WordPress.WP.AlternativeFunctions.file_system_operations_fclose
file system operations fclose
The plugin performs filesystem work with raw PHP functions where WordPress expects safer filesystem handling.
Why It Shows Up
Plugin Check found functions such as `fopen`, `fwrite`, `chmod`, `mkdir`, `readfile`, or related operations.
Why It Matters
WordPress sites can use different filesystem permissions and transports. Raw filesystem calls can fail on common hosts or write to unsafe locations.
How to Fix
- Use WordPress filesystem helpers when writing, reading, or changing files in plugin-managed paths.
- Validate paths and keep writes inside directories owned by the plugin or WordPress uploads.
- Never write PHP code from user input or remote responses.
References
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #1201 | Mailster SendGrid Integration | 83 | 23 | 3 | 1k+ | Missing Translators Comment | ||
| #1202 | Soro – SEO Autopilot & AI Content Writer | 83 | 4 | 10 | 9k+ | Input is not sanitized | ||
| #1203 | Cachify | 84 | 9 | 36 | 9k+ | Non-prefixed global variable | ||
| #1204 | Digital Signature For Contact Form 7 | 84 | 22 | 11 | 5k+ | file system operations fwrite | ||
| #1205 | Web Stories | 84 | 12 | 63 | 60k+ | Non-prefixed global variable | ||
| #1206 | Salt Shaker | 85 | 15 | 13 | 6k+ | Interpolated SQL is not prepared | ||
| #1207 | VenoMaps – OpenStreetMap & Privacy-Friendly Geo Maps | 86 | 20 | 6 | 400 | wp function not compatible with requires wp | ||
| #1208 | Microsoft Azure Storage for WordPress | 86 | 25 | 26 | 2k+ | Missing Translators Comment | ||
| #1209 | ImageKit – URL based image manipulation and optimization | 87 | 47 | 42 | 1k+ | Non-prefixed global variable | ||
| #1210 | Transferito: WP Migration | 88 | 16 | 115 | 500 | Non-prefixed global variable | ||
| #1211 | External files in Media Library | 90 | 16 | 68 | 400 | Direct Query | ||
| #1212 | Snow Monkey Forms | 91 | 36 | 41 | 30k+ | Non-prefixed global variable | ||
| #1213 | Drag and Drop File Upload for Elementor Forms | 94 | 29 | 1 | 1k+ | curl curl setopt | ||
| #1214 | Speed Up – Browser Caching | 95 | 13 | 2 | 700 | file system operations is writable | ||
| #1215 | All Sources Images – Free Images from Pixabay, Unsplash, Openverse, Pexels & Giphy | 96 | 9 | 9 | 700 | wp function not compatible with requires wp | ||
| #1216 | Enable SVG, WebP, and ICO Upload | 96 | 12 | 16 | 10k+ | Non-prefixed global variable | ||
| #1217 | Grow for WordPress | 96 | 7 | 5 | 10k+ | trademarked term | ||
| #1218 | iGen SEO | 96 | 5 | 10 | 400 | Non-prefixed hook name | ||
| #1219 | Flexible Cookies | 97 | 5 | 39 | 3k+ | Non-prefixed global variable | ||
| #1220 | Performant Translations | 97 | 5 | 9 | 40k+ | Non-prefixed global variable | ||
| #1221 | Export/Import Media – CSV Media Library Import & Export | 98 | 7 | 4 | 1k+ | Missing Translators Comment |
