Glossary for hacked sites

The glossary covers a collection of technical terms that are referenced throughout our security documentation.

Administrator privileges
The highest level of permission account setting on a system. These privileges allow actions like deleting the entire site, resetting passwords, or uploading files.
A program installed on a system to bypass authentication controls and maintain a hacker's access to that system.

The practice of presenting different content or URLs to human users and search engines.

For example, dynamic scripts and .htaccess rules can return status codes based on the requests being processed. Hackers use cloaking to hide their tracks by returning a 404 or 500 error code to certain IP addresses or browsers, while serving spam to other IP addresses or browsers.

Configuration files

Files that store information like database location and credentials for dynamic sites.

Content Management System (CMS)

Software packages that help users create and edit websites. Examples include WordPress, Drupal, and Joomla!, though there are many others, including some that are custom-built.

Digital forensic specialists

People or teams that can help you clean your site and identify how it was compromised.

Static web page

A web page made up of a single, unchanging file that displays content for a website.

Dynamic web page

A web page that uses scripts and templates to generate content on the site. It generates each page again every time that page is requested.


A PHP and JavaScript function that evaluates a string and returns the result. Eval functions are discouraged when a site deals with user input, because they open a vulnerability that allows attackers to sneak in malicious code (for example, by injecting harmful PHP commands).

File Transfer Protocol (FTP)

A protocol used to transfer files from one machine to another.

Hidden files

Files that don't show up in a directory by default. Typically, files like .htaccess are hidden to protect important information from being accidentally modified. You need to configure your file system to allow you to see and edit hidden files.

HTTP Status Codes

Standardized responses that web servers return along with content when users try to interact with a page, such as when loading a page or submitting a comment. These codes help users understand how the website is responding or identify errors. Refer to the World Wide Web Consortium's Status Code page for a full list of status codes and their meanings.


Code that allows a web page to display content from one page within another. Hidden iframes are a common tactic used by hackers to redirect users to their sites.

Log file

Files where web servers record user requests to keep track of all activities performed on the server. You can identify hacking attempts or suspicious traffic to your site by looking through log files.


Any software specifically designed to harm a computer, the software it is running, or its users. To learn more, refer to Malware and unwanted software.


A tactic hackers use to confuse people interpreting their code by making the code harder to read. Common obfuscation methods by hackers include character substitution, intentionally confusing variable names, using encodings like base64, rot13, gzip, URL encoding, hex encoding, or a combination of these. Some obfuscation methods, such as base64 and gzip, are also used to compress and hide large amounts of code, like entire web shells.


A form of social engineering that tricks users into giving away sensitive information like usernames or passwords by pretending to be a trusted source. For example, a phisher might email a potential victim pretending to be their bank and ask for their bank account credentials. To learn more, refer to Prevent & report phishing attacks.

Search Console

A free service offered by Google that helps you monitor and maintain your site's presence in Google Search results. Google also uses Search Console to communicate with site owners about website issues. To learn more, refer to About Search Console.


A file containing a list of web pages on a site that informs search engines about the organization of the site's content. To learn more, refer to Learn about sitemaps.

Social engineering

A technique for gaining access to or control of sensitive information by trying to trick people into providing access rather than attacking the code directly. Phishing is one of the most common forms of social engineering. To learn more, refer to Social engineering (phishing and deceptive sites).

Traffic spike

A sudden or unexpected surge in website traffic.

Two-factor authentication (2FA)

A security mechanism for protecting account login by requiring at least two tokens of proof. For example, a user using two-factor authentication might need both a password and security code received by SMS in order to access their account.

Web hosting service

A service that provides users with space to host their site on a web server, for example Google Sites. Extra features or tools might be available depending on the service.

Web scripting languages

Coding languages often used in alongside HTML to add extra features to a site, including processing of forms, comment moderation, or special visual effects. The recovery guides use scripting language to refer to either PHP or JavaScript.

PHP is a server-side scripting language, which means the web server interprets and executes its commands. Javascript is primarily a client-side language, which means the user's browser interprets and executes its commands.

Web server

The machine and software that host and control web pages and other files related to a website.

Web shell

A backdoor script that allows attackers to maintain access to a server.

Web spam

Deceptive search engine optimization (SEO) tactics or spam content that attempt to boost the ranking or popularity of a site by deceiving and manipulating search engines.