Help center⬢ 6.1.2
👤 User menu
Interactive demo – click around. Nothing is saved, sent or executed.Interactive demo – nothing is saved or executed.↗ Get HTProtectDEEN
v2.4.13 · htprotect.org · Docs
v2.4.13 · htprotect.org · Docs

Help & support

Questions, problems, suggestions or a bug? Write to us directly via the form – we reply by e-mail. The system info is only sent if you want (no passwords, no content).

Support development

HTProtect is and stays free – all protection features without restriction, because security should not depend on your budget. If the extension helps you, you can support its further development with a voluntary donation. Thank you!

☕ Coffee fundincl. invoice (19% VAT)PayPalno invoice

Direct contact (always reliable)

Independent of the server's mail sending: this button opens the message directly in your own e-mail program – so it arrives for sure.

Send via your own e-mail program Start live chat

Privacy & outbound connections

HTProtect sends no telemetry and no usage data. The only outbound connections are:

  • Signature feed (update.wb-dev.de): downloads the exploit/malware signature lists. Plain download, can be switched off - then the built-in signatures are used.
  • Joomla version check (downloads.joomla.org): reads the current Joomla version for the status indicator.
  • Community report: only when you actively submit a false alarm / paths - never automatically, no IP reputation.
  • Update finding report: if the auto-updater flags suspicious code in an update, the affected (public) extension file is sent once per version anonymously to website-bereinigung.de – for signature review, with no host, IP or personal data.
  • Update feedback & block list: clicking „worked fine“ / „report a problem“ in an update email sends an anonymous signal (extension, version, verdict – no host/IP) to website-bereinigung.de. From this a signed block list of highly problematic update versions may be published, which HTProtect only READS and then does not install (no extra data sent, no remote intervention).
  • Precautionary hold: if an update triggers the malware scan on several sites, radar can briefly mark it as „held back as a precaution“. HTProtect reads this small list (extension+version only, over verified HTTPS) and then silently does not install the affected version – purely preventive, security updates excepted, expires automatically. No data sent, no intervention in the running site.
  • Outgoing e-mail (via your Joomla mailer): alerts and notifications to the configured address.

All core functions also work completely offline, without any of these connections.

When does which check run?

No noticeable performance impact: the checks run mostly after the page has been delivered, in the background – resource-friendly, without a real cron job.

Exploit protection (WAF)
on every request (instant)
Watcher base run (.htaccess, warning list, accounts)
at most every 15 minutes
Signature feed (exploit + malware)
every 6 hours
Defacement / SEO spam check
every 6 hours
Integrity / anomaly check (entry points)
every 12 hours
Joomla version check
once a day
Cleaning up temporary files
once a day
Update notification (email)
checked every 6 h; email only when the list changes (same list at most every 14 days)
Extension auto-update (installation)
on your schedule – security updates immediately, selected updates after the grace period

The malware scan deliberately does NOT run automatically – only when you start it in the Scan area. The two auto-update rows only apply if you have enabled the respective feature (off by default).

Uninstall HTProtect & remove all traces

On uninstall, also removes the protection files that are otherwise deliberately left behind – so truly nothing of HTProtect remains. Pick what should be reset, then click „Clean up & uninstall“.

This reduces protection – choose deliberately. Afterwards nothing of HTProtect remains.

Protection works on Apache and LiteSpeed servers (mod_rewrite). Before every write a backup is made automatically; a self-test with auto rollback catches server incompatibilities. Donate