Skip to main content
mySites.guru

JCE Profiles Hack (14th June): Attackers are actively targeting Joomla sites that run JCE. Track down the rogue profiles and webshells they leave behind, on every site you manage.

Audit local sites or sites behind firewalls with mySites.guru

Audit local sites or sites behind firewalls with mySites.guru

mySites.guru works with any site it can reach over the internet. That normally means live production sites, but with a tunnelling tool you can also connect local development sites, staging environments, or sites behind corporate firewalls and NATs.

Below we’ll use Ngrok, but Expose and Cloudflare Tunnel work the same way.

Why would you want to do this?

A few common scenarios:

  • You’re building a site locally and want to run a security audit or snapshot before it goes live
  • You’re cleaning up a hacked site locally and want to verify the hack is fully removed before pushing it back to production
  • You need to audit an intranet or server behind a corporate firewall that isn’t normally accessible from the internet
  • You want to test uptime monitoring or real-time alerts against a staging environment

How Does Tunnelling Work?

Tunnelling tools create a secure connection between your local machine and a public URL. When mySites.guru connects to that URL, the traffic is routed through the tunnel back to your local web server. From mySites.guru’s perspective, it looks like any other live website.

Most tunnelling tools also provide a valid SSL certificate automatically, so even if your local site runs on plain HTTP, the public URL will be HTTPS.

⚠️ Your site becomes publicly accessible

While the tunnel is running, anyone with the URL can access your local site. The tunnel closes the moment you stop the tool. If this concerns you, paid plans on most tools let you restrict access by IP address - you can limit it to mySites.guru's IP addresses only.

How Do You Set Up with Ngrok?

Ngrok is the most widely used tunnelling tool. It has free and paid tiers.

1. Install and authenticate

Download Ngrok for your operating system and install it. Then authenticate with your account token:

Terminal window
ngrok authtoken <YOUR_AUTH_TOKEN>

You’ll find your auth token on the Ngrok dashboard after signing up.

2. Start a tunnel

If your local site runs on port 80:

Terminal window
ngrok http 80

If it runs on a different port (e.g. 8080):

Terminal window
ngrok http 8080

If your local site uses a hostname like https://myhackedsite.local:8081:

Terminal window
ngrok http https://myhackedsite.local:8081

You’ll see output like this:

Ngrok terminal output showing the public tunnel URL and connection status

The HTTPS URL shown (e.g. https://c8b94007b63b.ngrok.io) is what you’ll give to mySites.guru.

3. Connect to mySites.guru

Take the HTTPS URL from Ngrok and add it as a site in your mySites.guru account, just like you would any live site.

ℹ️ Subscription requirement

You need an unlimited-sites subscription to connect tunnel URLs. Free trial, disposable, and single-site accounts cannot use tunnel URLs - this prevents fraud and abuse.

4. When you’re done

Press Ctrl+C in the terminal to stop the tunnel. Your local site immediately becomes inaccessible from the internet.

On the free Ngrok tier, the URL changes every time you start a new tunnel. If you want a persistent URL, upgrade to a paid plan and reserve a custom domain.

If you’re using WordPress and running into issues with Ngrok, check the WordPress-specific notes in the Ngrok docs.

What Are the Alternatives to Ngrok?

Ngrok is the most widely used option, but there are good alternatives.

Expose

Expose is a tunnelling tool written in PHP. It works the same way as Ngrok: install it, run a command, and get a public URL for your local site.

Terminal window
expose share http://localhost:8080

Expose has a free hobby tier with time-limited sessions and random URLs. The Pro plan ($79/year) adds persistent URLs, custom domains, and access to global servers. If your stack is PHP-heavy, Expose feels like a natural fit. It also integrates with Laravel Herd if you use that for local development.

Cloudflare Tunnel

If you already use Cloudflare for DNS, Cloudflare Tunnel (formerly Argo Tunnel) can expose local services through your existing Cloudflare setup. It’s free for personal use through the Zero Trust dashboard.

Terminal window
cloudflared tunnel --url http://localhost:8080

The main advantage is that traffic stays within Cloudflare’s network, and you can layer on their access policies for authentication. The trade-off is more setup than Ngrok or Expose.

Tailscale Funnel

Tailscale Funnel lets you expose a local service to the internet through Tailscale’s network. It’s free with a Tailscale account. Good if you already use Tailscale for your VPN.

All of these work with mySites.guru. The only requirement is that the tool gives you a public HTTPS URL that mySites.guru can reach.

What Can You Do Once Connected?

Once connected, your local site gets the full mySites.guru toolset - security audits that scan every file for hacks, snapshots for best-practice checks, file monitoring for real-time change alerts, and uptime monitoring if you want to keep tabs on a staging environment.

mySites.guru doesn’t know or care that the site is running on your laptop. It treats it the same as any live production site.

Local auditing fits into the broader security workflow in our agency security guide.

Frequently Asked Questions

Can I connect a local development site or a site behind a firewall to mySites.guru?
Yes. Use a tunnelling tool like Ngrok, Expose, or Cloudflare Tunnel to give your local or firewalled site a public URL, then add that URL to mySites.guru like any other site.
Is Ngrok free to use with mySites.guru?
The free tier of Ngrok works, but each session generates a new random URL. A paid plan gives you a fixed reserved domain and optionally restricts access to specific IP addresses.
Are there account restrictions when using tunnel URLs with mySites.guru?
You need an unlimited-sites subscription to connect tunnel URLs. Free trial and single-site accounts are not permitted, to prevent fraud and abuse.
Will my local site be publicly accessible while the tunnel is running?
Yes. Anyone with the tunnel URL can reach your site while it's active. The tunnel closes when you stop the tool, and access is cut off immediately. Paid plans on most tools let you add IP restrictions for extra security.

More from the blog

Schedule Audits, Updates & Backups

Schedule Audits, Updates & Backups

Configure time-based and action-based schedules for security audits, snapshots, updates and Akeeba backups across all your mySites.guru connected sites.
Site Management Is More Than Just Updates

Site Management Is More Than Just Updates

Real site management means security audits, best practice checks, and hack detection - not just bulk updates, backups, and uptime pings.
Emails from AuditMailerTest@myjoomla.io

Emails from AuditMailerTest@myjoomla.io

Explains why you may receive test emails from AuditMailerTest@myjoomla.io and what they mean for your mySites.guru audit notifications.

What our users say

Accredited Design LLC
Accredited Design LLCManaging Member
★★★★★

I've been with mySites.guru for years now, and it's a central function of my business. Managing multiple site updates at once has saved me untold hours of work to have otherwise needed to login to many sites individually. The other tools to remove unnecessary files, automate backups of websites and scan for malicious code are also extremely helpful. On many occasions, timely warnings from Phil Taylor about security holes in components, plugins and core CMS updates have saved me a lot of grief before bad things happened to my websites. When bad updates have already broken my websites, Phil was always two steps ahead and has surgically accurate information readily available to fix them. Sure, there are other similar services and self-hosted solutions out there, but having all of the things I've mentioned in one place and on one control panel are worth the price of admission in my book. Thank you Phil for all your hard work and for the service you provide to the Joomla and Wordpress communities!

Read more reviews
Ben Thoma
Ben ThomaHinterhof Agentur
★★★★★

We manage around 100 Joomla projects and are very happy that mysites.guru takes so much work off our hands. This makes regular Joomla maintenance a profitable business for us.

Read more reviews

Read all 192 reviews →

Ready to Take Control?

Start with a free site audit. No credit card required.

Get Your Free Site Audit