39 Common Hacking Terms & Definitions – A Hackers Glossary

????Hacking Terminology – Glossary 2024


Hacking terms list cyber security glossary

Today, an online presence exposes small businesses to unique cyber attacks and malicious attacks. Information is disclosed daily due to data breaches and financial theft. Online presence makes the person vulnerable to cyber attacks. A variety of cybercrime happen on a small and large scale. We have heard about countless data breaches, financial theft, information disclosure, and failing businesses in your daily lives.

???? -.CyberSecurity For Small Business Websites in 2024

A cyberattack is any type of offensive action that targets computer systems, infrastructures or networks, or even personal computers, using various methods to steal, modify or destroy data or computer systems.

As non-technical users of online services do not know much about hacking terminologies and techniques, many people believe that simply installing an anti-virus is adequate to keep their online activities safe. However, with an increasing number of security measures, hackers are constantly innovating ways to circumvent security practices.

????Why You Must Know About Hacking Terminolgies?

If your WordPress website is hacked and you don’t know any of the hackers terms, it can be extremely hard to do a security audit for your website and fix hacked wordpress site. Following are some basic hacking terms that you should be familiar with to protect yourself from being a victim: These hacking terms constitutes a very important part of Information Security architecture that deals with cyber security or web security. Hence, it is advised to acquaint oneself with a basic glossary of common hacking terminologies such as the ones listed below.

????List Of Common Hacking Terms Defined


Hacking Terms - Hacking Definitions Meanings

1. Phishing

Phishing is defined as a word used by security professionals to describe a method of deceiving consumers into disclosing sensitive information (such as usernames, passwords, or credit card numbers) to ostensibly trustworthy sites. It is a type of social engineering . A phisher poses a reputable entity and approaches potential victims, requesting information.

A phisher may, for example, impersonate a bank and ask for a user’s bank account credentials by email. He could also get you to click on a phone link. Social engineering is a sort of phishing.

Eg-Fake Amazon mail attempts to persuade the lucky recipient that they have a chance to win £10 in return for completing a quick survey to steal login and Payment Information.

???? – WordPress Phishing Attack – How to Remove Phishing From Site

2. Malware

malicious files to the server

You hear about websites being infected with malware daily; therefore, let’s learn more about this hacking jargon.

Malware is a type of malicious code/software developed by hackers to take control of computer systems or steal sensitive data from them. computer viruses, worms, Trojan horses, ransomware, spyware, adware, rogue software, wiper, and scareware are other terms used to describe malware.

A malware programme can infect a computer through various methods, including USB, hard disc, or spam.

For example, some ransomware used malicious links to redirect wordpress, magento, drupal and shopify websites to hackers website.

It results in a loss of clients, a tarnished reputation, and, most crucially, a negative influence on search engine rankings.

???? – How To Remove WP-feed.php & WP-tmp.php Malware in WordPress?

???? – How To Find & Remove Coinhive Crypto Mining Malware?

???? – How to remove WP-VCD malware in WordPress easily [Guide]

???? – Steps To Remove Malware From Your WordPress Site

???? – How to Scan for Malware in WordPress Theme

3. Ransomware

Ransomware definition

Ransomware is software that locks a person out of their computer and prevents them from accessing their contents.

A ransom note appears, instructing you on how much to pay and where to transfer money (typically in bitcoin) to regain access to your files. Individuals, banks, hospitals, and online businesses are all affected by such attacks.

The b0r0nt0k ransomware assault, which hit organizations worldwide recently, is a good illustration of this type of malware.

4. Spoofing

 Spoofing_definition types

Email spoofing and IP spoofing are two typical hacking tactics used by users worldwide. Email spoofing is when the header of an email is changed to make it appear legitimate.

A black hat hacker, for example, can make an email appear to come from your bank or any other source you might trust.

On the other hand, IP spoofing is when an illegitimate packet is transmitted to a computer that has an altered IP address and appears to be a trusted host.

It is done hoping that the packet will be approved and the sender will access the target machine.

5. Encryption

Encryption is the process of encoding a message or information so that it becomes unreadable and secret. It guarantees that only authorized people have access to the information in question.

Hackers frequently use encryption to extract money from victims by installing ransomware on their computers, which locks them out and encrypts their contents.

Only after a specific ransom is paid is the decryption key supplied.

A message demanding money is seen on a monitor of a payment terminal at a branch of Ukraine’s state-owned bank Oschadbank after being hit by a ransomware attack.

6. Adware

Adware is a type of software that behaves like spyware and invisibly tracks a user’s online actions. The system then creates ads depending on the user’s surfing history. Some adware is maliciously designed to display advertising regularly, slowing down your computer.

It can collect personal information browsing history and offer inputs for phishing attacks. The phrase “hacking” is widely used in the marketing sector.

When visitors visit a misleading website with social engineering content, Google displays a warning that The site ahead contains harmful programs in Chrome or This Site May Be Hacked

???? – Google Ads Disapproved Due To Malicious Software [FIXED]

7. Zero Day Attack

A zero-day exploit is undocumented and so undetectable by any anti-virus software installed on the system.

This type of issue is integrated into anti-virus scanners, rendering it invisible to developers who designed anti-virus features based on prior awareness of these flaws.

These flaws are exploited using various methods, the most common of which are web browsers and malicious attachments sent via email.

???? – Apache Log4j Vulnerability Fix – Zero Day Exploit 2024 [GUIDE]

8. Brute Force Attack

 Brute-Force-Attacks defined explained

This word used in hacking is to get around the login pages. A brute-force attack is a method used to discover a password by submitting many possible passwords or passphrases. The attacker systematically checks all of the possible passwords until the correct one is found.

Exhaustive key search, often known as brute force, is a trial-and-error approach for decrypting data such as passwords, Data Encryption Standard (DES) keys, and other encrypted data.

This method is routinely used to crack admin account passwords exploited to steal sensitive information and documents.

???? – How to STOP Brute Force Attacks On WordPress Site?


When Google Chrome announced that users who visit HTTP-based websites would receive a warning, it became one of the most searched hacking terms.

HTTPS stands for Hypertext Transfer Protocol Secure, and the “S” represents “Secure.” It is a basic foundation that governs how data is transferred across the Internet.

This protocol adds an extra degree of security to your daily browsing—your bank, email provider, and social media sites. HTTPS uses SSL and TLS technologies to provide further identification proof to your website.

It is recommended that you do not use HTTP to access the website or input any passwords or payment card information on it.

???? – How to Fix ERR_SSL_PROTOCOL_ERROR on Google Chrome

10. Bot

A bot is a software robot that uses the Internet to do automated operations (scripts).

Many search engines, such as Google and Bing, use bots, also known as spiders, to scan and index webpages to rank them based on search queries.

However, when hackers utilize these bots, they can be trained to carry out nefarious tasks and inject malware into the system.

11. Botnets


The botnet is a network of computers that has been hacked by spyware, malware or other malicious actions. Once the botnet is active, hackers can control it for a variety of reasons, such as sending spam e-mails, participating in DDoS attacks or performing espionage on victims.

Due to the fact that the communication between bots is encrypted, and the Internet traffic runs through various proxies and anonymizers, it is very hard to associate the individual infected computer with their real identity and find out who they are.

Botnets can be used to perform distributed denial-of-service attacks, steal data, disseminate spam, and give the attacker access to the device and its connection.

A swarm of botnets not only hides the black hat’s tracks but also increases the attack’s ferocity by attacking in a coordinated effort.

12. DDoS (Distributed Denial of Service)


Hackers widely use this hacking jargon, and it is a major source of concern for website owners and developers.

Using zombies or botnets controlled by black hats, a DDoS assault is carried out. The black hats program the botnets to deliver data packets from many systems to the targeted web server.

It floods the target server, slowing it down or possibly crashing and shutting it down, causing any activity to be disrupted. Meanwhile, the server’s user is completely unaware of the attack.

The Rio Olympics DDoS, which lasted months, Russian banks Sberbank and Alfa bank, which were attacked by a botnet containing at least 24,000 computers in over 30 countries, and the US presidential election campaign attacks are just a few of the most well-known recent attacks.

???? –  DDoS Attack – Understanding DOS Exploit & Protection

13. Firewall

A firewall is a network security mechanism that continuously monitors and filters untrusted sources to ensure secure connections.

A firewall can be made up of both hardware and software. A well-designed and implemented firewall monitors for malicious inputs all of the time, but black hats try to get around it.

As a result, firewalls are updated, altered, or replaced with new security measures on an ongoing basis.

14. Payload

A payload is essentially a cargo of data transmitted through a network.

On the other hand, a payload is the part of a virus that executes harmful operations like compromising data, destroying information, or hijacking the computer system, according to black hat hacking terminology.

15. White hat

While black hat hackers are famed for their destructive actions, white hat hackers are less well-known.

White hat hackers are ethical hackers who utilize their talents to expose security gaps in organizations ‘/companies’ security procedures before black hats exploit them.

16. Rootkit

Rootkits are one of the scariest ways to commit a cyber-attack since they go undetected. If you gave a black hat a rootkit, he’d pull off the perfect theft. A rootkit is a type of malware that can be placed on a computer in various ways.

A rootkit, like a virus, can be spread by emails, unauthenticated websites, infected hard drives, and other means. Once injected, a black hat can use unrestricted access to distant programs to their advantage.

What makes it even more dangerous is its capacity to operate at a low system level, allowing it to erase its tracks and remain undiscovered for an extended period.

Even competent IT security specialists will have difficulty detecting its activity after it has been put into a system. It’s the equivalent of the holy grail of hacking.

17. Remote Access Tool (RAT)

Remote Access Trojan (RAT) is malware that even the most inexperienced hacker can use. The attacker has complete control of your system once a RAT is placed on it.

While RAT can be used for legitimate reasons, such as allowing a user to access his home computer from a different location, it is primarily employed for nefarious objectives.

The ONI Ransomware which performed a month-long attack on Japanese companies would encrypt the computer’s files and append the .oni extension to encrypted files

Remote Access Tool-RAT

To make the ONI Ransomware go undetected, the attackers execute a batch file that cleaned up over 460 different event logs in order to cover their activities.

18. SPAM

Emails are usually associated with this hacking lingo. Spam is an unsolicited email that is frequently used to disseminate ads. Spammers frequently gather a large database of email addresses and send them promotional emails at random.

On the other hand, spam can be used to infect systems with malware by phishing or redirecting to unauthenticated websites. The ideal approach is to delete spam as quickly as possible or employ a spam filter.

???? –  WordPress SEO Spam – How to Find & Remove it [GUIDE]

19. Worm

A worm is a destructive self-contained software that can self-replicate, similar to a virus. A worm does not need to be part of a programme to spread across a network; instead, it can do so without human participation.

A self-replicating worm can eat up a lot of memory and bandwidth, slowing down your system significantly. It can be fatal if not removed promptly.

20. Cloaking

black-hat-cloaking explained

Cloaking is a technique hackers use to disguise themselves as legitimate-looking web content by presenting alternate content or URLs to human users and search engines.

Hackers mask their tracks by sending a 404 or 500 error code to certain IP addresses or browsers while serving spam to other IP addresses or browsers using dynamic scripts handshakes rules. If Google detects cloaking on your website, they will usually suspend your adverts.

Check our detailed blog on how to fix disapproved ads due to malicious or unwanted software.

21. Eavesdropping Attack

Eavesdropping is the result of the interception of network traffic. They allow an attacker to obtain passwords, credit card numbers, and other confidential information that a user sends over the network. They can be passive or active:

  • Passive eavesdropping – A hacker detects information by eavesdropping on the transmission of messages on the network.
  • Active Eavesdropping – An attacker actively steals information by impersonating a friendly unit and sending requests to transmitters. This is called probing, scanning or sabotaging.

It is often more important to detect passive eavesdropping than active eavesdropping, as the latter requires the attacker to get to know friendly units by performing passive eavesdropping first.

Data encryption is the best countermeasure against eavesdropping.


SQL injection explained definition

Among the best-known types of website hacking technique is SQL Injection. It is a method of infiltration of an intrusive code that takes advantage of a computer vulnerability present in an application. That is, they take advantage of common design errors in web pages. The threat of SQL injections is a serious security problem related to databases. They are used to manipulate, steal or destroy data.

Cybercriminals are capable of injecting malicious SQL queries into a web input field, tricking the application into using whatever commands they want and accessing whatever database they want.

An SQL injection attack places SQL into a web form in an attempt to get the application to run it. For example, instead of typing plain text into a username or password field, a hacker may type in ‘ OR 1=1.

If the application appends this string directly to an SQL command that is designed to check if a user exists in the database, it will always return true.

An SQL injection attack can slow down a website, steal, lose or corrupt data, deny access to any company, or even take complete control of the server.


XSS attacks use third-party web resources to execute scripts in the victim’s web browser or scriptable application.

They are a kind of injection in which the attacker sends malicious scripts to the content of web pages to discredit them. This occurs when a rogue source can attach its own code to web applications. This is delivered in the form of Javascript code snippets executed by the victim’s browser.

Some of the largest websites in the world have dealt with successful XSS attacks including Microsoft and Google.

Exploits can include malicious executable scripts in many languages, including Flash, HTML, Java, and Ajax. XSS attacks can be very devastating. However, alleviating the vulnerabilities that allow these attacks is relatively simple.

24. Backdoor

A backdoor, or hatch, is a hidden entrance to a computing device or software that bypasses security measures, such as logins and password protections. Some have alleged that manufacturers have worked with government intelligence to create backdoors in their products. Malware is often designed to exploit backdoors.

A backdoor can be installed legitimately by software and hardware developers to help them easily access their applications to perform functions such as fixing software problems.

For cybercriminals to successfully install a backdoor virus on your website, they must first find a weak point (vulnerabilities) or a compromised application in your device.

25. Doxing

On the Internet, there are many types of attacks and threats that can compromise our privacy. One of them is what is known as Doxing. It consists of a hacker going to collect personal data, something that has great value today, and publish it on the Internet. Normally, the hacker will carry out preliminary work in order to obtain that information and extort money. This makes it essential to be protected.

Discovering and publishing the identity of an otherwise anonymous Internet user by tracking their publicly available online accounts, metadata, and documents, such as email accounts, as well as through hacking, stalking, and harassment.

26. Keystroke logging

Keystroke logging is the tracking of which keys are pressed on a computer (and which points on the touch screen are used). It is simply the map of a human/computer interface.

It is used by gray and black hat hackers to record login IDs and passwords. Keyloggers are usually hidden on a device by a Trojan sent by a phishing email.

27. Vulnerability

A weak point that hackers can exploit is to gain access to a machine. These flaws are the consequences of weaknesses in the design of the application and more specifically in its development.

A simple programming error can allow the intrusion of an attacker which can result in a cloaking attack or even hacking by website redirecting to spam. If you use a CMS like WordPress, updates are important because they precisely correct known vulnerabilities.

28. Botnet

A botnet is an illegal network of infected computers that work together to perform malicious actions. These days, bots are often used in cyber-attacks, and can be harder to track or intercept than individual hackers.

A botnet has multiple infected systems (servers or regular computers) communicating with each other to act as a group and to perform multiple malicious actions. The number of computers participating in a botnet determines its power in these attacks and renders it almost impossible to dismantle the system.

Once the botnet is active, hackers can control it for a variety of reasons, such as sending spam e-mails, participating in DDoS attacks or performing espionage on victims. Due to the fact that the communication between bots is encrypted, and the Internet traffic runs through various proxies and anonymizers, it is very hard to associate the individual infected computer with their real identity and find out who they are.

29. Blacklisting

Blacklisting is one of the basic tools in cyber security. Organizations should constantly blacklist IP addresses that have developed malicious activities like phishing or spam.  In IT security, a blacklist is a list of senders who have previously infected others with malware (phishing and spam), or those who have been blocked for violating other terms and conditions. Firewall solutions use blacklists to refer to a number of IPs that were blocked and should no longer be allowed connections to the network.

In cyber security terminolgy, Blacklisting is also defined as expelling of a site from search engine. When a website is blacklisted, it loses almost 95% of its organic traffic, which can rapidly affect revenue. Usually, a website gets into blacklist when it contains something harmful to the user, for example, malware

Further Reading – What is Google Blacklist – How to remove google blacklist warning

30. Attack (online)

As online attacks spread out to any users of the Internet and attack methods are becoming more pervasive and creative, Attack provides a playground where one can try to protect your computer from possible threats. It features a menu which contains several types of common attacks, each designed to be studied by security tools integrated with the network application.

The number of daily reported attacks over the Internet has been growing exponentially from an average of one attack every 12 months at the dawn of the internet to one every second in 2021. Attack trends have also changed. There has been a shift from DDoS to targeted attacks and many attacks have morphed into newer versions as well. The number of victims of these attacks has increased almost as dramatically.

Attackers have evolved their cyber-weapons and attacks using new technologies and techniques. This made it both more difficult for security vendors, but also more interesting for those who want to understand the threat landscape and prevent cyber-breaches.

31. Authentication

The process of authentication (or identification) of an individual is usually based on a username and password. The username and password are used to validate the true identity of an individual. This can be seen in online banking and business applications where each user needs to prove their identity before they can be granted access to sesitive information for which there are privacy or other security issues. These issues exist in corporate environments when there is need for data confi dentiality and regulation of data, but also by individuals wishing to protect personal information such as home addresses or credit card details.

???? – WordPress Passwordless Authentication – login Form

???? – How To Setup WordPress Two-Factor Authentication (2FA)

32. Backup

Backup allows you to make an exact copy of your files, system and the whole system configuration. This precaution is necessary in the case of unpredictable events like system crashes and when you remove or lose your files. The backup should be independent from your system and be used only when necessary.

There are also cases when the system or those files become infected and you need to recover them, and when the system freezes due to ransomware. While copying these files you should also keep the original copies safe. Thus, the backup is supposed to be independent from your personal or business computer, to allow its full operation with the minimum time required for recovery.

???? – How to Backup WordPress Database Manually 

33. Blackhat hacker

Malicious hackers with the intention of compromising the security of a person or organization for personal gain, Blackhat hackers frequently specialize, e.g. in malware development, spam delivery, exploit discovery, DDoS attacks, and more. Not all Blackhat hackers use the malware they developed or the exploits they discover. Some just find them and sell the know-how to the highest bidder.”

Blackhat hackers are skilled computer users with malicious intents who seek to compromise the security of a person or organization for personal gain, such as financial information (such as credit card data or bank accounts), personal information (email accounts and passwords) or company data (employee/client databases).

???? – Black hat SEO Spam – How to Find & Remove

34. Code injection

Code injection is a programming technique used by online criminals to spread malicious software by infecting legitimate websites with malicious code.

The code injection technique has various advantages for online criminals. It is used to modify legitimate executable programs, web pages and ads. Hackers inject the malicious code into the target web pages and execution is usually “on demand” from a remote server.

???? – Malicious Code Injection WordPress – Banco De Oro Hack

???? – How to Remove Spam Link Injection in WordPress?

35. Exploit

An exploit is a piece of malicious code, a chunk of data or a sequence of commands that take advantage of a bug, a glitch or a vulnerability in computer software in order to penetrate a computer system with unauthorized access or malicious intentions. Exploits may be used to gain control of a system, allow an attacker to escalate privileges or deny service to legitimate users.  it takes advantage of a bug, glitch or vulnerability in other software programs in order to gain control of the computer system. These malicious intentions may include gaining control of a computer system, allowing privilege escalation, or launching a denial-of-service attack.

???? – WordPress Contact Form 7 Plugin Critical Exploit

???? – Rich Reviews Plugin Zero Day Exploit [New]

???? –  WordPress Arbitrary File Deletion exploit

???? – Web Shell PHP Exploit 2024 Guide

???? – Convert Plus WordPress Plugin Exploit [FIXED]

36. Virtual Hardening with Firewall

Firewall definition

The firewall, or network security system, protects the integrity of a web network. It is software or hardware, that monitors and controls incoming and outgoing communication based on a set of rules.

A firewall takes a number of guises, depending on its intended purpose. A personal firewall is used to protect the contents of your computer, such as system settings and files, from unauthorized access by malicious software. A perimeter firewall protects websites from external threats and is designed to prevent all connections, both incoming and outgoing. While using the internet, a firewall will ensure that no external attempts are made to gain unauthorised access or control to your computer.

The Firewall sits between an internal network and the Internet, creating a barrier or shield from outside intrusions and attacks and preventing unauthorized access to a private LAN or WAN.

???? –  Virtual Hardening – WordPress Security Firewall

37. Patch

A patch or a “patch” is an update or piece of software intended to fix problems in other software, often proprietary. Patches can be created by anyone and applied manually to the program. You can download the latest patches for your software on the Internet.

Patch software is essentially a fix or update for a software program. It installs on top of an existing version of the program and its purpose is to either fix bugs or add features, as well as enhance performance and usability.

???? –  WordPress Ninja Forms Plugin Vulnerability Patched

???? –  Critical Divi Builder WordPress Plugin/Theme Vulnerability – PATCHED

38. Spam

Full form of SPAM is Special Processed American Meat.

Spam is made up of unsolicited messages or emails sent over the internet. Spam can be used to spread malware and phishing, which is why you should not open, reply to or download attachments from spam messages. Spam can come your way in the form of emails, instant messages and comments, among other types of spam.

Spam, whether in the form of unsolicited emails or instant messages, is unwelcome and annoying. Look for it in your email inbox, chat room or comment section, and know that it is a way for marketers to gain information about you.

Also Read24 Best Free Email Anti-Spam Filter Tools 2024 (Gmail, Outlook)

39. URL injection

A URL injection is when a cyber-criminal creates new pages in a website that contain spammy words or links (do-follow or no-follow). Sometimes, these pages also contain malicious code that redirects your users to other web pages or makes the website’s web server contribute to a DDoS attack. URL injection usually happens because of vulnerabilities in web directories or software used to operate the website, such as an outdated WordPress or plugins.

40. CSRF

Cross-site request forgery, also known as a one-click attack or session riding and abbreviated as CSRF (sometimes pronounced sea-surf) or XSRF, is a type of malicious exploit of a website where unauthorized commands are submitted from a user that the web application trusts. Read more about WordPress CSRF attack and CSRF Protection.

Final Words

Technical and non-technical users need to stay updated with the hacking techniques and terminologies.

To organize a good defense, it is necessary to know the attacks. This article has reviewed the 27 most common hacking terms, that hackers use to disrupt and compromise websites and computer systems.

As you have seen, attackers have a wide range of options, such as DDoS attacks, malicious infections, and brute-force password cracking, to attempt to gain unauthorized access to critical infrastructure and sensitive data.

Only installing the antivirus is not sufficient to keep your online activities safe. Therefore, we have covered all the essential terminologies related to hacking, which will help you to stay updated.

Measures to mitigate these threats vary, but the basic security principles remain the same:

  • Update your anti-virus systems and databases,
  • train your employees,
  • configure your firewall to only show ports and necessary hosts,
  • choose strong passwords,
  • enforce the principle of least privilege in your computing environment,
  • make regular backups,
  • run periodic website scans using these WordPress Vulnerability Scanners & Security Tools Online for suspicious activity.
  • get expert help from us. Wp Hacked Help is one of the best wordpress malware removal service.

But not the least, we got you covered, check out our WordPress Security Checklist 2024 – A Step by Step Guide and Best WordPress Security Tips 2024 [UPDATED]


GUIDE WordPress Hacking
GUIDE WordPress vulnerabilities / WordPress security guide
LIST WordPress security scanners
TIPS WordPress security updates
Checklists WordPress Malware Removal Checklist \ WordPress Maintainence Checklist
HOW TO WordPress Malware Removal
LIST WordPress Errors
USER MANUAL WordPress Automatic Updates
24/7 WP Security & Malware Removal
Is your site hacked or infected with malware? Let us get it fixed for you
Secure My Website(s)