Assisting You in Making the Most of Your Online Presence
At White Fir Design we are focused on assisting you in making sure that you make the most of your online presence. Whether you are a new business, an established business, or a non-profit organization we provide services that will assist you in creating or improving online presence. We provide an assortment of web design, security, and marketing services. We provide the technical expertise needed to quickly and easily create or improve your online presence, so that you can spend your time on what you do best. We work hard to provide you value for your investment in your online presence and we make sure that you are fully satisfied with the work we do.
Latest Blog Posts
Most Website Hackers Are Not Sophisticated
One thing that we see fairly frequently with Internet security companies is that they try to sell their largely unneeded, and usually largely ineffective, security products and services by portraying websites as under constant threat from sophisticated hackers. The reality is that while few hackers are quite sophisticated, most hackers only have rudimentary skills and basic security measures wi... Read More
Can Fake Reviews For a WordPress Plugin Get More Obvious Than This?
While taking a look into a reported vulnerability in a WordPress plugin recently we noticed a rather glaring example of the use of fake reviews. First and foremost there were almost as many reviews as active installations of the plugin: Unless the very few people using it really liked the plugin, the number of reviews is way out of line with other plugins (where there usually is one revie... Read More
WPScan Incorrectly Identifies Plugin Vulnerabilities as Being Fixed
The WPScan tool is "black box WordPress Security Scanner written in Ruby which attempts to find known security weaknesses within WordPress installations", which is described as being intended "for security professionals or WordPress administrators to asses the security posture of their WordPress installations." We find that claim somewhat odd since it scans a WordPress website from the outside o... Read More
No One Bothers to Report Security Issue in WordPress Theme Either
For years we have discussed the fact that in many cases with publicly disclosed security vulnerabilities in WordPress plugins, no one bothers to notify the developer or WordPress.org about them (that includes organizations selling WordPress security services like WordFence and WPScan). In many cases if this was done that would be enough to get them fixed. In other cases, when the vulnerabilit... Read More
WordPress Leaves Very Vulnerable Plugin In Plugin Directory
On March 8 an arbitrary file upload vulnerability, which would allow anyone to upload any kind of files to a website, was disclosed in the Reflex Gallery plugin. This type of vulnerability is probably the most serious vulnerability for a website since, unlike many types of vulnerabilities that rarely get exploited, it is question of when, not if, it will be exploited on websites. This is due to th... Read More