Skip to content
SteadyPress
Home SteadyScore documentation Pro features

Pro features

SteadyScore Pro is an optional paid add-on. It does not change how the free scoring works. Everything you already see in free keeps working exactly the same. Pro layers in coverage for plugins that have no public WordPress.org data, AI-generated recommendations on what to do about low-scoring plugins, scheduled monitoring with email alerts, and Google Sheets export.

What you get with Pro

Coverage for commercial and custom plugins

The free version scores plugins from the WordPress.org directory and a curated map of paid plugins that have a free counterpart on wordpress.org. Pro extends scoring to:

  • Commercial plugins on CodeCanyon and Envato — scored against marketplace signals (Path 3).
  • Plugins enriched by the SteadyPress data service — uses BuiltWith and G2 signals for plugins that have no other public footprint (Path 4).
  • Custom, internal, and unknown plugins — Pro can read the plugin's source code locally and run it through your configured AI provider to produce a score and a written recommendation (Path 5). This is opt-in and is controlled by the Source Code Analysis toggle in settings.

Plugins that were marked N/A in free typically pick up a real score and tier under Pro.

AI-generated recommendations

Once Pro is active, the Recommendation column in the dashboard populates with a short tag for each plugin: keep, review, update, remove, or replace. The slide-over panel shows the AI's full reasoning. Recommendations factor in the score, the vulnerability history, the recency of updates, and the role the plugin appears to play on your site.

While analysis is in progress you will see Queued… or Analyzing… in the Recommendation column. The panel auto-refreshes every few seconds while a run is in flight and updates to the final recommendation tag and reasoning paragraph as soon as the run completes.

Scheduled monitoring and email alerts

The free plugin runs background refreshes on its own cache schedule. Pro lets you set a separate monitoring cadence — weekly, biweekly, monthly, or annual — and pick which events should trigger email alerts. Alert triggers you can enable:

  • A score drops below the Warning threshold (60).
  • A new unpatched vulnerability is discovered for a plugin you have installed.
  • A plugin is removed from the WordPress.org directory.
  • A plugin has not been updated by its author in 12 or more months.

Alerts go to whichever email addresses you list under Settings → Monitoring & Alerts → Alert Email Recipients.

Google Sheets export

Pro adds a Google Sheets export in addition to the CSV export in the toolbar. The export uses OAuth to write the current dashboard view into a Google Sheet on your account; the SteadyPress API does not retain a copy.

Pro license management

Pro adds the license-key field, the activate and deactivate flow, and a live readout of your plan tier, your site activation count, and your remaining site slots. License status is cached locally so the dashboard does not need to contact the SteadyPress API on every page load.

How licensing works

Pro is licensed by site activation. When you activate a license key on a site, that site consumes one slot from your plan. Deactivating the license on a site frees the slot. The Pro plans are sold as annual subscriptions, with three site-count tiers — 1 site, 25 sites, and 250 sites. Current pricing lives at https://steadypress.ai/products/steadyscore/pricing/.

The license activation flow:

  1. Install and activate steadyscore-pro.zip (replacing or upgrading from the free version — see Installation → Installing the Pro add-on).
  2. Open SteadyScore → Settings.
  3. Paste your license key into the License key field in the License section.
  4. Click Activate.

Activation contacts api.steadypress.ai, registers the current site against your license, and returns your plan tier, site limit, remaining slots, and feature flags. The license status card then shows Pro Plan — [tier].

Deactivating

Click Deactivate under the same License section to release a slot. SteadyScore always clears your local license state first, then attempts the server-side release. If the server-side release fails (for example, the site is offline or the API is temporarily unreachable), the local state is still cleared and Pro features are disabled on this site; the slot can be released from your SteadyPress account portal.

Re-activating an already-registered site

If you re-activate a key on a site that is already counted against your plan, the server treats the call as idempotent and re-confirms the activation without consuming an additional slot.

Free behavior when a license is inactive

If your license expires or you deactivate it, every Pro feature stops gracefully. The Free features keep working exactly as they did before — the Pro-only sections in settings hide themselves, the Recommendation column goes blank for unanalyzed plugins, and the Pro paths (3, 4, 5) revert to N/A. None of your existing score data is deleted.

Managed AI provider

SteadyScore Pro ships with managed AI — analysis runs against the SteadyPress-hosted model and is included in your subscription. There is nothing to configure: the AI provider is handled for you as part of the Pro subscription.

What Pro sends to the SteadyPress API

The full data flow lives in Settings → Data & Privacy inside the plugin. In short, Pro sends:

  • License key and site URL for license validation and feature-flag retrieval.
  • The list of plugin slugs you want enriched (Paths 3 and 4).
  • Per-plugin context for AI analysis — slug, name, version, the existing score and confidence, the scoring inputs hash, and any known vulnerabilities. The managed AI provider receives this context only at request time and SteadyPress does not retain it after the response is returned.
  • WordPress version and PHP version for compatibility analysis.
  • For Path 5 (source code analysis) and only when you turn it on: the source code of plugins that cannot be scored from public data.
  • For Google Sheets export: the plugin list you choose to export, plus the OAuth token you supply.

Pro never sends your site content, posts, pages, users, customer data, database contents, wp-config.php credentials, or the source code of public WordPress.org plugins.

Outbound calls from Pro are HMAC-SHA256 signed so the SteadyPress API can verify they came from your licensed site. The Wordfence and WordPress.org calls described in the free flow continue to work exactly the same way under Pro.

Need more help? Contact support.