Glossary
Security: terms A–Z
Every web security term explained in plain English — SSL, 2FA, malware, phishing, firewall, and more.
referencebeginnerglossarysecurity
Security vocabulary can sound alarming. This page explains every term calmly and clearly — so you understand what's happening and what to do, without the fear.
Quick summary
This page covers 55+ security terms from A to Z. For action-oriented security guides, visit the Security section. Use Ctrl+F / Cmd+F to jump to any term.
A–C
| Term | Plain-English definition |
|---|---|
| 2FA / Two-factor authentication | A login method that requires two forms of verification — your password plus a code from your phone. Much harder to hack than a password alone. See Two-factor authentication, explained. |
| Authenticator app | An app that generates short-lived one-time codes for two-factor authentication — Google Authenticator, Authy, Microsoft Authenticator. Safer than SMS codes. See Using an authenticator app. |
| Backup | A copy of your website's files and database saved at a specific point in time. The most important part of your security safety net. See Why backups are your safety net. |
| Blacklist | A database of IP addresses, domains, or URLs known to be associated with spam or malicious activity. |
| Brute force attack | An automated attack that tries thousands or millions of password combinations until it finds the right one. Strong, unique passwords and 2FA protect against these. |
| Business email compromise (BEC) | A sophisticated scam where attackers impersonate executives or vendors via email to trick staff into transferring money. See Business email compromise explained. |
D–F
| Term | Plain-English definition |
|---|---|
| Data breach | An incident where unauthorized people access private data — customer records, payment details, login credentials. |
| DDoS attack | Distributed Denial of Service. Flooding a server with fake traffic to overwhelm and crash it. Hosting providers and services like Cloudflare offer protection. |
| Dictionary attack | A type of brute force attack using common words and passwords rather than random combinations. |
| Encryption | Scrambling data so it can only be read by someone with the decryption key. HTTPS uses encryption for all data between your browser and the server. |
| Exploit | A piece of code or technique that takes advantage of a vulnerability in software. |
| Firewall | Software or hardware that monitors and filters network traffic to block unauthorized or dangerous connections. |
| Firmware | The low-level software embedded in hardware devices (routers, printers). Needs updating, just like regular software. |
H–M
| Term | Plain-English definition |
|---|---|
| Hardening | The process of securing a system by removing unnecessary features, closing vulnerabilities, and applying best practices. |
| HTTPS | The secure version of HTTP — encrypts all data between a visitor's browser and your site. Shown as a padlock in the address bar. See SSL & HTTPS, explained. |
| Keylogger | Malware that records everything you type — including passwords — and sends it to an attacker. |
| Malware | Malicious software designed to damage, disrupt, or gain unauthorized access to a system. Includes viruses, ransomware, spyware, and more. See Malware & your website explained. |
| Man-in-the-middle attack | An attack where someone intercepts communications between two parties without either knowing. HTTPS protects against this. |
| MFA | Multi-Factor Authentication. The same concept as 2FA but can use more than two factors. |
N–P
| Term | Plain-English definition |
|---|---|
| Passkey | A newer, passwordless login method that uses your device's biometrics (Face ID, fingerprint) or PIN instead of a password. See Passkeys, explained. |
| Password manager | An app that stores and autofills strong, unique passwords for all your accounts. Much more secure than reusing passwords. See Why you need a password manager. |
| Patch | An update that fixes a specific security vulnerability or bug. Keeping software up to date is largely about applying patches. |
| Penetration testing (pen test) | An authorized, simulated attack on a system to find vulnerabilities before real attackers do. |
| Phishing | A fraudulent email, text, or website that impersonates a trusted entity to steal credentials or money. See How to recognize phishing attempts. |
| Plugin vulnerability | A security flaw in a WordPress plugin that attackers can exploit. A major reason to keep plugins updated. |
R–S
| Term | Plain-English definition |
|---|---|
| Ransomware | Malware that encrypts your files and demands payment to restore access. Backups are the best protection. |
| Recovery codes | Backup codes generated when you set up 2FA. Store them safely — they let you log in if you lose access to your authenticator. |
| Redirect hack | A malware attack that redirects your site's visitors to spam or malicious websites. |
| Social engineering | Manipulating people (not computers) into revealing information or taking harmful actions. Phishing is one example. |
| Spam | Unsolicited bulk messages — email spam, comment spam, contact form spam. |
| Spyware | Malware that secretly monitors and collects information from your device. |
| SQL injection | An attack that inserts malicious database commands into input fields to manipulate or expose your database. Proper website coding prevents this. |
| SSL/TLS | The encryption protocols that create HTTPS connections. SSL is the older term; TLS is the current standard. See SSL & HTTPS, explained. |
| Strong password | A long, random, unique password — at least 12 characters, mixing letters, numbers, and symbols. See How to create strong passwords. |
T–Z
| Term | Plain-English definition |
|---|---|
| Two-factor authentication | See 2FA above. |
| Virus | A type of malware that copies itself and spreads to other files. |
| VPN | Virtual Private Network. Encrypts your internet connection and hides your IP address. Useful on public Wi-Fi. |
| Vulnerability | A weakness in software or a system that could be exploited by an attacker. |
| WAF | Web Application Firewall. A specialized firewall that filters malicious HTTP requests to your website. |
| Whaling | A targeted phishing attack aimed specifically at senior executives or high-value individuals. |
| Zero-day | A newly discovered vulnerability that has no available fix yet. Urgent to patch when one becomes available. |
Common questions
Related guides
- Keeping your accounts & website safe
- Two-factor authentication, explained
- Why you need a password manager
- How to recognize phishing attempts
- Security terms, explained simply
Need a hand?
If you're stuck, email support@chykalophia.com and we'll help. Include your website address and a screenshot if you can.