GMS Insights

Fending Off Website Hack Attempts

Before you choose some to build your website, read this.

Fending Off (website) Hack Attempt

Marketing firms mostly focus on outgoing communications to client’s customers but on occasion a long term client can call with trouble. In this case a client that GMS had developed a website for, was experiencing hack attempts. Specifically there were dozens of false login attempts per day.  This website was produced in WordPress (website creation architecture) which is actually a fairly common target because of the easy-to-find login location for a WordPress site. Very often, site creators lack creativity when it comes to the username and passwords, defaulting to the provided “admin” as the username.


Act One: Block the Source
Fortunately there were software programs installed to help identify hackers. The Wordfence plugin showed that attacks were coming from certain countries, so these IP (internet protocol) addresses were blocked. That worked for a day and then the hacker used a virtual rerouter to send the hacking attempts from a wide range of new locations. We continued adding IP addresses to block until it was clear this was not going to work.


Act Two: Deter Wrong Logins
We installed a software that allowed us to block failed login attempts from any IP address for days. This of course if problematic if the client makes a mistake with their login, however GMS alerted them that if they log in make sure it’s right so they are not locked out for days. This worked to some extent in that the many dozens of hack attempts per day were cut back to just 10-12.


Act Three: Change the Target
As mentioned in the opening paragraph the WordPress administration login page is relatively easy to find for a hacker and since we were still seeing hack login attempts we found some new software that actually changes the location (web address) of the login page. This was pretty easy to use and the only caveat is to remember the unique login page or everyone is in deep trouble. So writing this down and book marking the new login page is essential.


Act Four: Success
The client was happy to see that the hacker login attempts have been stopped.

This illustrates the difference between a website “designer” and a more full service marketing support company that will stand with you as problems arise with your website. Because these marketing tools are online, they are fluid and can be impacted by hosts, visitors and even people from your own company. It’s not like a brochure or video that is un-changeable. Websites can crash, break or yes, get hacked. It’s important to have someone you can not only call, but rely on to help you or find help to get you back to normal.

Tips for a more secure website.
1- Create unique usernames and passwords
2- Keep your framework software up to date
3- Don’t use add-on software and themes from unreputable creators
4- Back up the website. Do it at least once, but regularly if you make regular changes.