WordPress & Web Hosting Glossary

Running a WordPress site means encountering a lot of technical terminology — from backups and firewalls to DNS and PHP. This glossary explains the concepts that matter most for keeping your site secure, fast, and online. No jargon, no fluff — just clear definitions written for website owners, not developers.

A – C

Backup

A backup is a saved copy of your website's files and database that can be used to restore your site if something goes wrong. Backups protect you from data loss caused by hacking, failed updates, or accidental deletions. A good backup strategy includes automatic daily copies stored in a separate location from your server. Without reliable backups, even a minor incident can become a permanent loss.

Brute Force Attack

A brute force attack is when a bot or attacker tries thousands of username and password combinations in rapid succession to gain access to your site's admin area. WordPress login pages are common targets because they follow a predictable URL pattern. Protections like login attempt limits, strong passwords, and two-factor authentication make these attacks far less likely to succeed. Left unaddressed, a successful brute force attack gives an attacker full control of your site.

Caching

Caching stores a pre-built version of your web pages so they can be delivered to visitors instantly instead of being generated from scratch on every request. It significantly reduces server load and speeds up your site, especially during traffic spikes. WordPress caching can happen at multiple levels — the browser, the server, or a CDN. Proper caching configuration is one of the most effective ways to improve perceived site performance without changing any code.

CDN (Content Delivery Network)

A CDN is a global network of servers that stores copies of your site's static assets — images, stylesheets, scripts — and delivers them from whichever server is geographically closest to the visitor. This reduces the time it takes for your pages to load, regardless of where your visitor is located. CDNs also help absorb traffic spikes and can block certain types of attacks before they ever reach your server.

CMS (Content Management System)

A CMS is software that lets you create, edit, and manage website content without writing code directly. WordPress is the world's most popular CMS, powering over 40% of all websites. It provides a visual interface for adding pages, blog posts, images, and more. The tradeoff is that a CMS adds complexity and ongoing maintenance requirements — it must be kept updated to remain secure.

Core Update

A WordPress core update is an official release from the WordPress development team that patches security vulnerabilities, fixes bugs, or introduces new features. Running an outdated version of WordPress is one of the leading causes of hacked websites. Minor updates are typically safe to apply immediately, while major updates may require compatibility testing with your theme and plugins. Keeping core updated is a non-negotiable part of responsible site maintenance.

Core Web Vitals

Core Web Vitals are a set of performance metrics defined by Google to measure real-world user experience — specifically how fast a page loads, how quickly it becomes interactive, and how stable the layout is while loading. They directly influence your site's ranking in Google search results. Poor scores are often caused by large unoptimized images, slow server response times, or poorly written plugins.

D – F

Database

WordPress stores all of your site's content — posts, pages, settings, user accounts, comments — in a MySQL database. The files on your server hold the code, but the database holds your actual content. When something is deleted or corrupted in the database, it can take down your entire site. Regular database backups and occasional optimization are important parts of keeping a WordPress site healthy.

DNS (Domain Name System)

DNS is the system that translates human-readable domain names like webcoria.net into the numerical IP addresses that computers use to find each other. When someone types your domain into a browser, a DNS lookup happens behind the scenes to route them to the right server. DNS changes typically take minutes to hours to take full effect — a process called propagation.

Downtime

Downtime is any period when your website is unavailable to visitors — whether due to a server outage, a failed update, a cyberattack, or an expired domain. Even short periods of downtime can mean lost revenue, damaged trust, and lower search rankings. Proactive monitoring alerts you the moment your site goes offline so the issue can be addressed immediately.

Firewall

A firewall is a security layer that filters incoming traffic and blocks requests that look malicious before they can interact with your site. For WordPress, this typically means a software-based firewall that runs at the server level or through a plugin. Firewalls can block known attack patterns, suspicious IP addresses, and automated bots. They work best as part of a layered security setup alongside regular updates and strong login credentials.

FTP / SFTP

FTP (File Transfer Protocol) and SFTP (Secure File Transfer Protocol) are methods used to transfer files between your computer and your web server. They give you direct access to the files that make up your WordPress installation — useful for manual backups or fixing a broken site when the admin panel is inaccessible. SFTP is the secure version and should always be preferred over plain FTP.

H – M

Hosting

Web hosting is the service that provides the server space and infrastructure needed to make your website accessible on the internet. Your hosting plan determines your site's speed, reliability, and available resources. For WordPress sites, shared hosting is the most affordable option but the least performant under load; managed WordPress hosting costs more but handles server configuration, updates, and caching for you.

Malware

Malware is malicious code that has been injected into your website, usually through a security vulnerability in WordPress core, a plugin, or a theme. It can redirect visitors to spam sites, steal user data, send spam emails from your server, or silently mine cryptocurrency. Many WordPress site owners don't know they've been infected until their host suspends the account or Google blacklists the domain.

Managed Hosting

Managed hosting is a type of web hosting where the provider handles the server-level technical work on your behalf — including server configuration, security patching, and performance optimization. It's more expensive than standard shared hosting but removes the need to be a sysadmin. It pairs well with a maintenance plan that handles the application layer (plugins, themes, content).

P – S

PHP

PHP is the server-side programming language that WordPress is built on. When a visitor loads a page, PHP runs on the server to pull content from the database and assemble the HTML that gets sent to the browser. Keeping your server on a supported PHP version is important for both security and compatibility with modern plugins and themes.

Plugin

A plugin is a piece of add-on software you install in WordPress to extend its functionality — for example, adding a contact form, an SEO tool, an e-commerce store, or a security scanner. There are over 60,000 free plugins in the official WordPress repository. Each plugin you add is additional code running on your site, which means more potential attack surface and performance overhead.

Sandbox / Staging Environment

A staging environment is a private copy of your live website where you can test changes — major updates, new plugins, theme edits — without risking anything on the live site. Once changes are confirmed to work correctly, they can be pushed to production. Running updates directly on a live site without testing is a common cause of site breakage.

SSL Certificate

An SSL certificate enables the HTTPS connection between your website and your visitors' browsers, encrypting the data that travels between them. Browsers display a padlock icon when HTTPS is active, and show a "Not Secure" warning when it isn't — which damages visitor trust instantly. Google also uses HTTPS as a ranking signal. Modern SSL certificates (via Let's Encrypt) are free and auto-renewing.

T – Z

Theme

A WordPress theme controls the visual design and layout of your site — the fonts, colors, page structure, and overall look. Like plugins, themes must be kept updated because outdated themes can contain vulnerabilities. It's good practice to keep only one active theme installed and to delete any themes you're not using to reduce your attack surface.

Two-Factor Authentication

Two-factor authentication (2FA) adds a second verification step to your login process, requiring both your password and a temporary code from an app or SMS message. Even if an attacker obtains your password through a data breach or phishing attempt, they still cannot log in without the second factor. Enabling 2FA on all WordPress admin accounts is one of the simplest and most effective security improvements you can make.

Uptime

Uptime refers to the percentage of time your website is accessible and functioning correctly. A host advertising "99.9% uptime" still allows for roughly 8.7 hours of downtime per year. Uptime is monitored by regularly checking whether your site responds correctly at short intervals, such as every minute. Knowing immediately when your site goes down — rather than finding out from an angry customer — gives you the best chance of a fast recovery.

Vulnerability

A vulnerability is a flaw or weakness in software code that could be exploited by an attacker to gain unauthorized access or cause harm. Vulnerabilities are discovered regularly in WordPress core, plugins, and themes — many are patched within days of disclosure, but sites running outdated software remain exposed. The window between a vulnerability becoming public knowledge and active exploitation is often measured in hours.

WAF (Web Application Firewall)

A WAF is a specialized firewall designed to monitor and filter HTTP traffic specifically targeting web applications like WordPress. Unlike a standard network firewall, a WAF understands web-layer attacks such as SQL injection, cross-site scripting (XSS), and remote code execution attempts. It sits between your visitors and your server, blocking malicious requests before they reach your application.

WordPress

WordPress is an open-source content management system first released in 2003 and now used by over 40% of all websites worldwide. It's free to download and self-host, with a vast ecosystem of themes and plugins. Its popularity is a double-edged sword: the large user base means more available resources and developers, but also makes WordPress sites a high-value target for automated attacks. Keeping WordPress secure and performant requires ongoing attention — which is exactly what a maintenance plan is designed to provide.

Let webcoria handle it all for you.

All of these concepts — backups, firewalls, updates, performance — are covered in every webcoria plan.

View plans