Every security term explained simply. SSL, malware, phishing, 2FA — everything in one place, zero jargon.
Encrypts the connection between your site and your visitor's browser.
An SSL (Secure Sockets Layer) certificate is a digital ID that encrypts everything sent between your website and a user's browser — passwords, card details, form data. The 'https://' prefix and lock icon in the URL bar are the visible proof. In 2026, running a site without SSL is a basic, avoidable mistake.
Malicious software hidden inside your site to cause damage.
Malware is code attackers inject into your site. It can serve fake pages to visitors, steal card details, or quietly send spam from your domain. It often goes unnoticed for weeks.
Cloning a page to trick people out of passwords or OTPs.
In a phishing attack, the attacker creates a near-perfect copy of your site and sends customers there via email or SMS. Logins and payment details get harvested — and your brand takes the blame.
Flooding a site with fake traffic so real users can't reach it.
A Distributed Denial of Service attack uses thousands of machines to overwhelm your server with requests. The site crashes, and real customers can't load it. Cloudflare's free plan offers solid baseline protection.
Trying thousands of passwords to break into an admin account.
In a brute-force attack, a script tries every plausible password combination. 'admin123' cracks in seconds. A strong password, login-attempt limits, and 2FA together form a three-layer defence.
Requiring a code in addition to a password at login.
With 2FA, logging in needs both the password and a one-time code (SMS, Google Authenticator, or an app). Even if the password leaks, the attacker can't get in. A must-have on every admin account.
A hidden secret entry point left behind by an attacker.
A backdoor is hidden code an attacker leaves behind so they can return after you 'clean' the site. Removing malware alone isn't enough — you have to find and close every backdoor too.
Google flags your site as dangerous; visitors see a red warning.
When Google detects malware or phishing on a site, it adds it to Safe Browsing. Chrome and Firefox then show a red warning, and traffic drops to zero. The fix: clean the site, then submit a review request via Google Search Console.
India's Digital Personal Data Protection Act — the rules for customer data.
The DPDP Act, 2023 is India's data-protection law. You must collect only what you need, store it securely, and report breaches. For small businesses, compliance is straightforward: use SSL, encrypt the database, and lock down access.
A friendly hacker attacks your site to expose real weaknesses.
Pen testing has an ethical hacker actively attack your site — finding flaws before a real attacker does. It goes deeper than an automated scan and is usually enterprise-grade. For small businesses, an annual audit is typically enough.
Run a free 2-minute check — no credit card needed. We tell you what's broken and exactly how to fix it.
Scan My Site Free