to downforeveryoneorjustme.com. Simply load the site and enter in your domain name. You will get a notification telling you if the site is down for everyone or if it’s just down for you. If it is just you, you’ll want to check if there is a firewall blocking you from getting to your site. On the other hand, if it is down for everyone, you know to get in touch with your hosting provider as the problem is occurring for your customers as well.

Another helpful tool, although a bit more technical, is whatsmydns.net. Each website is hosted on a server that is assigned an IP address (1.2.3.4 or 48.38.74.89 for example). It’s not a bad idea to figure out what IP address your site is on and keep that information stored somewhere. If you find that the IP address is different from what it’s been in the past, there’s a good possibility that something changed with your domain name’s DNS settings. If your domain name is stored with a registrar such as GoDaddy or ENOM, log in there and see if anything has changed.

Finally, you can also run a WHOIS search at http://whois.icann.org/ . Doing so will give you a detailed report that includes the domain name servers and settings for the domain name. The main piece of information to look for here is the name servers. When your site is up and running, make note of what the name servers are set to. They’ll be something like “ns1.fullscopehost.com” and “ns2.fullscopehost.com” or something similar. If the name servers have changed, again, log in to your domain name registrar and see what was changed.

If you are a Full Scope Creative client who experiences your site being down, just reach out to us. We’ll go through to check for any potential causes of the problem and correct them to get your website back up and running quickly. If you don’t host with us, we will still do as much as possible to help. The three steps above are the first steps we take in order to find out what is going on with the website.

Keeping the NEW in N.E.W. Zoo

One of my favorite things I get to do with Full Scope Creative is attend some amazing networking events. This morning, I was at a Green Bay Packers Mentor/Protégé event with Neil Anderson, the director the N.E.W. (North East Wisconsin) Zoo, located here in Brown County. I learned a lot of really cool things about our local zoo – like the fact they are 100% self-sufficient and don’t take any tax money! One of the best nuggets of information I got in the meeting was when Neil said one of his biggest goals is to, “always keep the NEW in N.E.W. Zoo.”

I started thinking of how often I’ve seen businesses go on year after year and never really have many changes. If your business is falling into that trap, where nothing new is happening – act quickly! Make something change! Re-brand, come up with a new tag-line, add in a new service, work with a new demographic of clientele, change your business model, do ANYTHING! If you don’t, your business will remain stagnant, and what life grows in a stagnant river? As Neil Anderson said – nothing.

For example, look at successful bands who have weathered the storm for decades. Their sound today is not the same as it was when they first started; they changed things up to keep it fresh. McDonald’s started with just burgers, fries, and milkshakes. Look how much their menu has changed since their first store back in 1955.
I’m not saying you need to completely reinvent your business or introduce major changes by any means. But do something new in your business to keep things fresh and relevant.

One of the easiest changes you can make is to look at the wording you use to describe your company. Talk to current clients to find the shortcomings of your message and clarify those points to tell a stronger story. Once the verbiage is new, you can look to a slightly more daring task of freshening up your business cards: change the layout, the logo, the colors, something – ANYTHING! The, when you’re really ready for new, take a look at your other marketing material and your product offerings and see what you could benefit from some updating.

For Full Scope Creative, we ran into this about a year ago. The business needed something to pick it up a little. We were doing great with website design, graphic design, and website hosting, but we needed a new something to really help keep things fresh for the company. That was when we first introduced our copywriting services. That was a good move for us, but that’s not the end of it. We’ve got several other things coming up throughout 2018 to help keep Full Scope Creative new and relevant.

If a zoo in Brown County, Wisconsin has the goal of, “keeping the new in N.E.W. Zoo,” it really should be a big focus of your business as well. Keeping your businesses as far away from being a stagnant river is a key step in business survival.

Why I Don’t Like Slideshows

In years past, I was a pretty big fan of having slideshows. Scrolling photos on the home page of a website was useful and successful in helping to generate conversions from “browsers” who are just viewing your site and getting ideas to customers who actually reach out and make a purchase or take another action to interact with your business. But as is often said with anything in the website design realm, Bob Dylan said it best: the times, they are a-changin’.

In the fast paced world we live in, a website is at its most effective when there is one (maybe two) key tasks a user is being prompted to take. Oftentimes that task is referred to as a “Call to Action.” Most business owners know what that one activity is that they want site visitors to do in order to convert that person as needed. Previously, we used to say that a slideshow kept users on a site for a few seconds longer; however, things have changed and we simply are not seeing those results anymore. The biggest focus on many of the sites we’ve built recently is to encourage or entice the user to engage in one of those Call to Action graphics and complete a conversion.

The problem with slideshows is that they provide little value and have considerable downsides. I don’t think I’ve ever talked to someone who made a conversion on a site, be it buying a product or filling out a contact form, who said, “Ya know, it was that third image in the slideshow that made me do it…” The space that was taken up by that slideshow can still be used for a large image, but done in such a way as to help with the goal conversion.

The harm in using a slideshow is simple – load time. Anytime you have a slideshow on your site, it’s going to require JavaScript. The more files that have to be loaded, the longer it will take the site to load. I remember when I first started designing websites; we were told that we needed the page to load in 8-12 seconds. When I started Full Scope Creative, it was half that at most. Today, we are lucky if a user will wait 3 seconds. Therefore having a slideshow load with the required JavaScript (which takes an extra .25 – .50 seconds to load) is simply no longer an option. On a mobile device, the images will likely be so small and clunky that there will simply be no benefit whatsoever of having them.

There are countless other things that can be done in that place. Putting a strong Call to Action is what will drive your results. With several of the sites we’ve done recently, we still use a larger image at the top of the site – but that’s not what drives conversions. Specifically, Call to Action graphics or buttons are what drive those successes. For many of our clients, that Call to Action is more important than any other feature on the site. Why let a slideshow take up those valuable resources, such as load time, when there is simply no benefit to it?

Do you have trouble closing your blog articles?

Watch what I do here: oftentimes when I’m writing a blog, the opening of the blog comes pretty easily to me. The body of the is fairly painless to write as well. The part I get hung up on the most it seems, is the closing. However, recently I found a great way to help get the closing piece written quickly and easily as well.

If you’ve talked with me much at all, you know I’m a big fan of having a blog on your site. It’s a great way to provide your users and readers with more of your ideas and let them get to know who you are. The problem with writing articles for your blog, however, is oftentimes the actual writing of the article. When I give a prepared speech, I always go in knowing what my opening is, have a couple of bullet points for the body of the speech, and then state my intro again, but in reverse. The same applies to writing a blog article.

Simply start by writing out your opening since quite often, that’s not very difficult. Introduce your subject and say why you feel it’s important. Moving into the body of the article, simply list some bullet points and then expand upon each point and turn it into a paragraph or two. Offering an example or two can be a good way to help illustrate your point as well.

However, it’s those pesky closing paragraphs that can trip me and many other writers up! One of the easiest ways to handle the closing is to simply to restate your opening. As we say in Toastmasters, in the opening of a speech you should, ‘tell us what you’re going to tell us,’ in the body you should actually ‘tell us,’ and then in the closing you should ‘tell us what you told us.’ Simply apply the same method to your blog or other writing projects.

By writing your opening in reverse, you’ll be able to quickly and easily bring your blogs to a close. The closing is the part of writing a blog that a fair amount of writers get tied up on, even with the opening and body of the article come easily. Simply switching the heading around is a great way to easily bring your blog to an end. (See what I did there?)

The “Call Us Now!” Button

There is a concept in physics that states that objects in motion tend to follow the path of least resistance; people work in much the same way. When looking to solve a problem, we tend to look for the path of least resistance. I know that for some of us (myself leading the pack) we’re a bit impatient and want results and answers right now. When it comes to our websites, we can take that ‘path of least resistance’ mentality and incorporate it into solving our users’ problems, especially when it comes to getting in touch with us.

A friend of mine was recently in need of some repairs to his house after a storm. He picked up his phone and did a Google search just like most people do. He found a contractor and knew they could handle the work based on the first page of their website. In addition, there was a very convenient button that said, “Call Us Now!” When he clicked that button, his phone rang the contractor’s office. They answered and had someone out to his house quickly. He didn’t have to dig around and look for a phone number, write it down, or even copy and paste it. Just one click and he was dialing the contractor.

I know it’s probably not the most optimistic outlook of our society to say that we’re too lazy to copy and paste a phone number, but it is where we are at in 2018. We’ve become so accustomed to instant gratification. On more than one occasion, I’ve decided to order pizza from a different place because the first one’s website didn’t have an easy to use, “Click here to order!” button that rang the pizzeria. We like things NOW and don’t want to wait the small amount of time it takes to copy the telephone number, open the phone, paste the phone number, and hit the green call button. We want things now.

Having a simple button on your site that says, “Call Us Now!” – especially on your site’s home page – is a great way to work in that instant gratification we all desire while still accomplishing the goals of your site. The best part is that adding such a button is a relatively easy thing to do, possibly something you can even do on your own. If you find you’re struggling with it, CALL US TODAY!

Substitute Solutions

Back when I was knee-high to a grasshopper, one of my favorite things to do was to go to Blockbuster and rent movies. I loved walking into the store, seeing the new releases, looking through old favorites, browsing the video games, and occasionally getting some candy. Today, there are only a handful of Blockbuster stores left open. Some people think that Blockbuster’s demise was due to a poor business model or other video rental options. Truth be told, those factors were only a small part of what lead to the video rental giant’s fall. What really did them in wasn’t their direct competitors, but rather, other available substitute options – primarily Netflix.

While there are similarities between Blockbuster and Netflix, they are completely different business models, structures, and offerings. Yes, both deal with movies, but that doesn’t make them direct competitors by any means. What happened to Blockbuster was that a newer, sleeker, faster, and more technologically advanced substitute won over their consumer base. Blockbuster attempted to adapt and offer streaming services like Netflix, but by the time they acted, it was too late: the damage was done. The mighty giant of home rental videos was doomed.

Blockbuster is just one example of a business only paying attention to their direct competitors, and not focusing on the other substitute options that could replace them. Whether it’s a big corporate business or a small family run business, it’s not just direct competitors who do the same thing as you that can bring an end to your business. A substitute option, one that doesn’t do exactly what you do but will still suffice and get the job done, such as trading ketchup for mustard, can quickly win over your customers and leave you high and dry.

So how do you prevent this from happening to your business? Look for any up and coming substitute options to what you offer. Investigate why these options are gaining popularity,  and most importantly – put those advantages to work in your business.

Keep It Simple

Have you ever found yourself talking to a sales professional and everything they say goes way over your head? I was recently talking with representative from a national insurance company about unemployment insurance. The way the sales rep talked he must have thought I knew everything there was to know about unemployment insurance. The information that many businesses have on their website suffers from the same problem: the content is simply written for the wrong audience.

On a scale of 1 – 10, most businesses owners and sales professionals know their particular business or industry at 10 (or 11 or 12). The consumers, however, only have a knowledge level of a 1 or maybe a 2. When meeting someone in person, if the vocabulary you are using is way over their head, you can at least see the glazed look in their eyes, and hopefully realize that you’ve said something that the person you’re speaking to does not understand. In person, we can catch that and rephrase, allowing us a greater chance to complete a sale. On a website, we don’t get a chance to gauge the reader’s reaction and determine if they are confused. They can very easily hit the back button and we’ll never get the chance to serve them.

To prevent this potential pitfall, it is very important to (I hate to say it) “dumb the content down a little” on your website – meaning, write for the average reader, not the expert. When we write about our business or industry, it’s our nature to write at our knowledge level – a level of 10 or higher. We need to present our knowledge in layman’s terms and limit the acronyms used so that the average reader understands us clearly.

Your competitors may look at the content on your site and think that you don’t know too much about the industry. However, your competitors aren’t the ones that are going to be making purchases from you – your customers are. Write your content for your customers and their knowledge level.

Creative WiFi Passwords

Today most businesses offer free WiFi internet access to their guests. WiFi is a great amenity to offer, and if you put a little creativity into it, you can also use it as a subtle marketing opportunity. Free WiFi is a good way to help pull people into your business, especially if you own a restaurant or coffee shop. One thing you may find at many businesses is that the WiFi is password protected. Depending on the internet service provider, building owner, or tenant’s agreement, a password may be required. If it is, have a little fun with the password.

For example, a coffee shop here in Green Bay changes their password every few days and it usually has a tie to the current season (such as when the password was “christmascheer”) or one of their drinks (like the “americana”). Once the password was almost commanding: “drinktea”. It worked. I ordered a pot of tea and I’ve been going back nearly weekly for coffee and tea.

If you do choose to offer WiFi, change your password every now and then and have a little fun with it. You never know, you might just get someone to make a purchase.