HTProtect – Documentation
The essentials of the Joomla security extension HTProtect at a glance: installation, the core features and answers to common questions.
Installation & first steps
- Install the extension
In the Joomla back end open System›Install›Extensions and upload the HTProtect package.
- Open HTProtect
Open the Overview under Components›HTProtect.
- Run the one-click hardening
The security status lists every protection point (HTTPS enforcement, protection shield, exploit shield, upload hardening …). Bring it into the green with the one-click hardening.
- Enable real-time protection & watchdog
A single switch enables real-time protection (WAF), the automatic watchdog and live signature updates at once.
- Set an alert email
Enter an email address for notifications and verify it with Send test email.
- Run a site scan
Use Site Scan to check the installation for vulnerable extensions and anomalies.
The areas at a glance
Requirements
Good to know
- Back-end access protection is optional and can be added at any time under "Back-end access".
- Scan regularly: run the site scan and self-test manually now and then; the watchdog runs automatically anyway.
- On an alert, check the reported points – if compromised, have the site professionally cleaned and change all passwords.
Frequently asked questions
Does HTProtect replace my updates?
No. HTProtect is an additional layer of protection. Updating the affected extensions remains the most important measure.
Does it protect against the vulnerabilities documented here?
It hardens the upload folders – the entry point of many of these flaws – and blocks exploit calls via the WAF. The actual fix, however, remains updating the respective extension.
What happens on an alert?
You receive an email at the address you set. Open items are re-reported at a configurable interval until they are resolved.
Support & availability
- HTProtect / Website-Bereinigung.deAvailability, support and help
- Securing the Joomla .htaccess with HTProtectBackground article
Inside the extension you will also find a Help Center with further guidance.
Supporters of this site
htprotect.org is a free, vendor-independent information service. It is supported by:

Joomla host from Germany with active community support – discovered the first attack on the JCE vulnerability.
fc-hosting.deSpecialised in cleaning, maintaining and securing Joomla and WordPress websites.
website-bereinigung.deSupport this project
You run a hosting or Joomla service and would like to support htprotect.org – and be listed here as a supporter? Every contribution helps to warn and protect those affected faster.