WP-Safety
Terms of Service

Terms of Service

The rules and guidelines for using WP-Safety.org and the WP-Safety WordPress plugin.

Effective date: April 16, 2026

1. Acceptance of terms

By accessing or using WP-Safety.org ("WP-Safety", "we", "us", or "our"), operated by Retry Artificial Intelligence Developing Services FZCO, a company registered at IFZA Business Park, Building A1, Dubai Silicon Oasis, UAE, including the website at wp-safety.org and the WP-Safety WordPress plugin, you agree to be bound by these Terms of Service. If you do not agree, do not use our services.

These terms apply to all visitors, registered users, and WordPress plugin users. For information on how we collect and handle your data, please see our Privacy Policy.

2. Service description

WP-Safety provides security scores, vulnerability data, and risk profiles for WordPress plugins and themes. Our services include:

  • A public directory of WordPress plugin and theme security information
  • A WordPress plugin that displays security scores in the WordPress admin
  • On-demand and monitored site security audits
  • Plugin inventory reporting and vulnerability alerts
  • Purchasable detailed security audit reports

Security scores and audit results are advisory only. They are based on publicly available vulnerability data and automated analysis. We do not guarantee that our service will detect all vulnerabilities or security issues. You remain solely responsible for the security of your WordPress installations.

3. Accounts

3.1 Account creation

Accounts can be created by registering on the website or automatically when you connect the WP-Safety WordPress plugin. Plugin-provisioned accounts are created using your WordPress admin email address. You can claim a plugin-provisioned account by using the "forgot password" flow on our website.

3.2 Account responsibilities

You are responsible for maintaining the confidentiality of your account credentials and API tokens. You are responsible for all activity that occurs under your account. Notify us immediately if you become aware of any unauthorized use.

3.3 Account termination

You may delete your account at any time from your dashboard. We may suspend or terminate accounts that violate these terms. Upon termination, your monitored sites, saved data, and API tokens will be permanently deleted.

4. Plans and pricing

4.1 Free tier

The free tier provides access to the public plugin and theme directory, security scores in the WordPress plugin, and public site audits. Free accounts do not include monitored sites or vulnerability email alerts.

4.2 Paid plans

Paid plans (Supporter and Agency) provide additional features including monitored sites, real-time vulnerability alerts, and detailed audit reports. Plan details and current pricing are available on our Sponsors page. Each paid plan includes a set number of monitored sites, with additional sites available at a per-site monthly rate.

4.3 Billing

Paid subscriptions are billed monthly through Stripe. You may cancel at any time. Cancellation takes effect at the end of the current billing period. We do not offer refunds for partial months of service.

4.4 Report purchases

Detailed security audit reports are available as one-time purchases. Reports are delivered digitally and are accessible indefinitely from your account. Report purchases are non-refundable once the report has been generated.

5. WordPress plugin

The WP-Safety WordPress plugin is licensed under the GPL-2.0-or-later license. The plugin connects to the WP-Safety.org API only after you explicitly consent by clicking "Connect to WP-Safety." No data is transmitted before you consent.

Upon connection, the plugin periodically sends your installed plugin slugs, names, versions, active/inactive status, and update availability to our servers. This data is used to provide security scores, power your monitoring dashboard, and deliver vulnerability alerts. You can disconnect at any time by deactivating the plugin or revoking your API token.

6. API usage and rate limits

Access to the WP-Safety API requires an API token issued to your account. API tokens are subject to rate limits:

Authenticated requests — 60 requests per minute per token (default)

Public endpoints — 30 requests per minute per IP address

We reserve the right to adjust rate limits at any time. Exceeding rate limits will result in temporary request rejection (HTTP 429). Systematic abuse of the API may result in token revocation and account suspension.

7. Acceptable use

You agree not to:

  • Use the service to attack, compromise, or harm WordPress sites or their users
  • Scrape, mirror, or systematically download content from the website or API beyond normal use
  • Circumvent rate limits, authentication mechanisms, or access controls
  • Submit false or misleading information during account creation or site provisioning
  • Use vulnerability data obtained through our service to exploit unpatched sites
  • Resell, redistribute, or sublicense access to our API or data without prior written consent
  • Interfere with or disrupt the integrity or performance of our services

8. Intellectual property

8.1 Our intellectual property

The following are the intellectual property of Retry Artificial Intelligence Developing Services FZCO and are protected by applicable copyright, trademark, and trade secret laws:

  • The WP-Safety website, branding, logos, and visual design
  • Security scoring algorithms and risk assessment methodologies
  • Proof-of-concept (PoC) exploits, reproduction steps, and associated video demonstrations
  • Original security research, analysis, and written commentary
  • Code analysis outputs including taint flow graphs, attack surface maps, and code signal reports
  • AI-generated risk assessments and vulnerability summaries
  • Audit report templates, formatting, and proprietary report content

8.2 Third-party data

WP-Safety aggregates publicly available data from sources including the WordPress.org plugin and theme directories, the National Vulnerability Database (NVD), and Wordfence Intelligence. We do not claim ownership of third-party vulnerability data. Our original analysis, scoring, and research built on top of this data remain our intellectual property.

8.3 WordPress plugin

The WP-Safety WordPress plugin source code is licensed under GPL-2.0-or-later. This license applies to the plugin code only and does not extend to the WP-Safety.org service, API, server-side code, security research, or any other intellectual property described above.

8.4 Purchased reports

Purchased audit reports are licensed to you for your own internal use. You may share reports with your clients, team members, or contractors for the purpose of remediating the issues identified. You may not resell, redistribute, or publicly publish reports or their contents without prior written consent.

8.5 Restrictions

You may not copy, reproduce, distribute, reverse-engineer, or create derivative works from our proprietary content, including but not limited to PoC exploits, research outputs, scoring algorithms, or report content, except as expressly permitted by these terms or with prior written consent.

9. Disclaimers

WP-Safety is provided "as is" and "as available" without warranties of any kind, whether express or implied, including but not limited to implied warranties of merchantability, fitness for a particular purpose, and non-infringement.

We do not guarantee that:

  • Our security scores or audits will identify all vulnerabilities
  • The service will be uninterrupted, timely, or error-free
  • Vulnerability data is complete, accurate, or up to date at all times
  • Following our recommendations will prevent security incidents

Security scores are calculated from publicly available data and are intended as a general indicator, not a definitive security assessment. A high score does not mean a plugin is free of vulnerabilities.

10. Limitation of liability

To the maximum extent permitted by applicable law, Retry Artificial Intelligence Developing Services FZCO, its officers, and its affiliates shall not be liable for any indirect, incidental, special, consequential, or punitive damages, including but not limited to loss of data, loss of profits, business interruption, or security breaches, arising out of or in connection with your use of the service.

Our total liability for any claim arising from or relating to the service shall not exceed the amount you paid to us in the twelve (12) months preceding the claim, or fifty euros (50 EUR), whichever is greater.

11. Indemnification

You agree to indemnify, defend, and hold harmless Retry Artificial Intelligence Developing Services FZCO and its affiliates from any claims, liabilities, damages, losses, or expenses (including reasonable legal fees) arising out of your use of the service, your violation of these terms, or your violation of any rights of a third party.

12. Service modifications and availability

We reserve the right to modify, suspend, or discontinue any part of the service at any time, with or without notice. This includes changes to features, plan pricing, rate limits, and API endpoints. We will make reasonable efforts to notify active subscribers of material changes in advance.

13. Changes to these terms

We may update these Terms of Service from time to time. Changes will be posted on this page with an updated effective date. Continued use of the service after changes are posted constitutes acceptance of the revised terms.

14. Governing law

These terms are governed by and construed in accordance with the laws of the United Arab Emirates as applied in the Emirate of Dubai. Any disputes arising from these terms or the use of the service shall be subject to the exclusive jurisdiction of the courts of Dubai, UAE.

15. Contact

If you have questions about these terms, please contact us at legal@wp-safety.org.