PeopleAreGeek
FR

SecurityWatch Multi-Site Monitor

Watch a list of sites five ways at once: uptime, homepage tamper, TLS expiry, missing security headers and WordPress drift, with an optional webhook.

SecurityWatch is a multi-site security monitor for the person running one site, or a handful, who wants to catch trouble within hours instead of weeks. Drop your sites into a watchlist and every scan checks each one five ways: is it up, did the homepage get tampered with (a page-hash fingerprint), when does the TLS cert die, did a security header quietly vanish, and did WordPress jump a major version. Snapshots live in your browser, so when something shifts between two runs you get told in plain English, like TLS expiry dropped from 87 to 14 days or HSTS header is gone. The four probes run server side so the watched CDN logs our IP, not yours, while your watchlist, snapshots and webhook URL never leave localStorage. An optional webhook fires a JSON alert straight from your browser to Slack, Discord, n8n or your own box the moment a high-severity regression shows up, with no backend to host. It only scans when you click, so treat it as fast triage before a migration, a host move or a CDN swap, not as a background alert service.

Queries run through the PeopleAreGeek lookup service. We log nothing.

Multi-site security monitoring

Drop your sites into a watchlist. Every time you visit, SecurityWatch checks each one five ways: is it up, did the homepage get tampered with (that is a page-hash thing), when does the TLS cert die, did a security header quietly vanish, and did WordPress jump a major version on you. Snapshots live in your browser, so when something shifts between two runs you get told in plain English. There is an optional webhook too. Paste a URL and it fires a JSON alert the moment something breaks, which means you can pipe SecurityWatch straight into Slack or Discord or n8n (or honestly whatever you have cobbled together) with no backend at all.

Watchlist is stored in your browser only (localStorage). Clearing browser data removes it. No account required.

What SecurityWatch monitors and why it matters

SecurityWatch is a multi-site security monitor for the person running one site, or a handful, who wants to find out within hours instead of weeks that something visible from the outside has changed. Most of what wrecks a site in 2026 is not some glamorous zero-day. It is the slow, boring stuff. A cert where auto-renew silently choked and now it expires next Tuesday. A security header that fell off during a theme update and nobody noticed. A CMS that upgraded itself a whole major version and broke a plugin in the process. Or a defacement that swapped your homepage for a crypto-jacking script and just sits there for three weeks because who actually scrolls down to the marketing page. The watchlist lives in your browser. You trigger the scans. The diffs between two visits show you what moved.

Five checks run per site. Uptime is just an HTTP request that grabs the status code, the response time and where any redirects send you. Defacement detection hashes a homepage fingerprint after stripping out timestamps, nonces and ad markup, so a genuine content change trips it but the harmless churn does not. TLS expiry reads the cert, who issued it, and how many days are left. Amber kicks in at 30 days, red at 14. Security headers watches HSTS, CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy and Permissions-Policy, and yells when one that was there last time has gone missing. And WordPress version drift peeks at the generator meta and the version query hanging off your CSS or JS to catch a major-version jump that probably deserves a closer look.

How the monitoring workflow runs without a backend

  1. Add a site by pasting its URL, plus a label if you want one. The entry gets tucked into localStorage under the key pag-securitywatch-v1, right there in your browser.
  2. Scan whenever you feel like it by hitting "Scan now". The scan pings four public endpoints on the PeopleAreGeek server (headers, ssl, status, seo-page) and stitches the results together. Nothing leaves for anywhere else.
  3. Compare the fresh snapshot against the last one sitting in local storage. Whatever changed gets spelled out in plain English. Stuff like "TLS expiry dropped from 87 to 14 days" or "HSTS header is gone" or "homepage hash changed".
  4. Optional webhook: drop in a URL (a Slack incoming webhook, a Discord webhook, an n8n catch endpoint, your own box, take your pick). When SecurityWatch spots a regression, it POSTs a little JSON over to that URL so the alert lands in your team chat or wherever your automation lives.
  5. Export the whole watchlist as JSON to back it up, or to haul it over to another browser. Import on the same page brings it back. No cloud account, and nothing locking you in.

Common use cases for SecurityWatch

  • Small portfolio of client sites. Say you are a freelancer babysitting ten WordPress builds for clients. Throw them all on the watchlist and run a one-click scan once a week, maybe Monday morning before standup.
  • Migration safety net. Just moved a site to a new host or swapped CDNs? Run SecurityWatch right then, and again two days later. If a header or the TLS quietly regressed, you will see it.
  • Defacement early warning. The page-hash check catches an unauthorised homepage edit minutes into the next scan, way before you would have stumbled onto it yourself.
  • Certificate renewal sanity. Auto-renew is great until it is not. Certs still flub the install sometimes, a DNS challenge that will not validate, an account that hit a rate limit. This is your last line of defense before visitors start seeing that ugly browser warning.
  • Compliance evidence. Those exported JSON snapshots double as a halfway-decent audit trail when some lightweight framework wants proof you actually run periodic checks.

Limitations and privacy notes

Let us be clear about what this is. SecurityWatch is a browser-side monitor, not a hosted service. It only scans when the tab is open and you push the button. No cron sitting in the cloud, no email scheduler, no shared dashboard, no team logins. The catch is that the watchlist rides along with your browser. Private to you, sure, but wipe your browser data or hop to a different machine and it is gone, unless you exported it first. If you genuinely need 24x7 hands-off coverage, bolt a CI cron onto the same endpoints, or lean on something like UptimeRobot or BetterStack for the pure uptime side. For fast on-demand checks with zero signup, this is about the best free option going.

The probes themselves are gentle. Plain HEAD or GET requests aimed at the public homepage of each site you are watching. Every probe goes out from the PeopleAreGeek server, so that is the IP the big CDNs will log, not yours. The watchlist, the snapshots, your webhook URL, the email you typed in, all of it stays in browser localStorage and never reaches PeopleAreGeek. And the optional webhook fires straight from your browser to the URL you set, so the recipient sees the JSON payload while PeopleAreGeek sees nothing.

Frequently asked questions

Does SecurityWatch run continuously in the background?

No. It only runs when you have the page open and you hit "Scan all now", or when you fire a per-site "Scan now". If you want it watching while no tab is open, hit the same endpoints from a cron job or a CI workflow instead.

Where is the watchlist stored?

In your browser localStorage, under the key pag-securitywatch-v1. It never gets shipped off to PeopleAreGeek or anywhere else. Planning to clear your browser data? Export to JSON first so you do not lose it.

What is the defacement check exactly?

SecurityWatch builds a fingerprint of the homepage (title, description, canonical and h1 list) and runs a SHA-256 over it after stripping out scripts and dynamic noise like timestamps and nonces. If that hash differs from the last scan, it flags a possible defacement and leaves it to you to go eyeball the page. It cannot tell a hack from a legit redesign, so that final call is yours.

How do I wire the webhook to Slack or Discord?

First make an incoming webhook. In Slack that is Workflow Builder or App Settings. In Discord it is tucked under Edit Channel, then Integrations, then Webhooks. Grab the URL it gives you and paste it into the Alerts tab. SecurityWatch sends a JSON payload that both platforms understand right out of the box.

What counts as a security header regression?

It is a header that showed up in your last snapshot but is now gone or sitting empty. Add a new header and SecurityWatch logs it as an improvement. Drop one and it is a regression. Losing HSTS rates high, losing Referrer-Policy rates low.