Assisting You in Making the Most of Your Online Presence

At White Fir Design we are focused on assisting you in making sure that you make the most of your online presence. Whether you are a new business, an established business, or a non-profit organization, we provide services that will assist you in creating or improving online presence. We provide an assortment of web design, security, and marketing services. We provide the technical expertise needed to quickly and easily create or improve your online presence, so that you can spend your time on what you do best. We work hard to provide you value for your investment in your online presence and we make sure that you are fully satisfied with the work we do.


Latest Blog Posts


Review of Wordfence Response Shows It Is a Terrible Option For Getting a Hacked WordPress Website Cleaned Up
The popular WordPress security plugin Wordfence Security is marketed with the claim that it will protect websites from being hacked: Powered by the constantly updated Threat Defense Feed, Wordfence Firewall stops you from getting hacked. Despite that, the developer sells two very expensive services for dealing with websites that have been hacked while using that plugin. That seems like it should... Read More

Sucuri Security's Website Firewall (WAF) Caused Ecommerce Website to Lose Out on Sales
Security services like GoDaddy's Sucuri Security not only often do a bad job at providing security, but they can also introduce other problems for those using them. One reoccurring issue we have run into is that these services have attached caching to cloud based website application firewalls (WAFs) that aren't compatible with some of the websites using them. That recently came up while we were... Read More

Fresh Installs of WordPress Apparently Being Hacked Based on Public Disclosure From Let's Encrypt
It's long been a known issue that if you place a copy of WordPress on a publicly accessible website, but don't configure it, hackers will eventually configure it, which gives them access to the website. This works because WordPress has no restrictions on configuring it once the files are loaded on the website and you can configure it with a database on another server, so you don't need to have acc... Read More

A Malicious File in Your WordPress Site's Uploads Directory Doesn't Necessarily Mean It Is Infected
Before we take on a hack cleanup of a WordPress website, we always want to make sure the website is actually hacked. That is important for an ethical security provider because in many instances where there is a belief or a claim that a WordPress website is infected with malware or otherwise infected, that turns out to not be the case. Recently we had someone contact us that had a security compa... Read More

Latest Versions of Moodle Contain Publicly Disclosed Authenticated SQL Injection and XSS Vulnerabilities
A week ago an authenticated SQL injection vulnerability and a cross-site scripting (XSS) vulnerability that exist in the latest version of Moodle was publicly disclosed. The post that was done in makes no mention of notifying the Moodle developers about the issue. The vulnerabilities received more exposure in a article on a news outlet owned by the security company PortSwigger yesterday. Curiou... Read More