| 开发者 | steadypress |
|---|---|
| 更新时间 | 2026年7月4日 04:35 |
| PHP版本: | 8.1 及以上 |
| WordPress版本: | 7.0 |
| 版权: | GPLv2 or later |
| 版权网址: | 版权信息 |
https://api.wordpress.org/plugins/info/1.2/) — to fetch plugin metadata (rating, install count, last-update date, tested-up-to version). No personal data is sent; only plugin slugs. Used on first install to score the inventory, and on a daily refresh thereafter. Documented at https://codex.wordpress.org/WordPress.org_API.https://www.wordfence.com/api/intelligence/v3/) — to fetch vulnerability data for installed plugins. Requires a free API key from wordfence.com, which you configure in plugin settings. No personal data is sent; only plugin slugs. Wordfence Intelligence terms: https://www.wordfence.com/products/wordfence-intelligence/https://api.steadypress.ai) — to score commercial plugins, run AI analysis, and validate your license. Only the plugin slug, version, your site's domain, and your license key are sent. SteadyPress terms: https://steadypress.ai/terms/ · SteadyPress privacy: https://steadypress.ai/privacy/.steadyscore folder to /wp-content/plugins/.No. SteadyScore is strictly read-only — it reads your plugin list, scores each one, and shows you the results. It never activates, deactivates, updates, or deletes anything. Acting on a score is always your decision.
No. Scoring runs in the background through Action Scheduler (not wp-cron), and results cache for 12 hours, so your admin screens stay fast. Nothing runs on your front end, and nothing is added to page loads for your visitors.
It's a weighted composite of six factors: rating & reviews, active installs, update recency, tested-up-to compatibility, known vulnerabilities, and author reputation. The exact weights and formulas are transparent and live in the plugin source under includes/free/Scoring/ — no black box.
Not necessarily — a low score is a prompt to look closer, not an automatic verdict. Open the plugin's detail panel to see which of the six factors pulled it down. An open vulnerability or a plugin abandoned two years ago is far more urgent than a modest install count. SteadyScore surfaces the risk; you decide what to do with it.
Those are commercial or closed-source plugins (LearnDash, WP Rocket, premium add-ons) that aren't in the WordPress.org directory, so the free data sources can't score them. They still appear in your inventory; the Pro addon scores them via the SteadyPress API.
From Wordfence Intelligence. Add a free Wordfence API key under Settings to include known-vulnerability data in the Security factor. Without a key, that one factor is simply left out and the score is composed from the other five.
The free tier only contacts the public WordPress.org plugin API and — if you add a key — the Wordfence Intelligence API. Both send nothing but plugin slugs: no personal data, no site URL. The Pro tier additionally contacts the SteadyPress API to score commercial plugins and validate your license (see our privacy policy: https://steadypress.ai/privacy/). The free tier never contacts SteadyPress.
Yes. Agencies and consultants run SteadyScore as part of client-site audits, and the free tier has no site limit. The Pro addon adds the commercial-plugin scoring and exportable reports that audits usually call for.