A DNS record that maps a domain name to an IPv4 address. When someone types your domain into a browser, the A record tells the internet which server’s IP address to connect to. The “A” stands for address.

A routing method where the same IP address is assigned to multiple servers in different locations. Network traffic is automatically directed to the nearest server. Used by CDNs and DNS providers to reduce latency globally without requiring visitors to know which server to contact.

One of the two most widely used web server software programs (alongside NGINX). Apache serves web pages to visitors’ browsers and handles configuration through .htaccess files. It has been the dominant web server software since the mid-1990s and remains extremely common on shared hosting platforms.

An automated email reply system that sends a pre-written message when an email is received at a specific address. Commonly used in hosting control panels to send out-of-office replies or confirmation messages without manual intervention.

A fully functional domain hosted within an existing hosting account, appearing to visitors as a separate website. Unlike parked domains, addon domains have their own directory, content, and email accounts. Common on shared hosting plans that allow multiple websites per account.

The total amount of data that can be transferred between your server and visitors over a given period (typically a month). Measured in gigabytes or terabytes. Every page view, image download, and file transfer counts toward your bandwidth. Most modern plans offer “unmetered” bandwidth, meaning practical usage limits are rarely enforced.

A physical server with no virtualization layer — hardware allocated entirely to one customer. Offers maximum performance because there is no hypervisor overhead. Contrast with VPS hosting, where multiple virtual machines share one physical machine.

An attack that attempts to gain unauthorized access by systematically trying every possible password or key combination until the correct one is found. Extremely common against WordPress admin login pages and SSH access points. Rate limiting and two-factor authentication are the primary defenses.

A legally required contract under HIPAA between a healthcare organization (Covered Entity) and any vendor that handles Protected Health Information on their behalf. A hosting provider that stores or processes patient data must sign a BAA before any PHI is transmitted or stored on their infrastructure.

A stored copy of data (a web page, database query result, or file) that can be served faster than re-generating it from scratch. Caching is one of the most impactful website performance optimizations available. Types include page cache, object cache, browser cache, and CDN cache — each operating at a different layer of the request lifecycle.

A globally distributed network of servers that delivers website content from locations physically close to each visitor. Instead of every visitor connecting to your origin server in one location, a CDN serves cached files from the nearest edge node. Reduces latency, improves load times globally, and reduces bandwidth load on the origin server.

The most widely used web hosting control panel. A browser-based dashboard where users manage website files, databases, email accounts, domains, SSL certificates, and software installations. Commonly found on shared and VPS hosting plans. Alternative panels include Plesk, DirectAdmin, and Virtualmin.

A DNS record that aliases one domain name to another. For example, www.yourdomain.com can point to yourdomain.com via a CNAME. Commonly used to point subdomains to external services (e.g., pointing shop.yourdomain.com to a Shopify store).

A hosting model where a business owns its physical server hardware but rents space, power, cooling, and network connectivity in a third-party data center. The customer owns and manages the equipment; the data center provides the facility and internet connection.

A lightweight, isolated software environment that packages an application and all its dependencies together. Containers share the host OS kernel but are isolated from each other. Docker is the most popular container platform. Used extensively in modern hosting to run applications efficiently and consistently across environments.

A browser-based interface provided by a hosting company to manage hosting account settings without using the command line. Common control panels include cPanel, Plesk, DirectAdmin, and Virtualmin. Managed hosts often provide proprietary dashboards in addition to or instead of standard panels.

Google’s set of standardized metrics measuring real-world user experience on web pages. The three core metrics are LCP (Largest Contentful Paint — loading speed), INP (Interaction to Next Paint — responsiveness), and CLS (Cumulative Layout Shift — visual stability). Google uses Core Web Vitals as a ranking signal.

A scheduled task that runs automatically at specified intervals on a server. Used for automating repetitive server-side processes such as sending scheduled emails, generating reports, cleaning databases, updating data feeds, and running backups. WordPress uses a pseudo-cron system; server-level cron jobs are more reliable.

A physical facility housing the servers, networking equipment, power systems, and cooling infrastructure that power web hosting services. Data centers are designed for maximum uptime with redundant power supplies, generators, fire suppression, and physical security. Location matters for latency — servers geographically closer to visitors respond faster.

An organized collection of structured data stored and accessed electronically. Websites use databases to store content, user accounts, settings, and transactions. WordPress uses MySQL/MariaDB databases. Most web applications are database-driven — the database is often the performance bottleneck on busy sites.

An attack that floods a server or network with traffic from thousands of compromised machines simultaneously, overwhelming its capacity and making it inaccessible to legitimate users. DDoS attacks are a persistent threat to websites, especially ecommerce stores and game servers. Mitigation involves filtering malicious traffic at the network edge before it reaches the server.

A physical server allocated entirely to one customer, providing exclusive access to all its CPU, RAM, storage, and network resources. No resource sharing with other customers. Maximum performance and isolation, but also the highest cost and most administrative responsibility. Typically used by large websites, high-traffic applications, and businesses with specific compliance requirements.

The internet’s distributed phonebook — a global system that translates human-readable domain names into machine-readable IP addresses. When you type a URL, DNS resolves it to the IP address of the correct server. DNS records (A, CNAME, MX, TXT, etc.) control how a domain routes different types of traffic.

The time it takes for DNS record changes to spread across the global network of DNS servers. Can take anywhere from a few minutes to 48 hours, depending on TTL (Time to Live) settings and ISP caching. During propagation, different users may see different versions of your site depending on which DNS servers their ISP uses.

An open-source platform for building, running, and managing containers. Docker packages applications and their dependencies into portable containers that run consistently across any environment. Widely used in modern hosting and development workflows to ensure applications behave the same in development, staging, and production.

The human-readable address used to access a website (e.g., example.com). Domain names are registered through accredited registrars and must be renewed annually. The domain name is separate from hosting — a domain can point to any hosting server by updating its DNS records.

Any period during which a website or server is inaccessible to visitors. Caused by server failures, maintenance, DDoS attacks, hardware problems, or software errors. Hosting providers express reliability as uptime percentage — the inverse of downtime. For ecommerce sites, downtime directly translates to lost revenue.

Processing data and running application logic at servers located at the geographic “edge” of a network — close to end users — rather than at a centralized origin data center. Reduces latency by eliminating round trips to distant servers. Edge functions (Cloudflare Workers, Vercel Edge) allow code to execute at edge nodes globally.

Protected Health Information (PHI) that is created, stored, transmitted, or received in electronic form. Subject to HIPAA’s Security Rule, which requires specific administrative, physical, and technical safeguards. Any website or application that stores or transmits ePHI must run on HIPAA-compliant infrastructure with an appropriate Business Associate Agreement.

A service that stores and manages email accounts for a domain (e.g., [email protected]). Often bundled with web hosting but can be purchased separately. Professional email hosting includes spam filtering, IMAP/POP3 access, SMTP sending, and webmail interfaces. Google Workspace and Microsoft 365 are popular dedicated email hosting services.

An automatic switchover to a backup system when the primary system fails. In hosting, failover means traffic is automatically redirected to a standby server if the primary server goes down. Essential for high-availability setups where downtime is not acceptable. Requires redundant infrastructure and health monitoring systems.

A security system that monitors and controls incoming and outgoing network traffic based on predefined rules. Hosting firewalls block unauthorized access while allowing legitimate traffic through. A Web Application Firewall (WAF) specifically filters HTTP/HTTPS traffic to protect against application-level attacks like SQL injection and cross-site scripting.

A standard protocol for transferring files between a local computer and a remote server over a network. Used to upload website files to a hosting account. Standard FTP is unencrypted; SFTP (SSH File Transfer Protocol) and FTPS (FTP Secure) are encrypted alternatives that should be used instead of plain FTP on any modern setup.

A distributed version control system that tracks changes to files over time. In hosting contexts, Git is used to deploy websites and applications — pushing code from a local development environment or repository to a server automatically triggers deployment. Services like GitHub, GitLab, and Bitbucket host Git repositories and integrate with deployment pipelines.

Web hosting powered by renewable energy sources or offset by verified renewable energy certificates. Data centers consume significant electricity for servers and cooling. Green hosting providers power their infrastructure with solar, wind, or hydroelectric energy, or purchase Renewable Energy Certificates to offset their carbon footprint.

A system design approach that ensures a service remains operational with minimal downtime, even when individual components fail. Achieved through redundancy: multiple servers, load balancers, redundant power supplies, and automatic failover. High availability setups typically target 99.99% or higher uptime SLAs.

The Health Insurance Portability and Accountability Act — a U.S. federal law requiring healthcare organizations and their vendors to protect the privacy and security of patient health information. Hosting providers that store or process patient data for healthcare organizations must comply with HIPAA’s Security Rule and sign a Business Associate Agreement.

A configuration file used on Apache web servers to control server behavior at the directory level. Common uses include URL redirects, password protection, custom error pages, blocking specific IP addresses, enabling HTTPS, and controlling caching headers. Changes take effect immediately without restarting the server.

The foundational protocol for data communication on the web. Defines how messages are formatted and transmitted between browsers and servers. HTTP sends data in plain text — unencrypted. HTTPS (HTTP Secure) adds encryption via TLS. Modern browsers flag HTTP-only sites as “Not Secure.”

The second major version of HTTP, standardized in 2015. Key improvements over HTTP/1.1 include multiplexing (multiple requests over a single connection), header compression, and server push. Significantly faster than HTTP/1.1 for loading modern web pages with many assets. Supported by all major browsers and most modern hosting platforms.

The latest major version of HTTP, built on the QUIC transport protocol instead of TCP. Eliminates head-of-line blocking, establishes connections faster, and performs better on unreliable networks (mobile connections, high-packet-loss environments). Increasingly supported by hosting providers and CDNs including Cloudflare.

Software that creates and manages virtual machines (VMs) by abstracting physical hardware resources. In VPS hosting, the hypervisor divides one physical server’s CPU, RAM, and storage among multiple virtual servers. KVM, VMware ESXi, and Hyper-V are common hypervisors. The type of hypervisor affects VPS performance and isolation quality.

A cloud computing model where a provider delivers virtualized computing infrastructure — servers, networking, storage — over the internet. Customers rent infrastructure and manage their own operating systems, middleware, and applications. AWS EC2, Google Compute Engine, and Azure Virtual Machines are IaaS products.

An email protocol that allows email clients to access and manage messages directly on the mail server, keeping them synchronized across multiple devices. The modern standard for email access — emails stay on the server until explicitly deleted. Contrast with POP3, which downloads messages to the local device and typically removes them from the server.

A unique numerical label assigned to every device connected to a network. IPv4 addresses use four octets separated by dots (e.g., 192.168.1.1). IPv6 uses a longer hexadecimal format to accommodate the vastly larger number of internet-connected devices. Shared hosting accounts share an IP address with other sites; dedicated servers and some VPS plans provide a dedicated IP.

A web development architecture based on JavaScript, APIs, and Markup. JAMstack sites are pre-built at deploy time into static HTML files, which are served directly from a CDN without any server-side rendering at request time. Results in very fast, secure, and scalable sites. Popular frameworks include Next.js, Gatsby, Astro, and Hugo.

Variation in network latency over time. While average ping measures how fast packets travel, jitter measures how consistent that speed is. High jitter causes erratic behavior in real-time applications — rubber-banding in games, choppy video calls, and audio artifacts. A stable connection with slightly higher ping is often preferable to a lower-ping connection with high jitter.

An open-source system for automating the deployment, scaling, and management of containerized applications. Kubernetes orchestrates clusters of containers, handling load balancing, self-healing, rolling updates, and resource allocation. Standard infrastructure for large-scale cloud-native applications. Often shortened to “K8s” (8 letters between K and s).

A virtualization technology built into the Linux kernel that turns Linux into a hypervisor capable of running multiple isolated virtual machines. KVM is the most common hypervisor for VPS hosting. KVM-based VPS instances provide strong resource isolation — each VM gets a guaranteed, dedicated allocation of RAM and CPU, unlike container-based virtualization (OpenVZ).

The time delay between a request being sent and a response being received. In web hosting, latency is commonly measured as TTFB (Time to First Byte) — how long it takes for the server to send the first byte of a response after receiving a request. Lower latency improves user experience and is a Google ranking factor via Core Web Vitals.

A Core Web Vitals metric measuring how long it takes for the largest visible element on a page (typically the hero image or main heading) to fully render. Google considers under 2.5 seconds “good.” LCP is directly affected by hosting server response time, image optimization, and CDN delivery.

A free, automated, and open Certificate Authority that issues SSL/TLS certificates at no cost. Launched in 2016, it has made HTTPS universally accessible. Most web hosts now include free SSL certificates via Let’s Encrypt. Certificates must be renewed every 90 days, but renewal is typically automated by the hosting platform.

An open-source operating system that powers the vast majority of web servers worldwide. Free to use and highly customizable. Common Linux distributions in hosting environments include Ubuntu, CentOS/Rocky Linux, Debian, and AlmaLinux. Linux’s stability, security, and cost advantages make it the dominant server OS. Windows Server hosting is available but less common.

A system that distributes incoming network traffic across multiple servers to prevent any single server from becoming a bottleneck. Essential for high-traffic sites and applications requiring high availability. When one server fails, the load balancer routes traffic to the remaining healthy servers automatically. Common software load balancers include NGINX, HAProxy, and Traefik.

A high-performance commercial web server software that offers significantly better throughput than Apache for many workloads, especially PHP applications. LiteSpeed Cache integrates directly with the LiteSpeed server for exceptional WordPress caching performance. Used by SiteGround, A2 Hosting, Hostinger, and many other shared hosting providers.

A hosting service where the provider handles server administration tasks — including software updates, security patching, performance optimization, backups, and monitoring — on behalf of the customer. The customer focuses on their website or application; the host manages the infrastructure. More expensive than unmanaged hosting but significantly reduces technical overhead.

An open-source relational database management system that is a community-developed fork of MySQL. Fully compatible with MySQL while offering performance improvements and additional features. Widely used as a drop-in MySQL replacement on Linux hosting servers. WordPress and most PHP applications are compatible with MariaDB.

The maximum amount of RAM a PHP process is allowed to consume for a single request. Set in the PHP configuration (php.ini). WordPress and ecommerce applications like WooCommerce require higher memory limits than simple sites — 256MB is a practical minimum for most stores. Exceeding the memory limit causes fatal errors and white screens.

The world’s most popular open-source relational database management system. Used to store structured data in tables. WordPress, WooCommerce, Drupal, Magento, and most PHP applications use MySQL (or its compatible fork MariaDB) as their database. Database performance is a key factor in web application speed.

A DNS record that specifies which mail server is responsible for accepting email for a domain. MX records determine where email sent to @yourdomain.com is delivered. Multiple MX records with different priority values provide redundancy if the primary mail server is unavailable.

A server that stores DNS records for a domain and responds to DNS queries. When you register a domain, you point it to nameservers (usually provided by your DNS host or hosting company) that tell the internet where to find your website, email, and other services. Changing nameservers redirects all DNS traffic for a domain.

A high-performance open-source web server, reverse proxy, and load balancer. Known for efficiently handling large numbers of concurrent connections with low memory usage. Increasingly used as the primary web server on high-traffic sites and managed hosting platforms. Often deployed alongside PHP-FPM for WordPress hosting. Pronounced “engine-x.”

A JavaScript runtime built on Chrome’s V8 engine that allows JavaScript to run server-side. Enables building fast, scalable network applications outside of the browser. Popular for building APIs, real-time applications, and server-side rendering frameworks like Next.js. Requires hosting that supports Node.js execution — not available on all shared hosting plans.

Non-Volatile Memory Express Solid State Drive — a storage technology that uses the PCIe bus to communicate with the processor, offering dramatically faster read/write speeds than traditional SATA SSDs or mechanical hard drives. NVMe SSDs are significantly faster than SATA SSDs for random read/write operations common in web hosting workloads. The current gold standard for hosting storage.

A persistent caching layer that stores the results of database queries and complex PHP computations in fast memory (RAM) so they don’t need to be recalculated on every page request. Redis and Memcached are the most common object caching backends. Particularly valuable for WordPress sites with many dynamic pages or high traffic, and for ecommerce stores where cart and checkout pages can’t be page-cached.

PHP’s built-in bytecode cache. Normally, PHP compiles source code to bytecode on every request. OPcache stores the compiled bytecode in memory, eliminating repeated compilation and significantly speeding up PHP execution. Enabled by default on all modern PHP installations and hosting environments. No configuration required — just confirm your host runs a modern PHP version.

The primary server where a website’s actual content lives and is generated. When a CDN has a cached copy of a file, it serves that copy without contacting the origin. When the CDN doesn’t have a cached copy (a cache miss), it fetches the content from the origin server. Reducing load on the origin server is a primary goal of CDN and caching configurations.

A caching method that saves the complete HTML output of a web page as a static file. Subsequent visitors receive the pre-built HTML directly — skipping PHP execution and database queries entirely. The most impactful single WordPress performance optimization, typically reducing server response times by 80–95% for cacheable pages. Implemented via plugins (WP Rocket, LiteSpeed Cache) or directly by managed hosts at the server level.

Payment Card Industry Data Security Standard — a set of security requirements maintained by major card brands that apply to any business processing, storing, or transmitting payment card data. Compliance is enforced contractually through merchant agreements. The hosting environment is within PCI scope; stores using hosted payment gateways (Stripe, PayPal) dramatically reduce their compliance burden.

A widely-used open-source server-side scripting language that powers WordPress, WooCommerce, Drupal, Joomla, Laravel, and thousands of other web applications. PHP code executes on the server and generates HTML sent to the browser. PHP 8.x offers significant performance improvements over older versions — always run the most current supported version.

An alternative PHP process manager that significantly improves performance compared to the traditional mod_php approach. PHP-FPM maintains a pool of pre-spawned PHP processes ready to handle requests, reducing startup overhead. Commonly used with NGINX on high-performance hosting setups. Supports per-pool configuration, enabling different PHP settings for different sites on the same server.

A measurement of round-trip network latency between two points — how long it takes for a data packet to travel from one location to another and back. Measured in milliseconds. In game server hosting, ping is the primary performance metric. In web hosting, ping relates to TTFB but is distinct from it. Lower ping means faster communication.

A physical location in a CDN or edge network where servers are deployed to serve content closer to end users. A CDN with 300 PoPs worldwide can serve most visitors from within their own country or region. More PoPs generally means lower latency for a globally distributed audience.

Under HIPAA, any individually identifiable health information held or transmitted by a Covered Entity or Business Associate. Includes names, addresses, dates, Social Security numbers, medical record numbers, IP addresses, and any other data that could identify an individual in connection with their health status or treatment. PHI requires specific technical safeguards when stored or transmitted electronically.

A storage technology that combines multiple physical drives into a single logical unit for redundancy, performance, or both. RAID 1 mirrors data across two drives so if one fails, the other contains a complete copy. RAID 10 combines mirroring and striping for both speed and redundancy. Common in dedicated server and enterprise hosting environments to protect against drive failure.

An instruction that sends a browser (and search engines) from one URL to another. 301 redirects are permanent and pass SEO value to the destination URL. 302 redirects are temporary and do not transfer SEO value. Redirects are used when moving content, changing domain names, enforcing HTTPS, or consolidating duplicate URLs.

An open-source, in-memory data structure store used as a database, cache, and message broker. In WordPress hosting, Redis provides persistent object caching — storing database query results and PHP objects in RAM so they’re instantly available for future requests. Dramatically reduces database load and speeds up dynamic pages. Available on most managed WordPress and cloud hosting platforms.

An ICANN-accredited organization authorized to register domain names on behalf of customers. Domain registrars manage the registration, renewal, and transfer of domain names. Popular registrars include Namecheap, GoDaddy, Google Domains (now Squarespace Domains), Cloudflare Registrar, and Porkbun. Hosting and domain registration are separate services and don’t need to be purchased from the same company.

A hosting model where an individual or company purchases hosting resources wholesale from a provider and resells them to their own clients under their own brand. Web designers and agencies often use reseller hosting to manage multiple client websites under a single account, typically with private-labeled control panels and billing systems.

A server that sits in front of web servers and forwards client requests to the appropriate backend server. Reverse proxies handle load balancing, SSL termination, caching, compression, and security filtering. NGINX is commonly deployed as a reverse proxy in front of application servers. Cloudflare effectively acts as a reverse proxy for any site using its service.

A software licensing model where applications are hosted by a provider and accessed over the internet rather than installed locally. In hosting, fully hosted platforms like Shopify, Squarespace, and Wix are SaaS products — all infrastructure, maintenance, and software updates are handled by the provider. Customers pay a subscription for access to the software and its underlying infrastructure.

A cloud execution model where functions run in ephemeral, stateless containers that scale automatically and are billed only when executing. The term is somewhat misleading — servers exist, but developers don’t manage them. AWS Lambda, Google Cloud Functions, and Cloudflare Workers are serverless platforms. Ideal for event-driven workloads, APIs, and lightweight processing tasks.

A secure file transfer protocol that uses SSH encryption for all data in transit. The standard for securely transferring files between a local computer and a hosting server. Should always be used instead of plain FTP, which transmits credentials and data in unencrypted plain text. Most hosting control panels provide SFTP credentials for direct file access.

A hosting model where multiple websites share the same physical server and its resources (CPU, RAM, bandwidth). The most affordable hosting type and suitable for low-traffic sites, personal projects, and small businesses. Performance can be affected by other sites on the same server during traffic spikes. The starting point for most new website owners.

A contract between a hosting provider and customer that specifies the level of service guaranteed — most commonly expressed as an uptime percentage (e.g., 99.9%). SLAs define what happens (usually service credits) if the provider fails to meet the guaranteed standard. Read SLAs carefully: the remedies are typically limited and don’t compensate for lost revenue from downtime.

The standard protocol for sending email between servers. When a WordPress site sends a transactional email (order confirmation, password reset), it uses SMTP to deliver the message. Default WordPress email via PHP mail() often has poor deliverability; configuring SMTP via a dedicated service (SendGrid, Postmark, Mailgun) significantly improves email reliability.

Sender Policy Framework — a DNS TXT record that specifies which mail servers are authorized to send email on behalf of your domain. Helps receiving mail servers verify that email claiming to be from your domain is actually coming from an authorized source. Part of the standard email authentication trio alongside DKIM and DMARC.

The standard language for managing and querying relational databases. Used to create, read, update, and delete data in databases like MySQL and MariaDB. Web applications generate SQL queries automatically, but understanding SQL helps diagnose slow database queries and optimize performance. SQL injection is a common web attack that exploits unsanitized SQL queries.

A digital certificate that authenticates a website’s identity and enables encrypted HTTPS connections. Issued by Certificate Authorities (CAs). Let’s Encrypt provides free SSL certificates accepted by all major browsers. Required for all modern websites — browsers display “Not Secure” warnings on HTTP-only sites, and Google penalizes them in search rankings.

A cryptographic network protocol for secure remote access to servers. SSH provides an encrypted command-line connection to a remote server, enabling file management, software installation, configuration, and troubleshooting. Available on VPS and dedicated servers; typically not available on shared hosting. SSH key authentication is more secure than password-based login.

A prefix added to a domain name to create a separate section of a website or a separate service. For example, blog.yourdomain.com or shop.yourdomain.com. Subdomains are free to create and can point to different servers, directories, or services than the main domain. Commonly used for staging environments, regional sites, and separate applications.

The cryptographic protocol that provides secure communications over the internet. TLS is what makes HTTPS secure — it encrypts data between the browser and server so it can’t be intercepted in transit. TLS 1.2 and 1.3 are the current standards; TLS 1.0 and 1.1 are deprecated. Often still referred to by the older name SSL, though they are technically different protocols.

A web performance metric measuring the time between a browser sending a request and receiving the first byte of the server’s response. TTFB reflects server processing time plus network latency. Under 200ms is excellent; under 600ms is acceptable. A high TTFB usually indicates slow server-side processing, insufficient caching, or poor network routing.

A value in DNS records that specifies how long a resolver should cache that record before checking for updates. Measured in seconds (e.g., TTL 3600 = one hour). Lower TTL values mean DNS changes propagate faster but increase DNS query load. Before making DNS changes (such as migrating to a new host), lower TTL to 300 seconds so the change takes effect globally within minutes rather than hours.

The percentage of time a server or website is operational and accessible. Expressed as a percentage — 99.9% uptime allows for approximately 8.7 hours of downtime per year. Hosting providers express reliability as uptime guarantees in their SLAs. For ecommerce and business-critical sites, 99.95% or higher is the appropriate target. Verify claimed uptime independently using third-party monitoring services.

The complete web address used to access a specific resource on the internet. A URL includes the protocol (https://), the domain name, and optionally a path to a specific page or resource. Proper URL structure affects both usability and SEO — clean, descriptive URLs perform better than URLs with query strings and random parameters.

An open-source HTTP accelerator (also called a caching reverse proxy) designed for high-performance content delivery. Sits in front of a web server and serves cached responses for requests it has cached, dramatically reducing origin server load. Used by Cloudways, Plesk installations, and many custom server setups. Particularly effective for serving cached pages to high volumes of concurrent visitors.

A configuration that allows a single web server to host multiple websites with different domain names on the same IP address. The web server reads the HTTP Host header to determine which site to serve. Name-based virtual hosting is how shared hosting providers run thousands of websites on a single server.

A virtual machine that runs its own copy of an operating system, allocated a dedicated portion of a physical server’s CPU and RAM. Sits between shared hosting (too limited for many sites) and dedicated servers (expensive). Offers more control, consistent resources, and better performance than shared hosting while remaining more affordable than a dedicated server. KVM is the most common VPS hypervisor.

A security system that filters and monitors HTTP/HTTPS traffic between a web application and the internet, blocking malicious requests before they reach the application. Protects against SQL injection, cross-site scripting (XSS), and other application-layer attacks. Cloudflare includes a WAF on all plans; most managed hosts include a WAF as part of their security stack.

A modern image format developed by Google that provides superior compression compared to JPEG and PNG while maintaining comparable visual quality. WebP images are typically 25–35% smaller than equivalent JPEG files. Supported by all modern browsers. Serving images in WebP format is one of the most impactful optimizations for page speed, as images are usually the largest page assets.

An SSL certificate that secures a domain and all its subdomains with a single certificate, indicated by an asterisk in the domain field (e.g., *.yourdomain.com). Covers www.yourdomain.com, blog.yourdomain.com, shop.yourdomain.com, etc. Useful for sites with many subdomains. More expensive than single-domain certificates but simplifies certificate management.

The administrative interface for cPanel-based hosting servers. While cPanel is the end-user control panel for individual hosting accounts, WHM is the server-level admin panel used by hosting providers and resellers to create and manage multiple cPanel accounts, configure server settings, manage resource allocations, and handle billing.

The world’s most popular content management system, powering over 43% of all websites. Open-source PHP software installed on self-managed hosting (WordPress.org) or available as a hosted service (WordPress.com). The distinction matters: WordPress.org gives full control over hosting, plugins, and customization; WordPress.com is a hosted platform with usage restrictions on lower tiers.

The core WordPress configuration file that stores database connection credentials, security keys, table prefix, and debugging settings. Located in the WordPress root directory. Critical for security — should be protected from public access, should never be committed to public version control, and should not store sensitive credentials in plain text beyond what WordPress requires.