=== Royal Ledger – WordPress Cost Tracker & License Key Manager ===
Contributors: royalpluginsteam
Tags: cost tracker, license keys, renewals, expenses, site costs
Requires at least: 5.9
Tested up to: 7.0
Requires PHP: 7.4
Stable tag: 1.0.3
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Track WordPress site costs (plugins, hosting, domains, CDN, SaaS) and securely vault license keys with AES-256 encryption. 100% free, no signup.

== Description ==

https://youtu.be/UMrWwKqG2V0

Royal Ledger is the simple, free WordPress cost tracker that finally answers "what does my site actually cost?" Track every recurring expense — premium plugins, web hosting, domains, CDN, email, SaaS subscriptions — and securely store the license keys you receive from third-party vendors with AES-256 encryption. No signup, no phone-home, no premium tier, no upsell.

Royal Ledger itself is 100% free, fully functional, and has no premium tier, no license check, no usage limits, and no external service. Every feature works out of the box on activation.

**Stop losing track of what you're paying for.**

Most WordPress site owners have no idea how much their site actually costs. Between premium plugins, hosting, domains, CDNs, email services, and SaaS tools, expenses add up fast. Royal Ledger gives you a clear picture of your total site spend in one place.

= What You Can Track =

Royal Ledger isn't tied to any specific vendor — track anything that bills you on a monthly, quarterly, or annual cycle. Common examples:

* **Premium WordPress plugins** — WPForms Pro, Yoast Premium, Elementor Pro, Rank Math Pro, Astra Pro, ACF Pro, Gravity Forms, WP Rocket, Smush Pro, MonsterInsights, OptinMonster, WP Fastest Cache Premium, and any other paid plugin renewal.
* **WordPress hosting** — HostGator, Hostinger, SiteGround, Bluehost, GoDaddy, WP Engine, Kinsta, Cloudways, Pressable, Pantheon, Flywheel, Liquid Web, A2 Hosting — managed WordPress, shared, VPS, or dedicated.
* **Domain registrars** — Namecheap, GoDaddy Domains, Google Domains, Cloudflare Registrar, Hover, Porkbun, Dynadot, Name.com.
* **CDN and performance** — Cloudflare Pro / Business, KeyCDN, BunnyCDN, StackPath, Fastly, Amazon CloudFront.
* **Security and monitoring** — Sucuri, Wordfence Premium, MalCare, iThemes Security Pro, Patchstack, Jetpack Security.
* **Email and SMTP** — Google Workspace, Microsoft 365, Mailgun, SendGrid, Postmark, Amazon SES, Brevo (Sendinblue), Resend.
* **Premium themes** — Astra Pro, GeneratePress Premium, Kadence Pro, Divi (Elegant Themes), Avada, Genesis Pro.
* **SaaS subscriptions** — anything else tied to your site: page builders, analytics, search, AI services, design tools, file storage, anything billed on a recurring cycle.

= Key Features =

* **Cost Dashboard** - See your monthly burn rate, annual costs, and active subscriptions at a glance
* **Visual Breakdown** - Doughnut chart showing spending by category (plugins, hosting, domains, SaaS, etc.)
* **Renewal Calendar** - Month-by-month calendar view of upcoming renewals so nothing catches you off guard
* **License Key Vault** - Store the license keys you receive from third-party plugin and service vendors with AES-256 encryption. Copy with one click, auto-hides after 30 seconds
* **Plugin Auto-Detection** - Automatically scans your installed plugins and adds them as trackable cost items
* **Email Reminders** - Get notified before renewals are due (configurable: 7, 14, or 30 days ahead)
* **Export & Import** - CSV export for spreadsheets, JSON backup for migration between sites
* **Dashboard Widget** - Quick overview right on your WordPress dashboard

= Categories =

Track costs across six categories:
* Plugins
* Themes
* Hosting
* Domains
* SaaS Services
* Other

= Security =

License keys are encrypted using AES-256-CBC with HMAC tamper detection, derived from your WordPress security salts. Keys are never stored in plaintext.

= Privacy =

Royal Ledger stores all data locally in your WordPress database. No data is sent to external servers. No account required.

= External Services =

Royal Ledger does not connect to any external services. The plugin makes no outbound HTTP requests, does not call any API, does not check any license server, and does not phone home. All processing — cost calculations, encryption, plugin scanning, renewal reminders — happens entirely on your own WordPress site. The "Plugin Auto-Detection" feature reads your locally installed plugins via the standard `get_plugins()` WordPress function and uses the existing `update_plugins` site transient that WordPress core already maintains; it sends nothing externally.

= GPL Compliance and Free Functionality =

Royal Ledger is licensed under GPLv2 or later, and every feature is fully unlocked for every user on activation. There is no free-vs-premium split, no feature gated behind a license key, no trial period, no usage quota, and no time limit. The plugin's source code contains no calls to any license server and no conditional code paths that disable functionality based on payment, registration, or activation status.

== Installation ==

1. Upload the `royal-ledger` folder to `/wp-content/plugins/`
2. Activate the plugin through the 'Plugins' menu
3. Go to **Royal Ledger** in the admin menu to start tracking costs

== Frequently Asked Questions ==

= Is Royal Ledger really 100% free? =

Yes. Royal Ledger has no premium tier, no license check, no usage limits, no time limit, and no paid features. Every feature is unlocked the moment you activate the plugin. There is no Pro version to upsell.

= Where is my data stored? =

All data is stored in your own WordPress database. Nothing is sent to external servers, no account is required, and the plugin makes zero outbound HTTP requests.

= Are my license keys secure? =

Yes. License keys are encrypted using AES-256-CBC with HMAC integrity verification before they touch the database. The encryption key is derived from your WordPress security salts (AUTH_KEY and AUTH_SALT), so each site has unique encryption that survives database backups and migrations between hosts.

= Can I track my web hosting cost (HostGator, Hostinger, SiteGround, WP Engine, etc.)? =

Yes. Royal Ledger supports any cost source — managed WordPress hosting (WP Engine, Kinsta, Pressable, Flywheel, Pantheon), shared hosting (HostGator, Hostinger, SiteGround, Bluehost, GoDaddy, A2 Hosting), VPS, dedicated servers, or anything else billed monthly or annually. Add it as a "Hosting" cost item with the renewal date and Royal Ledger handles the rest.

= Can I store license keys for plugins like WPForms, Yoast, Elementor, Rank Math, or Gravity Forms? =

Yes. The License Key Vault is designed exactly for this use case. Store the keys you received from any third-party plugin or service vendor — WPForms Pro, Yoast Premium, Elementor Pro, Rank Math Pro, Astra Pro, ACF Pro, Gravity Forms, WP Rocket, MonsterInsights, OptinMonster, Sucuri, Wordfence Premium, and so on. Keys are encrypted at rest, masked in the UI, and revealed with one click for copy/paste when you need them.

= Does Royal Ledger send any data to external services? =

No. The plugin makes no outbound HTTP requests, does not call any API, does not check any license server, and does not phone home. All processing — cost calculations, encryption, plugin scanning, renewal reminders — happens entirely on your own WordPress site. There is nothing to opt out of because there is nothing being sent.

= Will Royal Ledger slow down my site? =

No. Royal Ledger only loads its admin assets on its own admin pages. There is zero frontend impact — no scripts, styles, or database queries run on visitor-facing pages. The optional WordPress dashboard widget runs a single small SQL query.

= How do email renewal reminders work? =

The plugin schedules a daily WordPress cron event. Each day it checks for cost items renewing within your alert window (7, 14, or 30 days) and sends a single summary email to your chosen recipient. Royal Ledger uses WordPress's standard `wp_mail()` function and detects an active SMTP plugin (Royal SMTP, WP Mail SMTP, Post SMTP, FluentSMTP, Easy WP SMTP, Mailgun, SendGrid, Gmail SMTP, MailerSend, etc.) so you can confirm reliable delivery before relying on the alerts.

= Can I import my existing cost spreadsheet? =

Yes. Royal Ledger imports CSV (with the same columns as the export) and JSON backup files. Paste CSV data directly into the import field — useful for migrating from a spreadsheet you've been keeping in Google Sheets, Excel, Notion, or Airtable.

= Can I export my data? =

Yes. CSV export gives you a clean spreadsheet of cost items (license keys excluded for safety). JSON full backup includes every cost item plus encrypted license keys for migration to a new WordPress install or off-site backup.

= Will Royal Ledger auto-detect my installed plugins? =

Yes. The Plugin Auto-Detection scanner reads your installed plugins via WordPress's standard `get_plugins()` function and adds paid or custom plugins as cost items. Free plugins from wordpress.org are skipped automatically so the scanner only surfaces things you're likely paying for.

= What happens to my data if I deactivate or uninstall the plugin? =

Deactivation preserves all cost items and encrypted license keys. Full uninstall (Plugins → Delete) removes the plugin's database tables and options — make a JSON backup first if you want to keep the data.

= Does Royal Ledger work on WordPress multisite? =

Yes, on a per-site basis. Each site in a multisite network tracks its own costs independently with its own database tables and settings.

= Can agencies use Royal Ledger to track costs across multiple client sites? =

Yes. Install Royal Ledger on each client site and use the JSON export to consolidate cost data into a master spreadsheet, or treat each client site's costs separately for transparent monthly invoicing. Royal Ledger is GPL — no per-site fees.

= Is there a Pro version? =

No. Royal Ledger is intentionally a single, fully-featured free plugin. There is no upsell, no nag, no feature gate.

== Screenshots ==

1. Dashboard with cost summary and category breakdown
2. Cost items list with filtering and search
3. License key vault with masked keys
4. Renewal calendar view
5. Settings and import/export

== Changelog ==

= 1.0.3 =
* Feature: SMTP plugin detection on the Email Alerts settings page so users know whether renewal alerts will deliver reliably.
* Docs: Clarified in description and feature list that the License Key Vault stores license keys the user receives from third-party plugin and service vendors, not any kind of license check on Royal Ledger itself.
* Docs: Added an "External Services" section confirming the plugin makes no outbound HTTP requests and does not connect to any external service.
* Docs: Added a "GPL Compliance and Free Functionality" section confirming every feature is unlocked for every user on activation.

= 1.0.2 =
* Fix: WordPress Plugin Check (PCP) compliance — all warnings resolved
* Fix: Prefixed all global variables in view files (WordPress naming convention)
* Fix: Added phpcs:ignore annotations for safe database table interpolation
* Fix: Corrected nonce verification ignore placement in AJAX handlers

= 1.0.1 =
* Improved: Plugin scanner now skips free wordpress.org plugins automatically
* Improved: Only paid/custom plugins are added as cost items (reduces clutter)
* Improved: Scan feedback message shows how many free plugins were skipped

= 1.0.0 =
* Initial release
* Cost tracking with 6 categories
* AES-256 encrypted license key vault
* Renewal calendar with color-coded dots
* Plugin auto-detection scanner
* Email renewal reminders
* CSV and JSON export/import
* Dashboard widget

== Upgrade Notice ==

= 1.0.0 =
Initial release.
