Does Hellō Login have any unpatched vulnerabilities?

No. All known vulnerabilities in Hellō Login have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Hellō Login compatible with WordPress 6.4.8?

According to WordPress.org data, Hellō Login 1.5.4 has been tested up to WordPress 6.4.8. Check the plugin's changelog for the latest compatibility information.

Is Hellō Login compatible with PHP 7.4+?

Hellō Login requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Hellō Login updated?

Hellō Login was last updated on Nov 14, 2023. Frequent updates are generally a positive security signal.

What is Hellō Login's security score?

Hellō Login has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Hellō Login Security & Risk Analysis

wordpress.org/plugins/hello-login

Free and simple to setup plugin provides registration and login with the Hellō Wallet. Users choose from popular social login, email, or phone.

10 active installs v1.5.4 PHP 7.4+ WP 4.9+ Updated Nov 14, 2023

appsloginoauth2openidconnectsecurity

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Hellō Login Safe to Use in 2026?

Generally Safe

Score 85/100

Hellō Login has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago

Risk Assessment

The "hello-login" plugin v1.5.4 exhibits a generally good security posture based on the provided static analysis. The plugin demonstrates a strong adherence to WordPress security best practices, with a high percentage of properly escaped output and a robust use of capability checks. The absence of dangerous functions and a clean vulnerability history further contribute to its positive security assessment. However, the presence of two unsanitized paths in the taint analysis warrants attention. While these flows did not reach a critical or high severity, unsanitized paths can be a precursor to vulnerabilities if user-supplied data is not handled appropriately, especially in conjunction with file operations or external HTTP requests.

The plugin has no recorded CVEs, which is a significant strength and suggests a history of secure development. The limited attack surface, with no unprotected entry points, is also commendable. The moderate use of prepared statements for SQL queries is acceptable but could be improved. Overall, "hello-login" appears to be a relatively secure plugin with a few areas for potential enhancement, primarily around input sanitization for identified unsanitized paths.

Key Concerns

Unsanitized paths in taint analysis
SQL queries with only 50% prepared statements

Vulnerabilities

None known

Hellō Login Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Hellō Login Code Analysis

Dangerous Functions

Raw SQL Queries

1 prepared

Unescaped Output

119 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

50% prepared2 total queries

Output Escaping

98% escaped122 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

4 flows2 with unsanitized paths

handle_login_page (includes\hello-login-login-form.php:108)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Hellō Login Attack Surface

Entry Points2

Unprotected0

Shortcodes 2

[hello_login_auth_url] hello-login.php:189

[hello_login_button] includes\hello-login-login-form.php:73

WordPress Hooks 28

actionhello-login-cron-dailyhello-login.php:192

actionshow_user_profilehello-login.php:203

actionedit_user_profilehello-login.php:204

actionparse_requesthello-login.php:208

actioninithello-login.php:519

filterhttp_headers_useragenthello-login.php:522

actionactivated_pluginhello-login.php:529

actionwp_enqueue_scriptsincludes\functions.php:22

actionlogin_enqueue_scriptsincludes\functions.php:23

actionadmin_enqueue_scriptsincludes\functions.php:24

filterbody_classincludes\functions.php:52

filteradmin_body_classincludes\functions.php:53

filterlogin_messagesincludes\hello-login-login-form.php:62

filterlogin_messageincludes\hello-login-login-form.php:64

filtercomment_reply_link_argsincludes\hello-login-login-form.php:68

filtercomment_reply_linkincludes\hello-login-login-form.php:69

filtercomment_form_defaultsincludes\hello-login-login-form.php:70

actionlogin_footerincludes\hello-login-login-form.php:95

actionadmin_menuincludes\hello-login-settings-page.php:115

actionadmin_initincludes\hello-login-settings-page.php:118

actionadmin_noticesincludes\hello-login-settings-page.php:254

actionadmin_noticesincludes\hello-login-settings-page.php:257

actionadmin_noticesincludes\hello-login-settings-page.php:260

actionadmin_noticesincludes\hello-login-settings-page.php:263

actionadmin_noticesincludes\hello-login-settings-page.php:266

actionadmin_noticesincludes\hello-login-settings-page.php:269

actionadmin_noticesincludes\hello-login-settings-page.php:272

actionadmin_noticesincludes\hello-login-settings-page.php:276

Scheduled Events 1

hello-login-cron-daily

Maintenance & Trust

Hellō Login Maintenance & Trust

Maintenance Signals

WordPress version tested6.4.8

Last updatedNov 14, 2023

PHP min version7.4

Downloads2K

Community Trust

Rating60/100

Number of ratings2

Active installs10

Alternatives

Hellō Login Alternatives

OpenID Connect Generic Client

daggerhart-openid-connect-generic

A simple client that provides SSO or opt-in authentication against a generic OAuth2 Server implementation.

10K 2 CVEs

Limit Login Attempts Reloaded – Login Security, Brute Force Protection, Firewall

limit-login-attempts-reloaded

Block excessive login attempts and protect your site against brute force attacks. Simple, yet powerful tools to improve site performance.

2.0M 4 CVEs

All-In-One Security (AIOS) – Security and Firewall

all-in-one-wp-security-and-firewall

Protect your website investment with All-In-One Security (AIOS) – a comprehensive and easy to use security plugin designed especially for WordPress.

1.0M 26 CVEs

Loginizer

loginizer

Loginizer is a WordPress security plugin which helps you fight against bruteforce attacks.

1.0M 8 CVEs

Security Optimizer – The All-In-One Protection Plugin

sg-security

Secure your WordPress site from brute-force attacks, threats, malware, and bots. Free to use and easy to set up.

1.0M 5 CVEs

Developer Profile

Hellō Login Developer Profile

Marius Scurtescu

1 plugin · 10 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Hellō Login

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Version Parameters

hello-login/style.css?ver=hello-login/js/hello-login-admin.js?ver=hello-login/js/hello-login-frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes

hello-login-adminhello-login-settings-pagehello-login-fieldhello-login-fieldshello-login-tabshello-login-tabhello-login-tab-contenthello-login-button+2 more

HTML Comments

+34 more

Data Attributes

data-hello-login-client-iddata-hello-login-redirect-uri

JS Globals

helloLoginFrontend

REST Endpoints

/wp-json/hello-login/v1/callback/wp-json/hello-login/v1/unlink/wp-json/hello-login/v1/quickstart/wp-json/hello-login/v1/start/wp-json/hello-login/v1/event

Shortcode Output

[hello_login_auth_url]

FAQ