How to audit your Local Sites with, or behind firewalls!

Until now, you could only add live production websites to your account, this blog post will introduce a new way you can now test a Joomla or WordPress site installed on your local computer, or behind a corporate firewall and inaccessible normally to the internet.

Introducing Ngrok – a small utility to give your local sites a public address

In order to connect your local sites, or sites behind a firewall, we are going to introduce Ngrok – you can read all about its powerful options on their website It does way more than we are going to cover here, and has free and paid for options depending on the features you want.

You can use the free level (or any paid level) of Ngrok to connect your sites to, however if you are using the free level then, for the time you have the tunnel open, your “private” local/firewalled sites will be publicly accessible on a random url. If you have a Business Plan at ngrok you can limit access to your site by our IP addresses.

Why would you want to do this?

Several examples:

  • During development you might want to audit your site on your local computer quickly
  • During fixing a hack, you might want to audit the security of the content of the files on a hacked site, hosted locally, before you are sure the hack has been removed
  • Auditing and connecting an intranet or server behind a corporate firewall or NAT not normally accessible to the internet.

What is ngrok?

From their website:

ngrok exposes local servers behind NATs and firewalls to the public internet over secure tunnels.

Alternatives to ngrok

There are some other ngrok-like tools, which we will not cover here, but some are gaining much attention recently, even though they are less mature and less feature-rich than Ngrok. The one I like most is Expose, as its written in PHP. The concept is the same.

The Concept

The concept with Ngrok, is that you download and install ngrok, and you run a command line, this creates a tunnel to your local computer and sets up a reverse proxy to a public URL that ngrok will give you.

The ngrok application will even give you a fully validated SSL url so that your local non-ssl site can now be accessed on a SSL based Url!

In simple terms, you will provide with this disposable url from ngrok, and when we access it, we will see your local website on your local computer as if it were a real live website on the internet. Simple!

Note: The principle is making something not normally available on the internet, something secured away from the internet, now publicly accessible to anyone with the known url. Be sure you are comfortable with that fact. Anyone with the ngrok random url can access your site while the tunnel is up and running. No one will be able to access your site once the tunnel is stopped.

Lets get started!

Ok first you need to signup (for free, or paid account) download and install ngrok – this varies depending on your operating system but is all documented on their site.

Once you have installed ngrok, you can authenticate ngrok using the command

ngrok authtoken <YOUR_AUTH_TOKEN>

You can find your auth token in your ngrok account. Its actually displayed and can be copy and pasted from this page after login.

The next (and last step here) is to start a tunnel pointing at your local web server. Lets assume than right now you access your local site on


then the ngrok command would be:

ngrok http 80

If your local website was on a special port, like 8080 then just change the 80 to 8080.

If your local website uses a name like https://myhackedsite.localmachine:8081/ then the ngrok command would be:

ngrok http https://myhackedsite.localmachine:8081

if you have done everything right you should see something like this:

You can now open a browser to the urls provided and see your website live on the internet!

In the example screenshot above is the url I would use.

Connecting the site to

The rest is pretty simple. Just take that secure https url provided by ngrok and connect your site to the same way you would any other site using the “Add another site” button on the sites page in your account.

Note: You need an unlimited sites subscription to connect ngrok urls to – we do not allow free trial accounts, disposable accounts, or one-site-only accounts to use ngrok urls to prevent fraud and abuse.

To terminate the tunnel after you have finished you can press CTRL and C when the terminal is active. Note that each time you start a tunnel the random url WILL CHANGE, if you want to prevent this you can upgrade to a paid plan at ngrok and have a custom reserved domain.

If using WordPress and having problems, you can see this gotcha in the docs.


Ngrok (or expose) are great tools for any professional web developer or agency to have at their fingertips to solve problems.

Ngrok exposes your otherwise inaccessible services to the internet using tunnels that allow us to connect to your site as if it were a live website.

Ngrok is much more powerful than this blog post explains – be sure to find out more on their site, upgrade to a paid plan, and enjoy (We are not being paid to say this, we use ngrok ourselves and are happy to recommend it).

Last updated on March 13th, 2024