Trojan

What is a Trojan?

Trojans have been wreaking havoc for about 3,200 years. The first trojan horse appeared at the gates of Troy in the year 1180 BCE (give or take a couple of decades). It was an ingenious tool of deception employed by the Greeks who after a 10-year battle, left the horse as a gift as they retreated. Unbeknownst to the Trojans, however, 40 Achaeans hid inside the horse. As night fell, the Achaeans attacked the Trojans who had accepted the gift.

Modern trojans behave in a similar manner. At face value, they seem like legitimate software with malware hiding deep inside. Once the software is executed, or the malicious file is opened, the malware is let loose, and just as the original trojan horse led to the fall of Troy, its modern variant can very well lead to the fall of your website or server.

How does a Trojan work?

Trojans are a malware delivery method with a payload that can include different types of malware. Once executed any type of malware can burrow its way into the Operating System with backdoors and ransomware being two of the most common malware delivered through trojans.

As a delivery system, they are quite effective and account for 80% of all malware detected in a survey carried out by BitDefender in the first half of 2019.

Trojans employ different methods to get you to click the file in which they hide including email attachments and adverts. Once clicked, the code executes and the malware hiding inside makes its way to the Operating System. The payload will vary depending on the malware hiding inside.

Why are Trojans dangerous?

Trojans can be very dangerous. The malware hiding inside can be extremely damaging, or can even allow the attacker complete access to the victim’s website or computer. Since there is no standard trojan payload, it can be difficult to assess the type of damage a trojan might do to your system so it’s always best to protect your system at all times from all types of trojans.

How Trojans target WordPress websites

Trojans can target WordPress websites and the server on which they run. Just like trojans elsewhere, they will only execute once the file they’re hiding in is executed with the actual payload depending on the malware hiding inside.
In the case of WordPress, trojans can be potentially installed through plugins or themes, typically nulled ones. These often open a backdoor or inject code that triggers other malware, which can then be used to launch further malicious attacks.

How to protect your website from Trojans

To effectively protect yourself and your website from trojans, make sure that you do not open any files that you do not absolutely trust. You should also avoid clicking on any links that you’re not 100% sure of their legitimacy, and avoid using nulled plugins and themes.

Always check plugins and themes before installing them – ensuring they come from a reputable source and have not been tampered with. Equally important is to check all the software you install on your PC or server and remain vigilant at all times.

Having a good anti-malware solution as well as a comprehensive WordPress security policy will act as your second line of defense – something definitely worth having should a trojan slip through.

Stay in the loop

Subscribe to the Melapress newsletter and receive curated WordPress management and security tips and content.

Newsletter icon

It’s free and you can unsubscribe whenever you want. Check our blog for a taste.

Envelope icon
Uploading WP 2FA as a zip file in WordPress
WP 2FA in the WordPress plugin repository
Close

Installing WP 2FA Free

Congratulations on taking the first step towards enhancing your WordPress site's security with WP 2FA Free! You're now on your way to protecting your valuable data and ensuring peace of mind. No coding or technical knowledge is required.

 

Below are two ways to install WP 2FA on your website:

Go to your plugin dashboard on your site, then go to "Add New", and then search for WP 2FA.

Download the WP 2FA plugin zip, then select upload in your plugin dashboard under "Add New".

OPTION 1

OPTION 2

Uploading CAPTCHA 4WP as a zip file in WordPress
CAPTCHA 4WP in the WordPress plugin repository
Close

Installing CAPTCHA 4WP Free

Well done you. You're one step closer to safeguarding your WordPress website from spam and automated attacks with CAPTCHA 4WP. You'll be able to effortlessly integrate CAPTCHA into your forms and enjoy a website with enhanced security.

 

Below are two ways to install CAPTCHA 4WP on your website:

Go to your plugin dashboard on your site, then go to "Add New", and then search for CAPTCHA 4WP.

Download the CAPTCHA 4WP plugin zip, then select upload in your plugin dashboard under "Add New".

OPTION 1

OPTION 2

Uploading WP Activity Log as a zip file in WordPress
WP Activity Log in the WordPress plugin repository
Close

Installing WP Activity Log Free on your website

You deserve a pat on the back for choosing to record user actions and changes on your website. That is the first step towards better user accountability, easier troubleshooting of website security, and many other benefits of issues.

 

Below are the two ways to install WP Activity Log on your website:

Go to your plugin dashboard on your site, then go to "Add New" and then search for WP Activity Log.

Download the WP Activity Log plugin zip, then select upload in your plugin dashboard under "Add New".

OPTION 1

OPTION 2

Uploading Melapress Login Security as a zip file in WordPress
Melapress Login Security in the WordPress plugin repository
Close

Installing Melapress Login Security Free

Congratulations on taking control of your WordPress website's security by implementing robust login and password policies with Melapress Login Security. You can change your login page URL, limit failed login attempts, and reset passwords.

 

Below are two ways to install Melapress Login Security on your website:

Go to your plugin dashboard on your site, then go to "Add New" and then search for Melapress Login Security.

Download the Melapress Login Security plugin zip, then select upload in your plugin dashboard under "Add New".

OPTION 1

OPTION 2