Website Builders Terminology Glossary

Website Terminology Glossary: Website Security, Vol. 1

6 min read
Rianna MacLeod

When you’re hustling, time is money and that money comes in coins, not bills. It’s why we made our Website Terminology Glossary for web pros. This free resource for designers, developers, marketers or anyone else makes it easier explaining technical stuff to clients.

Rather than a lengthy back-and-forth, quickly find definitions that break it down in real terms. Start getting time back, and put more of those coins in the bank.

Website Terminology Glossary: Website Security, Vol. 1

When we talk about website security with clients, an easy way to visualize it is like layers of an onion. The principle is simple: the more layers of security you have, the better protected your website and server is from attack.

Protecting websites isn’t just about using a strong password — emphasize that threats come in all shapes and sizes, ranging from targeting uninformed users to taking advantage of known software vulnerabilities. Make it clear that attackers take great lengths to gain access to a website’s sensitive resources and data


When a hacker breaks into your website, they often leave behind hidden entry points that allow them to access your site, even after you’ve removed malware. These entry points, known as backdoors, are often designed to be difficult to find. They can also be confused with legitimate website code, making it easy for the hacker to come back again at a later date without being detected.

It’s kinda like

If someone broke into your garage and stole your bird seed, then copied your keys and built a secret hidden tunnel through the floor so that they could come back next week for more.

You also might hear

unauthorized access, backdoor malware, trojan, rootkit


The process of identifying dangerous or hacked websites and warning potential users from browsers, search engines, and desktop antivirus programs. Blocklists help protect web users from online threats. But if your site is blocklisted by a major authority like Google, you’ll likely find a sharp decline in traffic, sales and revenue.

It’s kinda like

A public list of hotels with known bed bug infections

Brute force

An attacker works through every possible combination in an attempt to guess login info, encryption keys, or admin pages. This simple and reliable method lets the hacker sit back and automate their attack with trial-and-error by trying different combinations of popular passwords,  usernames — and even dictionary words.

It’s kinda like

You forgot the combination to your four-digit lock, so you just randomly guessed every combination until you finally got the correct answer.

You also might hear

password guessing, dictionary attack, credential recycling, credential stuffing, reverse brute-force

Credit card skimmer

Malicious code injected into a website, server, or payment page to collect sensitive personal and payment or credit card information from visitors. Site visitors often don’t even know their information is stolen until fraudulent purchases are made. This type of malware can have serious consequences for an ecommerce site, impacting reputation, PCI compliance, and even leading to blocklisting.

It’s kinda like

If someone looked over your shoulder when you were buying sneakers, took pictures of your ID and credit card with their cellphone while you were completing the purchase, then used your info to buy a new TV online.

You also might hear

online skimmer, credit card stealer, e-commerce malware, card skimmer, identity theft

Denial of service attack (DoS)

These targeted attacks against websites and servers are intended to disrupt or bring a site down and make it inaccessible. It’s often done by sending so much information to the site at once that it triggers a crash. DoS attacks can also be accomplished by targeting a known vulnerability in the website’s software, making it difficult — or impossible — to access the site, and costing a website owner a lot of time and money in the process.

It’s kinda like

If you went to the library to grab a book, but three other people all came at once and tried to grab it at the same time and nobody could read it.

You also might hear

DDoS, buffer overflow attack, ICMP flood, SYN flood

Identity theft

Occurs when someone uses another person’s personal or payment information to commit a crime or fraud. Sometimes, stolen information is even sold on the dark web for money, allowing other criminals to access it and use it for a fee.

It’s kinda like

If someone opened a credit card using your name and information and went on a spending spree.

You also might hear

impersonation, credit card theft, data breach


Harmful software or code designed to damage, disrupt, or gain unauthorized access into a website or server. Attackers can use malware to hijack a website, steal information, redirect traffic to spam, or infect site visitors. These intentionally harmful pieces of code can cause serious harm to a website, impact revenue, and damage brand reputation.

It’s kinda like

Viruses and unhealthy bacteria that wreak havoc on the body and are hard to get rid of.

You also might hear

website malware, conditional redirects, malicious JavaScript, backdoors, hacktools, SEO spam, DDoS, malicious redirects, hack, injection, defacements


An attempt to trick someone into revealing sensitive information like passwords, usernames, credit card details, and other sensitive information. Phishing attacks often pretend to come from legitimate brands or sources you might be familiar with, and can be found in SMS, emails, and even on websites.

It’s kinda like

Someone trying to pretend to be a valet, only to collect the keys and steal the car.

You also might hear

Email phishing, spear phishing, smishing, vishing, whaling


A website security risk involving a code flaw, glitch, or weakness. If exploited, vulnerabilities provide a point of entry allowing hackers to gain unauthorized access into your website and server.

It’s kinda like

A thief sneaking in through an open door or smashing through a window with a lead pipe.

You also might hear

software vulnerability, injection flaws, cross-site scripting (XSS), broken authentication, broken access control, security misconfiguration


An acronym for “web application firewall,” the WAF is a third-party security measure that monitors, controls and blocks malicious traffic coming to your website. These tools act as a shield to filter and inspect any traffic for potentially malicious behavior, blocking attacks before they even reach your site.

It’s kinda like

An airport security officer who checks for weapons and contraband before passengers can go to their gate.

You also might hear

firewall, blocklist WAF, allowlist WAF, network-based WAF, host-based WAF, cloud-based WAF

Love wasted time? (Neither do we.)

Fumbling for login credentials, running endless updates, explaining product purchases... No thanks. We built The Hub from GoDaddy Pro to save you an average three hours per month for every client site you maintain.

Sign up for Free

Products Used