SRWorks Let's Clear Things Up
Everything you need to know about SRWorks, our plugins, licensing, and support.
General
General Questions
Questions about SRWorks, billing, licensing, and support.
SRWorks is a one-person WordPress plugin company run by Steve Reinhardt, based in Bend, Oregon. With 20+ years in the WordPress ecosystem—including creating two default WordPress themes in the early 2000s and running agencies focused on WordPress development—I'm building the WordPress plugins I always wished existed.
Fair question! We've been building WordPress sites for over 20 years. We've just never put our own name on a plugin before. Every WordPress plugin we've built here solves a problem we've personally dealt with on hundreds of client sites. We're not venture funded trying to figure out product market fit. We already know what WordPress sites need.
All license holders get priority support with responses typically within 24 hours on business days. For any issues, use our contact form and we'll get back to you promptly.
We've built these WordPress plugins to play nice with the entire WordPress ecosystem. They work great with Elementor, Divi, Gutenberg, WooCommerce, and most popular WordPress themes. If you run into a conflict, our support team will help you sort it out.
Yes! We offer a generous affiliate program through our affiliate page. Earn 20% commission for the first 12 months of any referred subscription and 10% on every renewal after that. Referrals are tracked with a 30-day cookie. It's free to join with no approval wait times. Visit our affiliates page to sign up and start earning.
Pricing
Pricing & Licensing
Questions about plans, renewals, upgrades, and refunds.
A license gives you access to updates and support for the number of WordPress sites included in your tier. Personal covers 1 site, Business covers up to 3 sites, and Agency covers unlimited sites. All tiers include the exact same features.
Yep! Business covers up to 3 WordPress sites, and Agency covers unlimited sites. Personal is for a single site. If you need to add more sites later, you can upgrade your tier at any time.
Annual subscriptions let us invest consistently in development, security updates, and support. You get a better, more actively maintained product, and we can keep prices accessible starting at just $29/year. It also means you are never stuck paying for a product that stops getting updates.
To continue receiving updates and support, your license needs to be renewed yearly. For your convenience, all purchases auto-renew. You can cancel anytime from your account—no hoops, no hassle.
Your plugin continues to work, but you will no longer receive updates or support. You can renew anytime to restore access. Your settings and data are never lost.
Yes. You can upgrade your license tier at any time from within your account. The cost difference is automatically prorated so you only pay the difference for the remaining time on your subscription.
The bundle includes all three SRWorks plugins: ArmorPro, CitedPro, and BoostPro. You save over 20% compared to buying them individually. Available in Personal ($69/yr), Business ($139/yr), and Agency ($299/yr) tiers.
We use Polar as our merchant of record, powered by Stripe for secure payment processing. You can pay with all major credit cards (Visa, Mastercard, American Express, Discover) or PayPal. All transactions are encrypted and PCI compliant.
Polar automatically handles all tax compliance as our merchant of record. They calculate and collect the appropriate sales tax, VAT, or GST based on your location. The tax amount (if any) will be shown at checkout before you complete your purchase.
Absolutely. You're fully protected by our 30-day money-back guarantee. If you're not happy, we'll refund your purchase—no questions asked. See our refund policy for full details.
Yes! Earn 20% commission for the first 12 months of any referred subscription and 10% on every renewal after that. It's free to join with no approval wait times. Visit our affiliates page to learn more and sign up.
ArmorPro
ArmorPro Questions
Technical questions about ArmorPro features and functionality.
Nope. We obsess over WordPress performance. ArmorPro adds roughly 15ms to page load time and runs just 2 database queries. It's built to be lightweight from the ground up—the way WordPress security plugins should be.
Yes! ArmorPro plays nicely with WP Rocket, W3 Total Cache, LiteSpeed Cache, and pretty much every WordPress caching solution out there. We've tested extensively to make sure there are no conflicts.
ArmorPro includes an 8G Firewall with 138 rules across 6 categories and per-rule management, brute force protection with IP logging, security headers management (including HSTS, CSP, and Permissions-Policy), REST API protection, activity logs, two-factor authentication (TOTP), passkey authentication (WebAuthn/FIDO2), country blocking, custom login URL, email notifications, auto-blacklisting of repeat offenders, and CSV export. All features are included in every tier.
ArmorPro tracks failed WordPress login attempts by IP address. After a configurable number of failures (default: 5), the IP is temporarily locked out from wp-login.php for a set duration (default: 15 minutes). Repeat offenders can be automatically added to a permanent blacklist after multiple lockouts.
ArmorPro uses a full 8G Firewall with 138 individual rules across 6 categories: bad HTTP methods (TRACE, DELETE, CONNECT), SQL injection and malicious query strings, dangerous request URIs (shell files, config access, exploit paths), known malicious user agents (scanners, scrapers, attack tools), spam referrers, and malicious cookie values. Each rule can be individually enabled or disabled through the Rule Management panel. It also blocks XML-RPC requests and enforces REST API authentication.
ArmorPro's Rule Management panel lets you enable or disable any of the 138 individual firewall rules. Filter rules by category (methods, query strings, URIs, user agents, referrers, cookies), search by rule ID or description, and toggle the "disabled only" filter to quickly find rules you've turned off. Each rule has a human-readable description so you know exactly what it blocks. This is useful for resolving false positives without disabling an entire rule category.
ArmorPro includes TOTP-based two-factor authentication for WordPress that works with any authenticator app (Google Authenticator, 1Password, Authy, etc.). Each WordPress user sets up 2FA from their profile with a QR code scan. Backup codes are provided for account recovery. Admins can require 2FA for specific WordPress user roles.
Passkeys are a modern, passwordless authentication method using the WebAuthn/FIDO2 standard. Instead of typing a password, users authenticate with Face ID, Touch ID, Windows Hello, or a hardware security key. Passkeys are phishing-resistant since they're bound to the specific website and can't be reused elsewhere. Each user can register multiple passkeys (up to 10) from their profile page.
Yes! Passkeys and TOTP work independently. Users can set up both methods and choose which to use at login time. Passkeys provide a passwordless option, while TOTP adds a second factor after password entry. You can enable both features and let users pick what works best for them.
Passkeys work in all modern browsers: Chrome 67+, Safari 14+, Firefox 60+, and Edge 79+. They're supported on macOS (Touch ID), iOS (Face ID/Touch ID), Windows (Windows Hello), Android (fingerprint/face), and with hardware security keys (YubiKey, etc.). If a user's browser doesn't support passkeys, the button simply won't appear.
Country blocking uses IP geolocation to allow or block entire countries. You can either whitelist specific countries (block everyone else) or blacklist specific countries (allow everyone else). The interface shows country flags for easy selection. Geolocation is accurate to the country level.
Custom login URL lets you hide wp-login.php completely and set your own secret login path (like /my-secret-login). Anyone visiting the default login URLs gets a 404. This stops automated bots that target wp-login.php and wp-admin. Includes no-cache headers to prevent caching issues with Varnish and other caching layers.
ArmorPro manages X-Content-Type-Options, X-Frame-Options, Referrer-Policy, X-XSS-Protection, HSTS (HTTP Strict Transport Security), Content-Security-Policy with validation, and Permissions-Policy for controlling camera, microphone, and geolocation access. The plugin automatically removes duplicate headers to prevent conflicts.
We recommend using ArmorPro as your primary WordPress security solution rather than stacking multiple security plugins. Running multiple WordPress security plugins often causes conflicts, doubles resource usage, and can create duplicate headers or conflicting firewall rules. If you're migrating from another WordPress security plugin, deactivate it first.
Go to ArmorPro → Settings → Access Control. Add your IP address to the whitelist. Whitelisted IPs bypass all security checks including brute force lockouts and firewall rules. This is useful for developers or if you have a static office IP.
If you get locked out via brute force protection, wait for the lockout duration to expire (default 15 minutes). If you're permanently blacklisted or can't access the login, you can deactivate the plugin via FTP/SFTP by renaming the plugin folder, or by accessing your database and clearing the blacklist table.
ArmorPro works on individual sites within a multisite network when activated per-site. Network-wide activation with unified settings is on our roadmap for a future update.
BoostPro
BoostPro Questions
Technical questions about BoostPro features and functionality.
BoostPro is designed to minimize that risk. The default settings are conservative and work well on the vast majority of WordPress sites. Core features like page caching, lazy loading, emoji cleanup, and heartbeat control are low risk and rarely cause issues. The advanced options (JS defer, CSS minification) can push performance further, but we recommend testing them on a staging site first since every theme and plugin combination is different.
BoostPro includes file-based page caching that saves fully rendered HTML pages to disk and serves them directly on subsequent visits, bypassing PHP and WordPress entirely. It automatically excludes logged-in users, POST requests, WooCommerce carts, and pages that set the DONOTCACHEPAGE constant. You can configure the cache TTL, add custom URL exclusions, and the cache is automatically purged when you update content. If your host already provides server-level caching, BoostPro detects the conflict and disables its own cache to avoid issues.
BoostPro includes file-based page caching with third-party cache purging, smart lazy loading for images and iframes with exclusion patterns, automatic critical CSS generation, WebP and AVIF image conversion with bulk optimization, per-image optimize/delete from the Media Library, CSS background image lazy loading, local Google Fonts hosting, emoji and embed cleanup, heartbeat control, CSS minification with data URI inlining, per-script JavaScript defer and delay, custom asset preloading, per-page/post disable controls, global styles removal, scheduled database cleanup, and WP-CLI commands. All features are included in every tier.
Yes. BoostPro automatically detects when you're editing in Elementor, Divi, Beaver Builder, Brizy, Bricks, and other page builders and disables its optimizations during editing so they don't interfere with the builder interface. On the frontend, all optimizations apply normally. If you run into a visual issue on a specific page, use the per-page disable controls to turn off individual features for that URL.
BoostPro converts your JPEG and PNG images to WebP and AVIF formats using your server's GD or ImageMagick library. No external API or cloud service required. You can bulk optimize your entire media library, enable auto-optimize on upload, or optimize individual images from the Media Library. Original files are always preserved. Converted files are stored separately and served automatically via .htaccess rewrite rules (Apache/LiteSpeed) or picture tags (Nginx), with AVIF preferred when the browser supports it. A single quality preset maps to optimized values for each format.
BoostPro scans for 28 plugins that overlap with its features, including caching plugins, image optimizers, lazy loading plugins, and minification tools. When it finds one, it shows an admin notice with a one-click deactivation link for each conflicting plugin. For caching plugins specifically, BoostPro hard-blocks its own page cache toggle until the conflict is resolved, so you never end up with two caching layers fighting each other.
WordPress databases accumulate junk over time: post revisions, auto-drafts, trashed posts, spam comments, transients, and orphaned metadata. BoostPro's cleanup removes this safely. Run it manually or set up scheduled cleanup on a daily, weekly, or monthly cycle so your database stays lean without you thinking about it.
Yes. BoostPro automatically detects server-level caching from hosts like WP Engine, Kinsta, Cloudways, and SiteGround. When it finds one, it disables its own page cache to avoid conflicts and focuses on the optimizations your host doesn't provide: lazy loading, resource cleanup, font optimization, CSS optimization, and database maintenance. No duplicate functionality, no stale content issues.
Instead of blindly deferring every script on your page (which breaks things), BoostPro Pro lets you choose exactly which scripts to defer. You'll see a list of every JavaScript file loaded on your site, and you can toggle defer on or off for each one individually. This gives you the performance benefit of deferred loading without the risk of breaking your checkout form or slider.
BoostPro automatically purges the cache when you publish or update posts, pages, or navigation menus. You can also manually purge from the BoostPro dashboard or the admin bar. Purging clears BoostPro's cache plus 16 third-party caches (WP Rocket, LiteSpeed, Cloudflare, Kinsta, WP Engine, and more) in one action. Developers can also purge from the command line with
wp boostpro purge. To exclude specific URLs from caching, add them to the exclusion list in the Cache settings tab.Yes. BoostPro includes exclusion controls for lazy loading. You can exclude images by URL pattern (one substring per line, like
/hero or /banner) or by adjusting the above-the-fold skip count. Excluded images get loading="eager" so they load instantly. Iframe lazy loading can also be toggled independently.It sounds great in theory, but in practice unused CSS removal breaks hover states, dynamic content, and anything loaded via JavaScript. The false positive rate is too high for a tool focused on reliability. We'd rather leave a few extra kilobytes on the page than break your site's interactive elements.
With HTTP/2 and HTTP/3, combining files into one large bundle is no longer a net win. It breaks caching granularity (one change invalidates the entire bundle), creates large monolithic files, and makes debugging harder. Modern servers handle multiple small requests efficiently. Combining was good advice in 2012. It's counterproductive now.
AVIF is a next-generation image format that typically produces files 20-50% smaller than WebP at equivalent visual quality. BoostPro can convert images to both formats simultaneously. When serving images, browsers that support AVIF get the smallest file, while older browsers fall back to WebP or the original. AVIF conversion requires PHP 8.1+ with GD or ImageMagick AVIF support.
Yes. BoostPro adds a meta box to the post/page editor where you can disable specific optimizations on a per-URL basis. This is useful for landing pages that need specific scripts, pages with complex JavaScript interactions, or any page where you want to fine-tune which optimizations apply.
When CSS deferral is enabled, BoostPro automatically generates critical CSS for each page on your site via a cloud API. It creates separate CSS for desktop and mobile viewports so above-the-fold content looks correct on both. Critical CSS is generated on the first visit to each page, cached in the database, and automatically regenerated when content changes. Pages load normally with render-blocking CSS until their critical CSS is ready, then deferral kicks in automatically. This means zero risk of a flash of unstyled content on any page. A manual fallback textarea is also available if you want deferral to activate immediately before auto-generation completes.
Yes. BoostPro includes two WP-CLI commands:
wp boostpro purge to clear all caches (BoostPro plus detected third-party caches) and wp boostpro status to view cache statistics including cached page count, cache size, and last cleared time. Useful for deployment scripts, staging workflows, or managing sites over SSH.BoostPro works on individual sites within a multisite network when activated per-site. Each site gets its own optimization settings and database cleanup schedule. Network-wide configuration is planned for a future release.
CitedPro
CitedPro Questions
Technical questions about CitedPro features and functionality.
AEO (Answer Engine Optimization) focuses on getting your WordPress site featured in AI Overviews, snippets, and voice responses. GEO (Generative Engine Optimization) focuses on getting cited by AI systems like ChatGPT, Claude, and Perplexity. As more people use AI instead of Google, your WordPress site needs both. Traditional SEO gets you ranked. AEO gets you featured. GEO gets you cited.
llms.txt is an emerging GEO standard (like robots.txt but for AI) that gives language models a structured overview of your WordPress site. It tells generative engines what your business does, what you offer, and how you want to be cited. CitedPro automatically generates and maintains your WordPress site's llms.txt file.
Not at all. AEO and GEO build on WordPress SEO fundamentals—they don't replace them. CitedPro enhances your existing strategy. The robots.txt enhancement preserves all your existing rules. The JSON-LD schemas are the same structured data Google recommends for WordPress sites. Good SEO is the foundation for good GEO.
The WordPress dashboard bot tracking shows you exactly which generative engine crawlers are indexing your site, how often, and which pages they're visiting. We track 70+ bots including GPTBot (ChatGPT), ClaudeBot (Anthropic), PerplexityBot, and more. Essential visibility for any WordPress GEO strategy.
Easy. The plugin includes visual toggles to allow or block specific generative engine crawlers. Want to let ClaudeBot in but keep GPTBot out? One click. Your robots.txt updates automatically. Control your GEO strategy at the crawler level.
CitedPro includes llms.txt generation, site-data.json, JSON-LD schema injection, bot tracking for 70+ AI crawlers, bot blocking controls, AI Guidance sections, Smart Generate (AI auto-fill), LLM referral tracking to measure citation-driven traffic, page-level analytics, and CSV export. All features are included in every tier.
AI Guidance lets you tell generative engines exactly how you want to be cited. Set canonical phrases for your business name, preferred citation formats, and the primary queries you want to be found for. It's like brand guidelines for GEO—ensuring AI describes you accurately and consistently.
Smart Generate uses AI to scan your existing website content and automatically fill in your business description, services, FAQs, and other structured data fields. Original, consistent data improves your GEO performance—research shows pages with original data earn up to 4x more AI citations.
LLM referral tracking measures your GEO success by detecting when humans click through to your site from generative engines like ChatGPT, Claude, or Perplexity. You'll see which AI platforms are citing you and driving traffic, and which pages they're landing on.
Yes! CitedPro complements existing WordPress SEO plugins like Yoast SEO, Rank Math, and All in One SEO. Your SEO plugin handles traditional WordPress search optimization. CitedPro adds the AEO and GEO layers on top. They work together—no conflicts.
CitedPro can automatically regenerate your llms.txt when you publish or update WordPress content. For most WordPress sites, weekly regeneration is sufficient. Fresh content matters for GEO—research shows content updated within 30 days earns significantly more AI citations.
CitedPro works on individual sites within a multisite network when activated per-site. Each site gets its own llms.txt, bot tracking, and GEO settings.
Still Have Questions?
We're here to help. Reach out and a real human will get back to you.
Contact Us