WP-Safety

YEGHRO Nostr Login Security & Risk Analysis

wordpress.org/plugins/nostr-login

Enable secure WordPress authentication using Nostr keys - login with your Nostr identity.

10 active installs v1.8 PHP 7.0+ WP 5.0+ Updated Jan 31, 2025
authenticationbitcoindecentralizedloginnostr
92
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is YEGHRO Nostr Login Safe to Use in 2026?

Generally Safe

Score 92/100

YEGHRO Nostr Login has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago
Risk Assessment

The "nostr-login" v1.8 plugin exhibits a generally positive security posture with several strengths. The complete absence of known CVEs and a consistent track record of no recorded vulnerabilities suggest a development team that prioritizes security or has had limited exposure. The code's adherence to prepared statements for all SQL queries, robust output escaping (79%), and a good number of nonce and capability checks are commendable practices. However, a significant concern arises from the attack surface analysis, which reveals one out of five AJAX handlers lacks authentication checks. This single unprotected entry point presents a potential avenue for unauthorized actions if it handles sensitive operations.

Key Concerns

  • Unprotected AJAX handler found
  • Non-critical output escaping (21% unescaped)
Vulnerabilities
None known

YEGHRO Nostr Login Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

YEGHRO Nostr Login Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
15
57 escaped
Nonce Checks
5
Capability Checks
6
File Operations
0
External Requests
1
Bundled Libraries
0

Output Escaping

79% escaped72 total outputs
Attack Surface
1 unprotected

YEGHRO Nostr Login Attack Surface

Entry Points5
Unprotected1

AJAX Handlers 5

authwp_ajax_nostr_import_postsincludes\class-nostr-import.php:29
authwp_ajax_nostr_loginincludes\class-nostr-login.php:23
noprivwp_ajax_nostr_loginincludes\class-nostr-login.php:24
authwp_ajax_nostr_registerincludes\class-nostr-login.php:25
authwp_ajax_nostr_sync_profileincludes\class-nostr-login.php:32
WordPress Hooks 19
actionwp_headincludes\class-nostr-import.php:18
actionadmin_headincludes\class-nostr-import.php:19
actionadmin_menuincludes\class-nostr-import.php:24
actionadmin_initincludes\class-nostr-import.php:25
actionadmin_enqueue_scriptsincludes\class-nostr-import.php:26
filterhttp_request_argsincludes\class-nostr-import.php:397
filterupload_mimesincludes\class-nostr-import.php:468
actionlogin_enqueue_scriptsincludes\class-nostr-login.php:21
actionlogin_formincludes\class-nostr-login.php:22
actionshow_user_profileincludes\class-nostr-login.php:26
actionedit_user_profileincludes\class-nostr-login.php:27
actionpersonal_options_updateincludes\class-nostr-login.php:28
actionedit_user_profile_updateincludes\class-nostr-login.php:29
actionadmin_menuincludes\class-nostr-login.php:30
actionadmin_initincludes\class-nostr-login.php:31
actionadmin_enqueue_scriptsincludes\class-nostr-login.php:33
actionplugins_loadednostrLogin.php:37
filterget_avatar_urlnostrLogin.php:62
actionplugins_loadednostrLogin.php:68
Maintenance & Trust

YEGHRO Nostr Login Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedJan 31, 2025
PHP min version7.0
Downloads1K

Community Trust

Rating100/100
Number of ratings1
Active installs10
Alternatives

YEGHRO Nostr Login Alternatives

All-In-One Security (AIOS) – Security and Firewall

All-In-One Security (AIOS) – Security and Firewall

all-in-one-wp-security-and-firewall

A
93

Protect your website investment with All-In-One Security (AIOS) – a comprehensive and easy to use security plugin designed especially for WordPress.

1.0M 26 CVEs
Limit Login Attempts

Limit Login Attempts

limit-login-attempts

B
82

Limit rate of login attempts, including by way of cookies, for each IP. Fully customizable.

300K 3 CVEs
WPS Limit Login

WPS Limit Login

wps-limit-login

A
96

WPS Limit login limit connection attempts by IP address

100K 3 CVEs
Wordfence Login Security

Wordfence Login Security

wordfence-login-security

A
92

Secure your website with Wordfence Login Security, providing two-factor authentication, login and registration CAPTCHA, and XML-RPC protection.

70K No CVEs
Titan Anti-spam & Security

Titan Anti-spam & Security

anti-spam

A
98

Block spam comments, defend against login attempts, and strengthen site security with anti-spam, brute-force protection, and two-factor authentication …

60K 3 CVEs
Developer Profile

YEGHRO Nostr Login Developer Profile

YEGHRO

1 plugin · 10 total installs

88
trust score
Avg Security Score
92/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect YEGHRO Nostr Login

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/nostr-login/assets/js/nostr-imports.min.js
Script Paths
/wp-content/plugins/nostr-login/assets/js/nostr-imports.min.js
Version Parameters
nostr-login/style.css?ver=nostr-login/script.js?ver=

HTML / DOM Fingerprints

CSS Classes
nostr-login-buttonnostr-login-formnostr-login-wrappernostr-login-settings
Data Attributes
data-nostr-login-actiondata-nostr-login-user-id
JS Globals
nostrLoginnostrImport
Shortcode Output
[nostr_login_button][nostr_login_form]
FAQ

Frequently Asked Questions about YEGHRO Nostr Login