What's new

The snippet installation page now includes a Copy Prompt button alongside the existing Copy button. Clicking it copies a ready-to-use instruction for your AI coding agent, asking it to add the GhostlyX tracking script to the head section of your main layout file. The prompt includes your site's domain, tracking ID, and script URL pre-filled. The button is also available on the site dashboard and site settings pages wherever the tracking snippet is shown.

Business and Scale plan users can now connect GhostlyX to external services using webhooks, Slack, and Discord. Configure integrations from the Integrations page in your site dashboard. Each integration can subscribe to any combination of seven event types: uptime.down, uptime.recovered, traffic.spike, goal.converted, experiment.significant, site_health.alert, and site_health.recovered. Custom webhooks send HTTPS POST requests with JSON payloads signed using HMAC-SHA256. Every delivery includes an X-GhostlyX-Signature header so you can verify authenticity on your server. Failed deliveries are retried up to three times with increasing backoff. Webhooks that fail ten consecutive deliveries are automatically disabled. Slack and Discord integrations deliver rich, colour-coded messages with event details, clickable links to your dashboard, and inline fields for quick context. Scale plan users also receive automatic screenshot evidence with hack detection alerts. When GhostlyX detects a security issue, it captures a screenshot of the affected homepage and embeds it in the Discord message, Slack attachment, and webhook payload.

You can now set a timezone for each of your sites. Once configured, the Visitor Log will filter sessions by date and display all timestamps in your site's local timezone rather than UTC. Previously, a session starting at 11pm in New York would appear under the following day in the Visitor Log because dates were calculated in UTC. With a timezone set, the date boundary and all timestamps reflect your site's local time. To set a timezone, go to your site's Settings page and select your timezone from the new Timezone dropdown. Sites without a configured timezone continue to use UTC. The setting applies to all team members viewing the site.

Pro plan users and above can now view a full Visitor Log for any of their sites. The Visitor Log shows every session recorded on a given day as a page-by-page timeline. Each session includes the visitor's device type, browser, operating system, country, city, referrer source, total duration, and page count. Expanding a session reveals an ordered list of pages visited, with the time of each visit and the time spent on the page. Sessions are grouped by a daily-rotating anonymous identifier. The identifier is a one-way SHA-256 hash of the visitor's IP address, user agent, site ID, and the current date. The IP address is never stored. The hash resets every 24 hours, so visitors cannot be tracked across days. The Visitor Log is accessible from the main navigation under Visitor Log. Use the site search to pick a site and the date picker to browse any date within your plan's data retention window. Team members inherit access to the Visitor Log from the site owner's plan. Visitor Log requires the Pro plan or above.

Scale plan users can now enable automated hack detection on any of their sites. GhostlyX scans your site's homepage every hour and checks for seven types of compromise: defacement keywords, phishing redirects, unexpected domain redirects, HTTP error responses, WordPress critical errors, WordPress maintenance mode, and missing tracking scripts. When an issue is detected for the first time, an alert email is sent to the site owner. The email describes exactly what was found, including the detected text or redirect URL that triggered the alert. When a subsequent scan confirms the issue is gone, a recovery email is sent automatically. You will not receive repeated alerts for the same ongoing incident. Hack detection can be enabled or disabled per site under Settings, then Site health. Scale plan required.