Skip to content
SteadyPress
Home SteadyScore documentation Frequently asked questions

Frequently asked questions

Pricing and licensing

How much does SteadyScore Pro cost?

SteadyScore Pro is sold as an annual subscription with three site-count tiers — 1 site, 25 sites, and 250 sites. Current pricing, promotional offers, and the comparison table live at https://steadypress.ai/products/steadyscore/pricing/.

Is there a free version?

Yes. The free version is distributed through the WordPress.org plugin directory and is fully functional. It scores any plugin that is listed in the WordPress.org directory and any premium plugin that has a free counterpart on wordpress.org (roughly 50 mapped pairs are bundled). Pro extends scoring to commercial plugins, custom plugins, and the AI and monitoring features.

What happens to my data if I cancel Pro?

Nothing. Your scores, your history, your settings, and your Wordfence key all stay in your WordPress database. Pro features stop working — the Pro-only settings sections hide themselves, AI recommendations stop generating, and Path 3/4/5 plugins revert to N/A — but the free flow continues to score WordPress.org plugins normally.

Is there a money-back guarantee?

Yes. The full terms are at https://steadypress.ai/refund/ — in short, 30 days from purchase for first-time purchases and 7 days from renewal for renewals.

How are sites counted against my plan?

Each site that activates a license consumes one slot. Deactivating the license on a site (either from the WordPress admin or from your SteadyPress account) frees the slot. Staging and development sites count the same as production sites — if you want to keep Pro features on a staging copy without consuming a slot, deactivate the license before promoting the staging site or upgrade your plan to a higher tier.

What does "site activation limit" mean for multisite networks?

Each subsite is treated as one site. SteadyScore stores settings per-site, and the activation flow runs per-site. A 25-site Pro plan covers any combination of 25 single-installs and subsites.

Data and privacy

What does the free plugin send to SteadyPress?

Nothing. The free WordPress.org package scores your plugins locally using public WordPress.org plugin data. SteadyPress API calls only happen when you activate a Pro license or use a Pro feature.

What does Pro send to api.steadypress.ai?

  • Your license key and site URL, on license validation, to confirm your plan and feature flags.
  • The list of plugin slugs you want enriched, when scoring plugins via Path 3 (CodeCanyon) or Path 4 (SteadyPress enrichment).
  • Per-plugin context for AI analysis — slug, name, version, score, scoring inputs hash, and any known vulnerabilities — when the AI analysis job runs.
  • For Path 5, and only when Source Code Analysis is turned on in settings: the source code of plugins that have no other public data so the AI provider can score them.
  • Your WordPress and PHP versions, for compatibility analysis.
  • For Google Sheets export: the plugin list you choose to export, plus the OAuth token you authorized.

All Pro requests are HMAC-SHA256 signed so the SteadyPress API can verify they came from your licensed site. Full details and the in-product Data & Privacy panel live under Settings → Data & Privacy.

What does SteadyScore never send anywhere?

  • Site content, posts, pages, attachments.
  • Users, customers, orders, subscribers, or any visitor data.
  • Database contents.
  • wp-config.php or any credentials.
  • Source code of publicly-listed WordPress.org plugins.

Where is data stored?

Scoring data is stored in your own WordPress database in six custom tables under your existing table prefix (wp_steadyscore_plugins, _refreshes, _scores, _vulnerabilities, _data_cache, and on Pro _ai_results). SteadyPress does not keep a copy of your plugin inventory between requests for any feature that does not specifically require it (license validation, AI analysis).

Is SteadyScore GDPR-compliant?

Yes. The free plugin does not transmit any personal data. Pro transmits the site URL and (on AI analysis) plugin source code for custom plugins, both of which are technical metadata about the site, not personal data about users or visitors. SteadyPress is the data controller for license records and AI analysis logs; the privacy notice at https://steadypress.ai/privacy/ describes the retention windows and your rights as a data subject.

Is the Wordfence API key stored securely?

The Wordfence key is stored as plaintext in wp_options. Anyone with read access to your database has read access to the key. SteadyScore does not encrypt it at rest because database read access already implies full site compromise, and encryption against that threat model would not add a meaningful security boundary. The key is only ever sent to Wordfence as an Authorization: Bearer … header over HTTPS.

Operation

How often does SteadyScore refresh scores?

By default, WordPress.org plugin data is cached for 7 days and Wordfence vulnerability data for 3 days. Background refresh jobs are scheduled by Action Scheduler when cached data nears expiry. Plugins newly installed, activated, deactivated, or deleted are picked up by the relevant hook within a few seconds and queued for the next background pass.

On Pro, the Score Refresh Schedule under Monitoring & Alerts runs an independent full refresh on the cadence you pick (weekly, biweekly, monthly, or annual) and evaluates alert triggers.

Can I force a refresh?

There is no manual "refresh now" button in v1.0.0. To force a re-run, deactivate and reactivate SteadyScore — that re-runs the initial-population job against fresh data.

Does SteadyScore update plugins for me?

No. SteadyScore is a read-only scoring and reporting plugin. It never installs, updates, deactivates, or deletes plugins on your behalf. Update decisions stay with you.

Do I need cron set up?

WP cron is sufficient for most sites. SteadyScore uses Action Scheduler, which piggybacks on WP cron by default. High-traffic sites that have already moved to system cron will get faster, more predictable scoring runs, but it is not required. If your site gets no inbound traffic, WP cron events will not fire on time and scoring will lag — either visit the site occasionally or run wp action-scheduler run from cron.

Does SteadyScore work on multisite?

Yes. Settings, the Wordfence key, and license activations are per-site, not network-wide.

Does SteadyScore work in headless / decoupled WordPress setups?

Yes. SteadyScore only uses the WordPress admin UI and a REST API under /wp-json/steadyscore/v1/. It does not render anything on the front end and does not depend on the WordPress theme.

What WordPress and PHP versions are supported?

WordPress 6.5 or newer and PHP 8.0 or newer. SteadyScore is tested up to WordPress 6.9.

Does SteadyScore conflict with caching, security, or performance plugins?

No known conflicts. SteadyScore runs entirely in the admin and via Action Scheduler, so front-end caches are unaffected. Security plugins that block REST API access for non-admin users are fine — every SteadyScore REST endpoint already requires the manage_options capability.

Support

How do I get help?

Support is handled through https://steadypress.ai/contact/?subject=SteadyScore. Include your WordPress version, PHP version, SteadyScore version, and a short description of what you are seeing. See Support for the full intake checklist.

The WordPress.org support forum at https://wordpress.org/support/plugin/steadyscore/ is monitored for free-version issues.

Where can I check whether the SteadyPress API is up?

Live status for api.steadypress.ai is published at https://api.steadypress.ai/status. If a Pro feature looks broken, check there first.

Is scan or scoring data ever shared with other customers?

No. Scoring data lives only in your own WordPress database. SteadyPress holds license records and (for the duration of an AI analysis request) the per-plugin context needed to generate a recommendation. Nothing is pooled across customers and nothing is sold.

What about data residency?

SteadyPress servers used by Pro features currently run in the US. If your jurisdiction requires EU data residency for AI analysis, contact support before enabling Pro on regulated workloads.

Need more help? Contact support.