Frequently asked questions.

SteadyScore is a WordPress plugin that evaluates every plugin on your site and generates a reliability score from 0 to 100. It helps WordPress developers quickly identify unreliable, abandoned, or compromised plugins — and make informed decisions about what to keep, replace, or remove.

No. SteadyScore is a reliability and maintenance quality tool. It includes security signals — like known vulnerabilities from the Wordfence database — as one factor in a composite reliability score. It doesn’t scan your files, monitor traffic, or function as a firewall. Think of it as a plugin quality audit, not a security audit.

Every plugin is evaluated against real-world data: update frequency, vulnerability history, active install base, user ratings, and code quality signals. These factors are weighted into a single score from 0 to 100. The methodology is fully transparent — click any plugin in the dashboard to see exactly which factors contributed to its score.

75–100 is Trusted (green), 50–74 is Moderate (yellow), 25–49 is Caution (orange), 0–24 is Avoid (red). Plugins without enough data to score show as Unknown (gray).

No. Scoring happens in the background on a schedule. No frontend JavaScript is loaded, no queries run on page views, and no external API calls happen during visitor requests. SteadyScore only runs in the WordPress admin.

The free tier scores plugins listed on wordpress.org and matches some premium plugins to their free/lite counterparts. Plugins that can’t be matched show as Unrated. Pro unlocks scoring for CodeCanyon plugins, direct-sale plugins, and custom plugins using alternative data sources.

The free tier is fully self-contained. It calls only the wordpress.org API and the Wordfence vulnerability API — both public, both free. No data is sent to SteadyPress. The Pro tier communicates with the SteadyPress API for premium plugin data and AI analysis, authenticated via HMAC. We never collect site content, user data, or visitor information.

That’s exactly what it’s built for. Install it on a client site, score the plugin stack, export the report, and use it to have an informed conversation with your client about what needs attention.

Not currently. Multisite compatibility is planned for a future release.

Scores refresh automatically on a configurable schedule. The underlying data sources (wordpress.org, Wordfence) are checked at each refresh. Pro users can also set up monitoring alerts that notify them when a score drops.

Look at update frequency, vulnerability history, active installs, and user reviews. SteadyScore automates this — it checks all of these factors for every plugin on your site and gives you a single reliability score so you don’t have to research each one manually.

A plugin that hasn’t been updated in 6–12 months, hasn’t been tested with recent WordPress versions, or has unresolved support threads is likely abandoned. SteadyScore flags these automatically — abandoned plugins score low on update frequency, which drags down their overall reliability score.

Yes. SteadyScore scores every installed plugin the moment you activate it. You get a single dashboard showing the reliability of your entire plugin stack — sorted by risk level, color-coded, and exportable as a report.

There’s no magic number. Five well-built plugins can outperform one poorly built one. The question isn’t how many — it’s how reliable each one is. SteadyScore helps you evaluate quality rather than count quantity, so you can focus on removing the plugins that are actually causing problems.

SteadyScore helps you identify plugins that may not be in active use, plugins that duplicate functionality, and plugins that could be replaced with a few lines of custom code. Pro tier AI analysis gives you specific recommendations on what to keep, replace, or remove.

Most vulnerability databases only cover wordpress.org plugins. SteadyScore Pro scores premium plugins from CodeCanyon, direct-sale vendors, and custom plugins using alternative data sources including the Wordfence vulnerability database, BuiltWith adoption data, and vendor reputation signals.

Check its update history, read recent reviews, look for known vulnerabilities, and see how many sites actively use it. SteadyScore does all of this automatically for plugins already on your site. For plugins you’re considering, compare scores of alternatives side by side.

Most don’t — they react when something breaks. SteadyScore Pro lets you install on up to 25 client sites (Agency tier), run automated scoring on a schedule, and get alerts when a plugin’s reliability drops. It turns plugin risk from a reactive problem into a managed process.

SteadyScore monitors the reliability of every plugin on your site. It checks for outdated plugins, known vulnerabilities, declining user ratings, and other risk signals — then alerts you when something changes. It’s not a file scanner or security monitor. It watches the external signals that predict whether a plugin is going to cause problems.

Install SteadyScore, let it score every plugin on the site, then export the results. The free tier exports to CSV. Pro exports to Google Docs. Use the report to show your client exactly which plugins are reliable and which need attention — backed by data, not opinions.

Start with the plugin stack. Install SteadyScore to see which plugins are well-maintained, which have vulnerabilities, and which have been abandoned. It’s the fastest way to assess the state of a site you didn’t build and give the client a clear picture of what needs to change.