Audit local sites or sites behind firewalls with mySites.guru
mySites.guru works with any site it can reach over the internet. That normally means live production sites, but with a tunnelling tool you can also connect local development sites, staging environments, or sites behind corporate firewalls and NATs.
Below we’ll use Ngrok, but Expose and Cloudflare Tunnel work the same way.
Why would you want to do this?
A few common scenarios:
- You’re building a site locally and want to run a security audit or snapshot before it goes live
- You’re cleaning up a hacked site locally and want to verify the hack is fully removed before pushing it back to production
- You need to audit an intranet or server behind a corporate firewall that isn’t normally accessible from the internet
- You want to test uptime monitoring or real-time alerts against a staging environment
How tunnelling works
Tunnelling tools create a secure connection between your local machine and a public URL. When mySites.guru connects to that URL, the traffic is routed through the tunnel back to your local web server. From mySites.guru’s perspective, it looks like any other live website.
Most tunnelling tools also provide a valid SSL certificate automatically, so even if your local site runs on plain HTTP, the public URL will be HTTPS.
⚠️ Your site becomes publicly accessible
While the tunnel is running, anyone with the URL can access your local site. The tunnel closes the moment you stop the tool. If this concerns you, paid plans on most tools let you restrict access by IP address — you can limit it to mySites.guru's IP addresses only.
Setting up with Ngrok
Ngrok is the most widely used tunnelling tool. It has free and paid tiers.
1. Install and authenticate
Download Ngrok for your operating system and install it. Then authenticate with your account token:
ngrok authtoken <YOUR_AUTH_TOKEN>You’ll find your auth token on the Ngrok dashboard after signing up.
2. Start a tunnel
If your local site runs on port 80:
ngrok http 80If it runs on a different port (e.g. 8080):
ngrok http 8080If your local site uses a hostname like https://myhackedsite.local:8081:
ngrok http https://myhackedsite.local:8081You’ll see output like this:
The HTTPS URL shown (e.g. https://c8b94007b63b.ngrok.io) is what you’ll give to mySites.guru.
3. Connect to mySites.guru
Take the HTTPS URL from Ngrok and add it as a site in your mySites.guru account, just like you would any live site.
ℹ️ Subscription requirement
You need an unlimited-sites subscription to connect tunnel URLs. Free trial, disposable, and single-site accounts cannot use tunnel URLs — this prevents fraud and abuse.
4. When you’re done
Press Ctrl+C in the terminal to stop the tunnel. Your local site immediately becomes inaccessible from the internet.
On the free Ngrok tier, the URL changes every time you start a new tunnel. If you want a persistent URL, upgrade to a paid plan and reserve a custom domain.
If you’re using WordPress and running into issues with Ngrok, check the WordPress-specific notes in the Ngrok docs.
Alternatives to Ngrok
Ngrok is the most widely used option, but there are good alternatives.
Expose
Expose is a tunnelling tool written in PHP. It works the same way as Ngrok: install it, run a command, and get a public URL for your local site.
expose share http://localhost:8080Expose has a free hobby tier with time-limited sessions and random URLs. The Pro plan ($79/year) adds persistent URLs, custom domains, and access to global servers. If your stack is PHP-heavy, Expose feels like a natural fit. It also integrates with Laravel Herd if you use that for local development.
Cloudflare Tunnel
If you already use Cloudflare for DNS, Cloudflare Tunnel (formerly Argo Tunnel) can expose local services through your existing Cloudflare setup. It’s free for personal use through the Zero Trust dashboard.
cloudflared tunnel --url http://localhost:8080The main advantage is that traffic stays within Cloudflare’s network, and you can layer on their access policies for authentication. The trade-off is more setup than Ngrok or Expose.
Tailscale Funnel
Tailscale Funnel lets you expose a local service to the internet through Tailscale’s network. It’s free with a Tailscale account. Good if you already use Tailscale for your VPN.
All of these work with mySites.guru. The only requirement is that the tool gives you a public HTTPS URL that mySites.guru can reach.
What you can do once connected
Once connected, your local site gets the full mySites.guru toolset — security audits that scan every file for hacks, snapshots for best-practice checks, file monitoring for real-time change alerts, and uptime monitoring if you want to keep tabs on a staging environment.
mySites.guru doesn’t know or care that the site is running on your laptop. It treats it the same as any live production site.
