diff --git a/core/frontend/apps/amp/lib/helpers/amp_content.js b/core/frontend/apps/amp/lib/helpers/amp_content.js
index 6ceea93876..7814a89ae1 100644
--- a/core/frontend/apps/amp/lib/helpers/amp_content.js
+++ b/core/frontend/apps/amp/lib/helpers/amp_content.js
@@ -187,9 +187,8 @@ function ampContent() {
         // Use cheerio to traverse through HTML and make little clean-ups
         $ = cheerio.load(ampHTML);
 
-        // We have to remove source children in video, as source
-        // is whitelisted for audio, but causes validation
-        // errors in video, because video will be stripped out.
+        // We have to remove source children in video, as source is allowed for audio,
+        // but causes validation errors in video, because video will be stripped out.
         // @TODO: remove this, when Amperize support video transform
         $('video').children('source').remove();
         $('video').children('track').remove();
diff --git a/core/frontend/web/middleware/static-theme.js b/core/frontend/web/middleware/static-theme.js
index 9567acd1db..7c775ba000 100644
--- a/core/frontend/web/middleware/static-theme.js
+++ b/core/frontend/web/middleware/static-theme.js
@@ -4,18 +4,18 @@ const constants = require('@tryghost/constants');
 const themeEngine = require('../../services/theme-engine');
 const express = require('../../../shared/express');
 
-function isBlackListedFileType(file) {
-    const blackListedFileTypes = ['.hbs', '.md', '.json'];
+function isDeniedFile(file) {
+    const deniedFileTypes = ['.hbs', '.md', '.json'];
     const ext = path.extname(file);
 
-    return blackListedFileTypes.includes(ext);
+    return deniedFileTypes.includes(ext);
 }
 
-function isWhiteListedFile(file) {
-    const whiteListedFiles = ['manifest.json'];
+function isAllowedFile(file) {
+    const allowedFiles = ['manifest.json'];
     const base = path.basename(file);
 
-    return whiteListedFiles.includes(base);
+    return allowedFiles.includes(base);
 }
 
 function forwardToExpressStatic(req, res, next) {
@@ -31,8 +31,8 @@ function forwardToExpressStatic(req, res, next) {
 }
 
 function staticTheme() {
-    return function blackListStatic(req, res, next) {
-        if (!isWhiteListedFile(req.path) && isBlackListedFileType(req.path)) {
+    return function denyStatic(req, res, next) {
+        if (!isAllowedFile(req.path) && isDeniedFile(req.path)) {
             return next();
         }
 
diff --git a/core/server/data/importer/importers/data/settings.js b/core/server/data/importer/importers/data/settings.js
index 1af65cf8c0..fec866cd2c 100644
--- a/core/server/data/importer/importers/data/settings.js
+++ b/core/server/data/importer/importers/data/settings.js
@@ -80,9 +80,6 @@ class SettingsImporter extends BaseImporter {
         };
     }
 
-    /**
-     * - 'core' and 'theme' are blacklisted
-     */
     beforeImport() {
         debug('beforeImport');
 
diff --git a/core/server/models/label.js b/core/server/models/label.js
index ce49d61179..c6cde4316f 100644
--- a/core/server/models/label.js
+++ b/core/server/models/label.js
@@ -92,7 +92,7 @@ Label = ghostBookshelf.Model.extend({
     permittedOptions: function permittedOptions(methodName) {
         let options = ghostBookshelf.Model.permittedOptions.call(this, methodName);
 
-        // whitelists for the `options` hash argument on methods, by method name.
+        // allowlists for the `options` hash argument on methods, by method name.
         // these are the only options that can be passed to Bookshelf / Knex.
         const validOptions = {
             findAll: ['columns'],
diff --git a/core/server/models/post.js b/core/server/models/post.js
index 36e7038413..f476ce541f 100644
--- a/core/server/models/post.js
+++ b/core/server/models/post.js
@@ -1019,7 +1019,7 @@ Post = ghostBookshelf.Model.extend({
     permittedOptions: function permittedOptions(methodName) {
         let options = ghostBookshelf.Model.permittedOptions.call(this, methodName);
 
-        // whitelists for the `options` hash argument on methods, by method name.
+        // allowlists for the `options` hash argument on methods, by method name.
         // these are the only options that can be passed to Bookshelf / Knex.
         const validOptions = {
             findOne: ['columns', 'importing', 'withRelated', 'require', 'filter'],
diff --git a/core/server/models/role.js b/core/server/models/role.js
index 0383abdfa7..2093be51ae 100644
--- a/core/server/models/role.js
+++ b/core/server/models/role.js
@@ -42,7 +42,7 @@ Role = ghostBookshelf.Model.extend({
     permittedOptions: function permittedOptions(methodName) {
         let options = ghostBookshelf.Model.permittedOptions.call(this, methodName);
 
-        // whitelists for the `options` hash argument on methods, by method name.
+        // allowlists for the `options` hash argument on methods, by method name.
         // these are the only options that can be passed to Bookshelf / Knex.
         const validOptions = {
             findOne: ['withRelated'],
diff --git a/core/server/models/tag.js b/core/server/models/tag.js
index 51e95f0b3c..0842fbf6c1 100644
--- a/core/server/models/tag.js
+++ b/core/server/models/tag.js
@@ -163,7 +163,7 @@ Tag = ghostBookshelf.Model.extend({
     permittedOptions: function permittedOptions(methodName) {
         let options = ghostBookshelf.Model.permittedOptions.call(this, methodName);
 
-        // whitelists for the `options` hash argument on methods, by method name.
+        // allowlists for the `options` hash argument on methods, by method name.
         // these are the only options that can be passed to Bookshelf / Knex.
         const validOptions = {
             findAll: ['columns'],
diff --git a/core/server/models/user.js b/core/server/models/user.js
index ff4337909c..a6d86339db 100644
--- a/core/server/models/user.js
+++ b/core/server/models/user.js
@@ -392,7 +392,7 @@ User = ghostBookshelf.Model.extend({
     permittedOptions: function permittedOptions(methodName, options) {
         let permittedOptionsToReturn = ghostBookshelf.Model.permittedOptions.call(this, methodName);
 
-        // whitelists for the `options` hash argument on methods, by method name.
+        // allowlists for the `options` hash argument on methods, by method name.
         // these are the only options that can be passed to Bookshelf / Knex.
         const validOptions = {
             findOne: ['withRelated', 'status'],
diff --git a/core/server/web/api/middleware/cors.js b/core/server/web/api/middleware/cors.js
index 4716767723..bf544d5273 100644
--- a/core/server/web/api/middleware/cors.js
+++ b/core/server/web/api/middleware/cors.js
@@ -72,7 +72,7 @@ function handleCORS(req, cb) {
         return cb(null, DISABLE_CORS);
     }
 
-    // Origin matches whitelist
+    // Origin matches allowlist
     if (getAllowlist().indexOf(url.parse(origin).hostname) > -1) {
         return cb(null, ENABLE_CORS);
     }
diff --git a/core/shared/settings-cache/public.js b/core/shared/settings-cache/public.js
index 8d4e8497ea..861ad8157e 100644
--- a/core/shared/settings-cache/public.js
+++ b/core/shared/settings-cache/public.js
@@ -3,7 +3,7 @@
  * This has been misused - unsplash and slack are incorrectly stored there
  * https://github.com/TryGhost/Ghost/issues/10318
  *
- * This file acts as a new whitelist for "public" settings
+ * This file acts as an allowlist for "public" settings
  */
 
 module.exports = {
diff --git a/test/integration/settings/settings.test.js b/test/integration/settings/settings.test.js
index 474589ff87..3e662d53f3 100644
--- a/test/integration/settings/settings.test.js
+++ b/test/integration/settings/settings.test.js
@@ -6,7 +6,7 @@ const testUtils = require('../../utils');
  *
  * If this test fails for you, you have modified the default settings.
  * When you make a change or add new setting, please ensure that:
- * - If a new `core` setting is added/removed/renamed, update the below whitelist
+ * - If a new `core` setting is added/removed/renamed, update the allowlist below
  * - If a new non-`core` setting is added, it includes corresponding migration to populate its `group` and `flags`
  */
 
diff --git a/test/unit/frontend/web/middleware/static-theme.test.js b/test/unit/frontend/web/middleware/static-theme.test.js
index 189eff2526..ab78eca119 100644
--- a/test/unit/frontend/web/middleware/static-theme.test.js
+++ b/test/unit/frontend/web/middleware/static-theme.test.js
@@ -107,7 +107,7 @@ describe('staticTheme', function () {
         });
     });
 
-    it('should NOT skip if file is on whitelist', function (done) {
+    it('should NOT skip if file is allowed', function (done) {
         req.path = 'manifest.json';
 
         staticTheme()(req, res, function next() {
diff --git a/test/unit/server/data/exporter/index.test.js b/test/unit/server/data/exporter/index.test.js
index 9fcf5238a4..5637ee20dc 100644
--- a/test/unit/server/data/exporter/index.test.js
+++ b/test/unit/server/data/exporter/index.test.js
@@ -166,7 +166,7 @@ describe('Exporter', function () {
         });
     });
 
-    describe('Export table whitelists', function () {
+    describe('Export table allowlists', function () {
         it('should be fixed when db schema introduces new tables', function () {
             const {
                 BACKUP_TABLES,
diff --git a/test/unit/server/web/api/middleware/cors.test.js b/test/unit/server/web/api/middleware/cors.test.js
index bee11f76ad..cb038ee9d9 100644
--- a/test/unit/server/web/api/middleware/cors.test.js
+++ b/test/unit/server/web/api/middleware/cors.test.js
@@ -77,7 +77,7 @@ describe('cors', function () {
         done();
     });
 
-    it('should not be enabled the if origin is not whitelisted', function (done) {
+    it('should not be enabled the if origin is not allowed', function (done) {
         const origin = 'http://not-trusted.com';
 
         req.get = sinon.stub().withArgs('origin').returns(origin);