Help & support
Questions, problems, suggestions or a bug? Write to us directly via the form – we reply by e-mail. The system info is only sent if you want (no passwords, no content).
Support development
HTProtect is and stays free – all protection features without restriction, because security should not depend on your budget. If the extension helps you, you can support its further development with a voluntary donation. Thank you!
Direct contact (always reliable)
Independent of the server's mail sending: this button opens the message directly in your own e-mail program – so it arrives for sure.
Send via your own e-mail program Start live chat
- E-mail: support@htprotect.org
- Web: website-bereinigung.de
Privacy & outbound connections
HTProtect sends no telemetry and no usage data. The only outbound connections are:
- Signature feed (update.wb-dev.de): downloads the exploit/malware signature lists. Plain download, can be switched off - then the built-in signatures are used.
- Joomla version check (downloads.joomla.org): reads the current Joomla version for the status indicator.
- Community report: only when you actively submit a false alarm / paths - never automatically, no IP reputation.
- Update finding report: if the auto-updater flags suspicious code in an update, the affected (public) extension file is sent once per version anonymously to website-bereinigung.de – for signature review, with no host, IP or personal data.
- Update feedback & block list: clicking „worked fine“ / „report a problem“ in an update email sends an anonymous signal (extension, version, verdict – no host/IP) to website-bereinigung.de. From this a signed block list of highly problematic update versions may be published, which HTProtect only READS and then does not install (no extra data sent, no remote intervention).
- Precautionary hold: if an update triggers the malware scan on several sites, radar can briefly mark it as „held back as a precaution“. HTProtect reads this small list (extension+version only, over verified HTTPS) and then silently does not install the affected version – purely preventive, security updates excepted, expires automatically. No data sent, no intervention in the running site.
- Outgoing e-mail (via your Joomla mailer): alerts and notifications to the configured address.
All core functions also work completely offline, without any of these connections.
When does which check run?
No noticeable performance impact: the checks run mostly after the page has been delivered, in the background – resource-friendly, without a real cron job.
- Exploit protection (WAF)
- on every request (instant)
- Watcher base run (.htaccess, warning list, accounts)
- at most every 15 minutes
- Signature feed (exploit + malware)
- every 6 hours
- Defacement / SEO spam check
- every 6 hours
- Integrity / anomaly check (entry points)
- every 12 hours
- Joomla version check
- once a day
- Cleaning up temporary files
- once a day
- Update notification (email)
- checked every 6 h; email only when the list changes (same list at most every 14 days)
- Extension auto-update (installation)
- on your schedule – security updates immediately, selected updates after the grace period
The malware scan deliberately does NOT run automatically – only when you start it in the Scan area. The two auto-update rows only apply if you have enabled the respective feature (off by default).
Uninstall HTProtect & remove all traces
On uninstall, also removes the protection files that are otherwise deliberately left behind – so truly nothing of HTProtect remains. Pick what should be reset, then click „Clean up & uninstall“.