This weekend, there was a “brute force attack” against WordPress sites around the world, including a large number of sites at the ISP who makes this very site available to readers of our book, and other interested members of the online community. This ISP — who shall remain un-named for those of you not savvy enough to use nslookup and ip2location.com to figure out who it is (hint, hint) — got slammed enough by brute force password guessing attempts (which failed against our site, thank goodness) that this attack translated into a denial of service. In English, that means the site became unavailable: in fact, it showed a 404 error when access attempts were made.Gretchen K. came to the rescue, in the form of an email that read “Try to access your site, and get a 404 error instead.” Because neither Jeff nor I make our livings from this site, we don’t monitor it extremely closely, so this e-mail actually gave us the warning that something was wrong, and needed to be addressed. My first response to Gretchen was an email that said: “Thanks for letting us know. Sorry for the inconvenience. We’ll get it back up as soon as we can.” My second response was to send Jeff an e-mail asking him to contact the ISP to find out what was up (he handled that responsibility for the 7th edition of the book, so I gladly punted to him in this case). Next, I sent another e-mail to Gretchen K. that said “Repairs are underway. I’ll be back in touch when the site comes back up.” A few hours later, I did just that, and the site has stayed up ever since.
What should readers of HTML and CSS For Dummies take away from this exchange? Here’s a list of take-aways to ponder as you work on and maintain your own Websites:
- Always respond to anyone who notifies you about problems as quickly as you can, and keep them updated on status as things progress. I always apologize for any frustration or inconvenience the person who’s been kind enough to tell me I have a problem may have experienced, especially if they seem unhappy about the situation.
- Try to diagnose and fix site failures with your service provider right away, understanding that it may take time to get back in business or recover from an outage. Keep tabs on status throughout (in this case, that meant checking the URL for the site every 15 minutes or so; monitoring tools for this kind of thing are also available, so if you do make your living from a Website – or your employer operates one as an official online presence — you’ll want to invest in some kind of web site monitoring service to keep close tabs on any such sites 24/7/365).
- Fix any problems the site may have as quickly as possible (which could range from typos or minor formatting errors, to wholesale reworking of content items). Keep anyone who’s expressed interest informed about status periodically as well. Be sure to send a message (or tweet, or whatever) as soon as the problem is fixed, or the issue has been addressed.
- When the outage is over or the problem is fixed, conduct a post mortem. Try to figure out what went wrong and why, and how you might keep the same thing from happening again. In this case for example, experts recommended installing a plug-in named “Limit Logon Attempts.” This helps fend off the advertised attack by permitting only an admin-assignable number of password guesses before the attacker has to break off, and the originating IP address gets locked out. This kind of thing effectively foils most brute force password guessing attacks.
Of all these take-aways, the most important is the one where you communicate frequently and reliably with those who communicate with you about your Website. This goes beyond simple courtesy — in itself no bad thing — to assert and reinforce your conviction that people who care enough about you to tell you there’s some kind of problem or issue that needs to be addressed also deserve your continuing communication and respect. Follow-up is key! Put this lesson to use, and you’ll grow your user base even if (or I really should say “when”) you make the occasional mistake, or experience the odd Internet hiccup, glitch, or outage. It happens to all of us, but it also presents an opportunity to provide a positive customer or user support experience. Don’t miss that opportunity, please.