Site scan⬢ 6.1.2
👤 User menu
Interactive demo – click around. Nothing is saved, sent or executed.Interactive demo – nothing is saved or executed.↗ Get HTProtectDEEN
v2.4.13 · htprotect.org · Docs
v2.4.13 · htprotect.org · Docs

Site scan

The scan fetches the home page and the most important menu pages of your own site, collects all files linked there (images, scripts, form targets, direct .php calls ...) and checks them against the currently saved shield rules. For everything that would be blocked, it suggests matching exceptions.

URL test (incl. resources)

Checks a complete URL of your site – including its query string – against all protection layers and reveals possible 403 blocks (caused by the .htaccess or the mini-WAF). The page's embedded resources (CSS, JS, images …) are checked automatically. A single path can be entered, too.

Malware Scanner Experimental

Deep scan of the whole webspace for hidden malware – on demand, independent of the traffic light. A finding is just a suspicion at first: before deleting, take a quick look via »Content«. Spotted a false alarm or something missed? Report it to the swarm below – every report makes HTProtect safer for everyone.

Whitelist (marked as safe) (0)

These paths/folders are permanently excluded from the scan (this site only).

    🐝Swarm protection · report false positives (whitelist) or missed findings to the community (for experts)

    Sends the selected file contents ANONYMOUSLY to the developer (no host, no IP) to improve signatures. Deliberate action – no telemetry. Every report is reviewed before inclusion.

    sends your files marked safe + which signature flags them

    Please report BEFORE deleting – the file must still exist to be sent.

    Clean up the tmp folder

    Removes stale leftovers and attacker probes from the tmp folder – only files older than 24 hours (running installations/updates are left untouched). Protective files are never deleted: index.html, .htaccess and web.config are always kept (a .htaccess in tmp/ is usually a PHP block). You can add your own exceptions below.

    Exclusion list
    The click saves the settings and cleans up right away.

    Defacement / SEO-spam watch

    Checks the home page every 6 hours for typical hack traces (defaced page, foreign redirect, injected spam links) and whether it loads without errors at all (no 5xx/4xx, no blank page). Detects by mechanism, not by keywords – only alerts on clear signs, never deletes automatically.

    Protection works on Apache and LiteSpeed servers (mod_rewrite). Before every write a backup is made automatically; a self-test with auto rollback catches server incompatibilities. Donate