Congratulations on signing up for Astra Website Protection. Astra works with all PHP based websites, and this guide walks you through the process of installing & uninstalling Astra Website Protection plugin on PHP based websites without a plugin. Before we get started, please ensure your server meets the minimum system requirements.

How to Install Website Protection without a plugin

Step 1 - Download the Astra Website Protection ZIP

1. After purchasing Astra Website Protection, login to the Dashboard
   
   

2. Navigate to the Website Protection page & click on the Complete Setup button
   
   

3. Complete the details in the Getting Started workflow as follows:
   
   - Enter the Full Website URL where you will install the plugin. For eg: https://www.getastra.com/blog
   - Enter a short nickname which will be displayed instead of the entire website URL
   - Select PHP as your website technology
   
   

4. Go to the next step, and click on the Download button to download the security engine
   
   

5. Click on the Show Activation Code button & copy the code to your clipboard

Step 2 - Extract the Astra ZIP on your server using the Installer

1. From the Astra Dashboard, also download the installer by clicking on Download PHP Installer
   
   

2. Now open the File Manger in your Hosting Panel, or connect to it via SSH or (s)FTP
   
   

3. Upload the files to the root of your website (public folder): getastra-vX.Y.Z.zip & astraInstaller.php
   
   

4. In your Web Browser, visit the astraInstaller.php URL. For example, example.com/astraInstaller.php
   
   

5. Follow the steps given in the screen to complete the installation

Step 3 - Enter Activation Code

1. Open the Activation page either from the link in the Astra dashboard, or the installer. For example: example.com?astraRoute=api/login
   
   

2. If the Activation page does not open for you at the URL, it is possible that your server does not support the .user.ini file. Read this guide to fix this.
   
   

3. Enter the Activation Code which had copied from the dashboard

🎉 You've just successfully installed Astra Website Protection on your PHP based website

How to Reinstall Website Protection without a plugin

If you've installed the plugin on your PHP based website once and want to reinstall it, this guide is for you:

1. Navigate to the Settings page of the website in your Astra Dashboard
   
   

2. Scroll down and click on Re-install Astra button
   
   

3. Select PHP in the platform dropdown, and Download the ZIP
   
   

4. Now open the File Manger in your Hosting Panel, or connect to it via SSH or (s)FTP
   
   

5. If the getastra-premium folder does not exist on your server, follow the instruction in Step 2 - Extract the Astra ZIP on your server using the Installer mentioned above
   
   

6. Now visit the Activation page URL as shown in the dashboard. For example: example.com?astraRoute=api/login
   
   

   -If you are reinstalling on the same server then your plugin might already be activated, and no further action is required.
   
   -If you see a button titled Enter Activation Key then you need to copy the Activation code from the dashboard and enter it here.
   

How to Uninstall Website Protection without a plugin

1. Open the File Manger in your Hosting Panel, or connect to it via SSH or (s)FTP
   
   

2. Create a phpinfo page on your server
   
   

3. Search for the string auto_prepend_file in the phpinfo page contents
   
   
   

4. If the value in this field is empty, or does not have a path which contains getastra-premium/autoload.php then it means that Astra Website Protection is not installed on your site and you can skip the following steps
   
   

5. [Important] Now we need to remove the auto_prepend_file configuration, before deleting the getastra-premium folder
   
   

6. The auto_prepend_file configuration can be present in any one or many of the following files. Please make a copy of the file before removing the auto_prepend_file value. The actual path to the autoload.php file will vary server to server.
   

7. After you've removed the code, or commented it out - refresh the phpinfo page and check the auto_prepend_file value. You may have to restart your Apache/Nginx for the changes to take effect.
   
   

8. Once you've verified that the value is no longer set - delete the getastra-premium folder from your server to complete the uninstall

It is important to remove auto_prepend_file config before deleting the getastra-premium folder. Otherwise your website may encounter HTTP 500 errors due to server limitations.