diff --git a/checklinks.js b/checklinks.js
index 07224a9..22a2686 100644
--- a/checklinks.js
+++ b/checklinks.js
@@ -14,108 +14,75 @@ const links = [
   "https://nosotros.btcforplebs.com",
   "https://mint.btcforplebs.com",
   "https://cashu.btcforplebs.com",
-  // Add more links as needed
 ];
 
+// Optional: Only allow internal requests if you're not exposing this publicly
 app.use((req, res, next) => {
-  console.log("Received request:", req.method, req.url);
-  console.log("Request headers:", req.headers);
-  
-  const origin = req.headers.origin;
-  
-  // Allow requests with no origin (like mobile apps or curl requests)
-  if (!origin) {
-    console.log("No origin in request - allowing access");
-    res.header("Access-Control-Allow-Origin", "*");
-  }
-  // Allow requests from configured origins
-  else if (config.allowedOrigins.includes(origin)) {
-    console.log("Origin allowed:", origin);
-    res.header("Access-Control-Allow-Origin", origin);
-  } else {
-    console.log("Origin not in allowed list:", origin);
-  }
-
-  // Always set these headers
+  const origin = req.headers.origin || 'unknown';
+  console.log(`Request: ${req.method} ${req.url} | Origin: ${origin}`);
+  res.header("Access-Control-Allow-Origin", "*");
   res.header("Access-Control-Allow-Methods", "GET, OPTIONS");
   res.header("Access-Control-Allow-Headers", "Content-Type");
-  
-  // Handle preflight requests
+
   if (req.method === 'OPTIONS') {
     return res.sendStatus(200);
   }
-
   next();
 });
 
-// Test endpoint to verify server is responding
 app.get("/", (req, res) => {
-  res.json({ status: "Server is running" });
+  res.json({ status: "Local link status server running" });
 });
 
 app.get("/api/link-status", async (req, res) => {
-  console.log("Checking link statuses..."); // Add this line
+  console.log("🔄 Checking link statuses...");
   const results = {};
-  
-  const agent = new https.Agent({
-    rejectUnauthorized: false // This helps with self-signed certificates
-  });
+  const agent = new https.Agent({ rejectUnauthorized: false });
 
   for (const url of links) {
     try {
-      console.log(`Checking ${url}...`);
+      console.log(`🌐 Checking ${url}`);
       const response = await fetch(url, {
         method: "GET",
         headers: {
-          "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36",
-          "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8"
+          "User-Agent": "Mozilla/5.0",
+          "Accept": "*/*"
         },
         timeout: 10000,
         agent
       });
-      console.log(`${url} status: ${response.status}`);
-      
-      // If response is OK, it's online
+
       if (response.ok) {
         results[url] = "online";
         continue;
       }
 
-      // Special check for mint.btcforplebs.com
+      // mint special handling
       if (url.includes("mint.btcforplebs.com")) {
         try {
           const text = await response.text();
-          console.log(`Mint response text:`, text);
           const json = JSON.parse(text);
-          console.log(`Mint parsed JSON:`, json);
-          console.log(`Content-Type:`, response.headers.get('content-type'));
           if (json.detail === "Not Found") {
-            console.log(`Mint matched expected response, marking as online`);
             results[url] = "online";
           } else {
-            console.log(`Mint response didn't match expected format`);
             results[url] = "offline";
           }
-        } catch (error) {
-          console.error(`Error processing mint response:`, error);
+        } catch {
           results[url] = "offline";
         }
       } else {
-        // For all other URLs, if not OK then offline
         results[url] = "offline";
       }
     } catch (error) {
-      console.error(`Error checking ${url}:`, error.message);
+      console.error(`❌ Error checking ${url}:`, error.message);
       results[url] = "offline";
     }
   }
-  
-  console.log("Final results:", results);
+
   res.json(results);
 });
 
-app.listen(config.port, '0.0.0.0', () => {
-  console.log(`Link status API running on port ${config.port}`);
-  console.log('Allowed origins:', config.allowedOrigins);
-  console.log('Server is listening on all network interfaces');
-});
\ No newline at end of file
+// ✅ IMPORTANT: Only listen on localhost
+app.listen(config.port, '127.0.0.1', () => {
+  console.log(`✅ Link status server running at http://127.0.0.1:${config.port}`);
+});
diff --git a/deploy.sh b/deploy.sh
deleted file mode 100644
index 8ce6066..0000000
--- a/deploy.sh
+++ /dev/null
@@ -1,23 +0,0 @@
-#!/bin/bash
-
-# Production deployment script for BTCforPlebs status service
-
-# Install dependencies
-npm install
-
-# Set production environment
-export NODE_ENV=production
-
-# Install PM2 if not already installed
-if ! command -v pm2 &> /dev/null; then
-    npm install -g pm2
-fi
-
-# Start or restart the service with PM2
-pm2 restart checklinks.js || pm2 start checklinks.js --name "btcforplebs-status"
-
-# Save PM2 config to run on system startup
-pm2 save
-
-# Show running processes
-pm2 list
\ No newline at end of file
diff --git a/package.json b/package.json
index 9bbfc58..2c1735a 100644
--- a/package.json
+++ b/package.json
@@ -2,9 +2,11 @@
   "name": "btcforplebs.com",
   "version": "1.0.0",
   "description": "",
-  "main": "index.js",
+  "main": "server.js",
   "scripts": {
-    "start": "node checklinks.js",
+    "start": "node server.js",
+    "server": "node checklinks.js",
+    "both": "concurrently \"npm start\" \"npm run server\"",
     "test": "echo \"Error: no test specified\" && exit 1"
   },
   "repository": {
@@ -23,5 +25,8 @@
     "config": "^4.1.1",
     "express": "^5.1.0",
     "node-fetch": "^2.7.0"
+  },
+  "devDependencies": {
+    "concurrently": "^9.2.1"
   }
 }
diff --git a/public/index.html b/public/index.html
index e48c1cf..ddb0391 100644
--- a/public/index.html
+++ b/public/index.html
@@ -95,7 +95,7 @@
 <script>
   document.addEventListener('DOMContentLoaded', init);
 
-  const apiEndpoint = "http://services.btcforplebs.com/api/link-status";
+ const apiEndpoint = "/api/link-status";
 
   async function init() {
     try {
diff --git a/server.js b/server.js
new file mode 100644
index 0000000..277b917
--- /dev/null
+++ b/server.js
@@ -0,0 +1,54 @@
+const express = require('express');
+const fetch = require('node-fetch'); // npm install node-fetch@2
+const path = require('path');
+
+const app = express();
+const PORT = 9000;
+
+const blockedPaths = [
+  '/wp-includes/',
+  '/wp-admin/',
+  '/wp-content/',
+  '/wp-login.php',
+  '/xmlrpc.php'
+];
+
+// Block WP paths
+app.use((req, res, next) => {
+  if (blockedPaths.some(p => req.path.startsWith(p))) {
+    console.log(`❌ Blocked WP path: ${req.path}`);
+    return res.status(403).send('Forbidden');
+  }
+  next();
+});
+
+// CORS headers
+app.use((req, res, next) => {
+  res.setHeader('Access-Control-Allow-Origin', '*'); 
+  res.setHeader('Access-Control-Allow-Methods', 'GET, POST, OPTIONS');
+  res.setHeader('Access-Control-Allow-Headers', 'Authorization, Content-Type');
+  if (req.method === 'OPTIONS') {
+    return res.sendStatus(200);
+  }
+  next();
+});
+
+// Proxy /api/link-status to API server on 5252
+app.get('/api/link-status', async (req, res) => {
+  try {
+    const response = await fetch('http://127.0.0.1:5252/api/link-status');
+    if (!response.ok) throw new Error(`API responded ${response.status}`);
+    const data = await response.json();
+    res.json(data);
+  } catch (err) {
+    console.error('❌ Proxy error:', err.message);
+    res.status(500).json({ error: 'Failed to fetch link status' });
+  }
+});
+
+// Serve static files
+app.use(express.static(path.join(__dirname, 'public')));
+
+app.listen(PORT, () => {
+  console.log(`🚀 Server running at http://0.0.0.0:${PORT}`);
+});