WordPress Security Glossary
All technical terms related to WordPress security explained simply
Malware
Malicious software designed to infiltrate, damage, or exploit a WordPress site. Malware includes viruses, worms, trojans, and spyware.
Backdoor
Method of bypassing authentication mechanisms allowing a hacker to access your site even after cleanup. Often hidden in legitimate files.
WAF (Web Application Firewall)
Application firewall that filters HTTP traffic to your WordPress site. Blocks SQL injection, XSS, brute force attacks and other threats before they reach your site.
Brute Force
Brute force attack: attempting access by testing thousands of password combinations until finding the right one. One of the most common attacks against WordPress.
SQL Injection
Attack technique involving injecting malicious SQL code into your database queries. Can allow data modification or theft.
XSS (Cross-Site Scripting)
Injection of malicious scripts into your site pages viewed by other users. Can steal cookies, sessions, or redirect to dangerous sites.
Blacklist Google
Google's blacklist. Your site is flagged as dangerous in search results with a warning. Traffic drops 90%+.
Phishing
Fraud technique consisting of imitating a legitimate site (bank, social media) to steal visitor credentials. Your site can be used without your knowledge for phishing.
Spam japonais SEO
Type of hacking adding pages containing Japanese or Chinese text to reference gambling or pornographic sites. Revealing sign of compromise.
White Screen of Death (WSD)
White screen appearing when WordPress encounters a fatal PHP error. The site becomes inaccessible with no visible error message.
htaccess
Apache configuration file allowing modification of server behavior. Hackers often inject malicious redirects into it.
wp-config.php
WordPress main configuration file containing database credentials, security keys, and settings. The most critical file to protect.
XML-RPC
WordPress communication protocol often exploited for brute force attacks (one request = 100 password attempts). Disable if unused.
Nonce
Number Used Once. Security token used by WordPress to protect forms against CSRF attacks.
CSRF
Cross-Site Request Forgery. Attack forcing a logged-in user to execute an unwanted action. WordPress nonces protect against this attack.
Hardening WordPress
Set of security measures applied to strengthen WordPress configuration: access restrictions, disabling unnecessary functions, permission hardening.
Your site is compromised? We take care of everything.
Don't waste time. Every minute counts for your traffic and SEO.