Overview⬢ 6.1.2
👤 User menu
Interactive demo – click around. Nothing is saved, sent or executed.Interactive demo – nothing is saved or executed.↗ Get HTProtectDEEN
v2.4.13 · htprotect.org · Docs
v2.4.13 · htprotect.org · Docs

Overview

Set up the backend access protection

Protect /administrator with an additional web server password prompt – set up in 30 seconds. Use different credentials than for the Joomla login.

Creates a strong 20-character random password and fills both fields.
Server path (advanced)

Only needed if the self-test reports that the web server cannot read the password file (PHP and Apache see different paths, e.g. chroot). The component first tries all known path views automatically.

Tip: use different credentials than for the Joomla login – that is the point of the additional layer.

System & self-test

  • Joomla 6.1.2 · PHP 8.3.31
  • Server: Apache compatible · HTTP self-test: available
  • Last self-test: 4 of 4 passed 2026-07-11 09:42
Which checks? (show details)
CheckStatusResult
Startseite erreichbarno connectionOK
Backend erreichbarno connectionOK
PHP-Schild blockt Upload-Skripteno connectionOK
configuration.php nicht auslesbarno connectionOK
Keep HTProtect up to date automatically
One click: HTProtect installs its own updates automatically from now on (checks every 3 h) – so your protection always runs the latest version. (recommended)

Real-time protection, monitoring & notification

One switch, three effects: real-time protection (blocks exploit calls in the POST body too, which a .htaccess cannot see), automatic watcher (files, super-user accounts, defacement & warning list) and live signature updates – instantly for zero-days, with nothing to do on your part.

active Real-time protection is running, the background watcher checks regularly and loads new signatures.

Separate multiple addresses with a comma.
days (2–30)

No mail spam: Attack attempts never trigger an e-mail (they are only logged). Reported are exclusively genuine security findings (e.g. tampered protection files, suspicious accounts, defacement, newly found vulnerable extensions) – at most one summary mail every few hours, a reminder about open items no sooner than after 14 days.

Signatures · Firewall (real-time, GET+POST): 2026-07-11 (feed, 2026-07-11 06:00) · .htaccess foundation: 2026-07-11

Protection works on Apache and LiteSpeed servers (mod_rewrite). Before every write a backup is made automatically; a self-test with auto rollback catches server incompatibilities. Donate