WordPress.WP.AlternativeFunctions.file_system_operations_fclose

file system operations fclose

The plugin performs filesystem work with raw PHP functions where WordPress expects safer filesystem handling.

medium weight

Why It Shows Up

Plugin Check found functions such as `fopen`, `fwrite`, `chmod`, `mkdir`, `readfile`, or related operations.

Why It Matters

WordPress sites can use different filesystem permissions and transports. Raw filesystem calls can fail on common hosts or write to unsafe locations.

How to Fix

  • Use WordPress filesystem helpers when writing, reading, or changing files in plugin-managed paths.
  • Validate paths and keep writes inside directories owned by the plugin or WordPress uploads.
  • Never write PHP code from user input or remote responses.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#951QuickWebP – Compress / Optimize Images & Convert WebP | SEO Friendly352251108k+Non Singular String Literal Domain
#952Security Optimizer – The All-In-One Protection Plugin3540861m+Input is not sanitized
#953Simple History – Track, Log, and Audit WordPress Changes3532122300k+Non-prefixed global variable
#954Solid Performance – Your No-Code Caching, Performance, & Page Speed Solution3575614k+Exception output is not escaped
#955String locator3552319100k+Non-prefixed global variable
#956Taxonomy CSV Import Export35530700Missing nonce verification
#957The Courier Guy Shipping for WooCommerce35571073k+Missing nonce verification
#958Vendi Abandoned Plugin Check351331k+trademarked term
#959Video Grid352531061k+Output is not escaped
#960Video Gallery35336178600Output is not escaped
#961ShipStation Live Rates for WooCommerce3540273900Non Singular String Literal Domain
#962Converter for Media – Optimize images | Convert WebP & AVIF3513353500k+curl curl setopt
#963Easy Accept Payments via PayPal353221287k+Text Domain Mismatch
#964WP Compiler3533201k+Output is not escaped
#965Database Backup for WordPress351288870k+Output is not escaped
#966Mail logging – WP Mail Catcher3523215720k+Text Domain Mismatch
#967WP-Paginate35375520k+Input is not validated
#968WP PGP Encrypted Emails356339400Output is not escaped
#969video carousel slider with lightbox353501361k+Output is not escaped
#970Integration for WooCommerce and QuickBooks352631251k+Output is not escaped
#971WSB HUB335361091k+Missing nonce verification
#972XServer Migrator35395310k+Interpolated SQL is not prepared
#973Yabe Webfont – Use Custom Fonts, Google Fonts or Adobe Fonts35481145k+Non-prefixed hook name
#974Year Make Model Search for WooCommerce351881621k+Output is not escaped
#975Bard Extra3615975700Text Domain Mismatch
#976Blaze Demo Importer36101948k+Output is not escaped
#977bpost shipping369743700Output is not escaped
#978Cashflows for WooCommerce3611836600Text Domain Mismatch
#979Simple SEO3616411310k+Non Singular String Literal Domain
#980CLP – Custom Login Page by NiteoThemes3624049700Output is not escaped
#981ColorMeShop WordPress Plugin3639237600Exception output is not escaped
#982Custom Database Applications by Caspio363263400Input is not sanitized
#983Custom PHP Settings361537610k+Output is not escaped
#984Dashboard Widgets Suite362061244k+Output is not escaped
#985Database Collation Fix3650321k+Output is not escaped
#986Depicter — Popup & Slider Builder3613012180k+Exception output is not escaped
#987Drag and Drop Multiple File Upload for Contact Form 736823660k+wp function not compatible with requires wp
#988Export Variable Products367949400Text Domain Mismatch
#989HTML5 Maps361941605k+Output is not escaped
#990If-So Geolocation3650571k+Non-prefixed global variable
#991Just TinyMCE Custom Styles36112281k+Missing Arg Domain
#992Leartes TRY Exchange Rates3625027500Text Domain Mismatch
#993We’re Open!362731875k+Unsafe printing function
#994Order Status History for WooCommerce362101711k+Output is not escaped
#995PDF Forms Filler for CF736185793k+Text Domain Mismatch
#996PDF Forms Filler for WPForms3616154600Text Domain Mismatch
#997Plugins Garbage Collector (Database Cleanup)36325110k+Missing nonce verification
#998Qubely – Advanced Gutenberg Blocks3639788k+Request data is not unslashed
#999Quick 301 Redirects36891205k+Non-prefixed global variable
#1000Search & Replace365053100k+Missing nonce verification