WordPress.WP.AlternativeFunctions.file_system_operations_fclose

file system operations fclose

The plugin performs filesystem work with raw PHP functions where WordPress expects safer filesystem handling.

medium weight

Why It Shows Up

Plugin Check found functions such as `fopen`, `fwrite`, `chmod`, `mkdir`, `readfile`, or related operations.

Why It Matters

WordPress sites can use different filesystem permissions and transports. Raw filesystem calls can fail on common hosts or write to unsafe locations.

How to Fix

  • Use WordPress filesystem helpers when writing, reading, or changing files in plugin-managed paths.
  • Validate paths and keep writes inside directories owned by the plugin or WordPress uploads.
  • Never write PHP code from user input or remote responses.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#1001PDF Forms Filler for WPForms3616154600Text Domain Mismatch
#1002Plugins Garbage Collector (Database Cleanup)36325110k+Missing nonce verification
#1003Qubely – Advanced Gutenberg Blocks3639788k+Request data is not unslashed
#1004Quick 301 Redirects36891205k+Non-prefixed global variable
#1005QuickWebP – Compress / Optimize Images & Convert WebP | SEO Friendly361721088k+Non Singular String Literal Domain
#1006Search & Replace365053100k+Missing nonce verification
#1007Search Everything361657710k+Text Domain Mismatch
#1008Speed Optimizer – The All-In-One Performance-Boosting Plugin3645961m+Non-prefixed hook name
#1009Shadowbox JS36246141k+Unsafe printing function
#1010SMTP for SendGrid – YaySMTP3627961k+Non-prefixed global variable
#1011Sync QCloud COS3663109600Non-prefixed function
#1012SuperFaktura WooCommerce36601152k+Nonce verification recommended
#1013Export Themes36122902k+Non-prefixed constant
#1014WP LaTeX3610312700Output is not escaped
#1015Payment Button for PayPal36155864k+Unsafe printing function
#1016WP Hardening (discontinued)362308510k+Text Domain Mismatch
#1017WP Stripe Checkout361981181k+Unsafe printing function
#1018WP Super Edit36351852k+Nonce verification recommended
#1019Analytics Spam Blocker377622800Unsafe printing function
#1020Call Now Button – The #1 Click to Call Button for WordPress371,2735200k+Exception output is not escaped
#1021Checkout for PayPal3713467600Unsafe printing function
#1022CookieAdmin – Cookie Consent Banner374386400k+Nonce verification recommended
#1023Debug Log Viewer3726831k+Missing nonce verification
#1024.htaccess Site Access Control375467800Input is not sanitized
#1025Injection Guard3786451k+Unsafe printing function
#1026Job Manager & Career – Manage job board listings, and recruitments371122052k+Missing nonce verification
#1027Local Time Clock37105111k+Output is not escaped
#1028Maintenance Page3762333k+Output is not escaped
#1029Meks Video Importer37622392k+Input is not sanitized
#1030PNG to JPG371301739k+Interpolated SQL is not prepared
#1031Sensei LMS Certificates37973624k+Non-prefixed global variable
#1032Spam Destroyer3763436k+rand rand
#1033TelSender – Сontact form 7, Events, Wpforms, ninja forms and woocommerce to telegram bot3748406k+Unsafe printing function
#1034Tilopay37351301k+Nonce verification recommended
#1035Tracking Code Manager37554290k+Output is not escaped
#1036Conditional Discounts for WooCommerce – A simple yet complete woocommerce dynamic pricing plugin37993310k+Text Domain Mismatch
#1037Fix Media Library3753711k+Output is not escaped
#1038ReCaptcha Integration for WordPress3760669k+Output is not escaped
#1039Special Text Boxes3738422k+Direct Query
#1040Advanced Media Offloader3857935k+error log error log
#1041Anant Sites — Elementor & Gutenberg Readymade Template Library Free & Pro Templates38201561k+Non-prefixed global variable
#1042Activity Log – Monitor & Record User Changes3881149200k+Nonce verification recommended
#1043Audio Story Images384644400Output is not escaped
#1044Automatic Post Tagger385923072k+Output is not escaped
#1045CRUDLab Disable Comments382054700Missing nonce verification
#1046Erident Custom Login and Dashboard38122288k+Unsafe printing function
#1047HashThemes Demo Importer3871446k+Output is not escaped
#1048Lana Downloads Manager38146783k+Unsafe printing function
#1049Contact Form Widget38541071k+Request data is not unslashed
#1050OneSignal – Web Push Notifications38536470k+Output is not escaped