WordPress.WP.AlternativeFunctions.file_system_operations_fclose

file system operations fclose

The plugin performs filesystem work with raw PHP functions where WordPress expects safer filesystem handling.

medium weight

Why It Shows Up

Plugin Check found functions such as `fopen`, `fwrite`, `chmod`, `mkdir`, `readfile`, or related operations.

Why It Matters

WordPress sites can use different filesystem permissions and transports. Raw filesystem calls can fail on common hosts or write to unsafe locations.

How to Fix

  • Use WordPress filesystem helpers when writing, reading, or changing files in plugin-managed paths.
  • Validate paths and keep writes inside directories owned by the plugin or WordPress uploads.
  • Never write PHP code from user input or remote responses.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#1151Surge6046474k+Non-prefixed global variable
#1152WoowGallery60151781k+Non-prefixed global variable
#1153Newspack Newsletters6153471k+Request data is not unslashed
#1154When Last Login – Export User Records611813500Output is not escaped
#1155Import entries for Gravity Forms62626500Input is not validated
#1156Easy SSL Plugin for SAKURA Rental Server62231750k+Input is not sanitized
#1157Include Klaviyo for Elementor pro6360102k+Missing Arg Domain
#1158Admin CSS MU643058210k+Non-prefixed global variable
#1159CV Demo Importer642195400Non-prefixed global variable
#1160Embed Google Fonts642875k+Output is not escaped
#1161WP Search with Algolia6426167k+Exception output is not escaped
#1162Яндекс.ПДС Пингер / Yandex Site search pinger64215800Output is not escaped
#1163QRCode652139400Non-prefixed constant
#1164WP-Farsi652636600Non-prefixed function
#1165Debug Log Manager – Conveniently Monitor and Inspect Errors66334410k+Input is not validated
#1166Easy PHP Settings6634481k+Missing Translators Comment
#1167Really Simple CSV Importer6638840k+Output is not escaped
#1168Safe Redirect Manager6696040k+Non-prefixed hook name
#1169Affiliates Manager Google reCAPTCHA Integration671810400Request data is not unslashed
#1170Meks Audio Player672571k+Output is not escaped
#1171Printful Integration for WooCommerce672187650k+Text Domain Mismatch
#1172Simple HTTPS671713400Output is not escaped
#1173wp-Typography67913320k+Missing direct file access protection
#1174Desert Companion6841283720k+Non-prefixed global variable
#1175Faire for WooCommerce68486800Direct Query
#1176Russian Post and EMS for WooCommerce6816471k+Non-prefixed global variable
#1177WiserReview Product Reviews for WooCommerce6821110900Non-prefixed global variable
#1178Solid Mail – SMTP email and logging made by SolidWP68161760k+Database parameter is not escaped
#1179Debug6925342k+Input is not sanitized
#1180Mailster WordPress Newsletter Plugin6914118k+Output is not escaped
#1181Show-Hide / Collapse-Expand70181510k+Missing direct file access protection
#1182SQL Executioner7018172k+Non-prefixed global variable
#1183Bold Timeline Lite7122056110k+Non-prefixed global variable
#1184Nginx Helper714760200k+Non-prefixed global variable
#1185Cloudinary – Deliver Images and Videos at Scale726911345k+Text Domain Mismatch
#1186Shipping Rate By Cities72421700Direct Query
#1187TinyPNG – JPEG, PNG & WebP image compression724073100k+Non-prefixed global variable
#1188Emergency password reset735614800wp function not compatible with requires wp
#1189Export Plugin Details731362k+Output is not escaped
#1190WPWaterMark 轻水印插件7324171k+Request data is not unslashed
#1191Custom Icons for Elementor and WPBakery74353810k+Non-prefixed global variable
#1192reCAPTCHA for bbPress751419800Non-prefixed function
#1193wp-forecast752631175k+Missing Arg Domain
#1194Ajax Search Lite – Live Search & Filter7612626480k+Non-prefixed hook name
#1195Cache External Scripts76214900Output is not escaped
#1196RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator773728240k+Non-prefixed global variable
#1197Mailster Mailgun Integration77165500Missing Translators Comment
#1198FAQ Schema For Pages And Posts815657k+Text Domain Mismatch
#1199WordPress REST API (Version 2)824761310k+Missing Arg Domain
#1200Mailster SendGrid Integration832331k+Missing Translators Comment