WordPress.WP.AlternativeFunctions.file_system_operations_fopen

file system operations fopen

The plugin performs filesystem work with raw PHP functions where WordPress expects safer filesystem handling.

medium weight

Why It Shows Up

Plugin Check found functions such as `fopen`, `fwrite`, `chmod`, `mkdir`, `readfile`, or related operations.

Why It Matters

WordPress sites can use different filesystem permissions and transports. Raw filesystem calls can fail on common hosts or write to unsafe locations.

How to Fix

  • Use WordPress filesystem helpers when writing, reading, or changing files in plugin-managed paths.
  • Validate paths and keep writes inside directories owned by the plugin or WordPress uploads.
  • Never write PHP code from user input or remote responses.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#751HFD ePost Integration311861101k+Text Domain Mismatch
#752Image Hotspot – Map Image Annotation31952833k+Non-prefixed global variable
#753Interactive Image Map Builder311603811k+Non-prefixed global variable
#754Linguise – AI Automatic Multilingual Translation31612821k+Non-prefixed global variable
#755Login rebuilder3140622620k+Non Singular String Literal Domain
#756LWS Tools3110413410k+Request data is not unslashed
#757Mailgun for WordPress311447880k+Unsafe printing function
#758Pop-up311039110k+Output is not escaped
#759Post Pay Counter316392381k+Output is not escaped
#760Qode Essential Addons315529510k+Non-prefixed global variable
#761Sidebar Manager Light31221761k+Text Domain Mismatch
#762Slider Carousel – Image Slider312241,2333k+Request data is not unslashed
#763SmartBill Facturare si Gestiune314211645k+Text Domain Mismatch
#764SpeedyCache – Cache, Optimization, Performance3165118600k+Input is not validated
#765Staatic – Static Site Generator for WordPress314201952k+SQL query is not prepared
#766Big File Uploads – Increase Maximum File Upload Size3110192100k+Output is not escaped
#767User Spam Remover31115141k+Output is not escaped
#768Blacklist Manager – WooCommerce Anti-Fraud, Blacklist & Checkout Verification312848302k+Missing nonce verification
#769Tooltips for WordPress313122525k+Output is not escaped
#770HireZoot – (WP Job Openings) Job Listings, Career Page & Recruitment Tool311453940k+Non-prefixed global variable
#771WP ULike – Like & Dislike Buttons for Engagement and Feedback3126935860k+Output is not escaped
#772Hosting Benchmark tool312021154k+rand rand
#773YML for Yandex Market313729310k+Non-prefixed global variable
#774Zendesk Support for WordPress31195882k+Output is not escaped
#775ACME Divi Modules3257335400Text Domain Mismatch
#776Affiliate Coupons – Coupon Display Manager – Excellent Tool for Affiliate Marketers32183611k+Output is not escaped
#777AI Alt Text Generator3276241k+Missing Translators Comment
#778Speed Kit32296732k+Output is not escaped
#779Child Theme Configurator32442267300k+Unsafe printing function
#780Code Manager32217261500Nonce verification recommended
#781Contact Form Block326477500Non Singular String Literal Domain
#782Cooked – Recipe Management324622753k+Output is not escaped
#783CSV Import and Exporter32831381k+Non-prefixed global variable
#784Download Attachments32691888k+Non-prefixed hook name
#785Extensions For CF7 (Contact form 7 Database, Conditional Fields and Redirection)325601986k+Text Domain Mismatch
#786GlotPress32403103500Unsafe printing function
#787Translate WordPress with GTranslate3282364900k+Non-prefixed global variable
#788Gwolle Guestbook3226952720k+Output is not escaped
#789Manager for IcoMoon3227068400Short PHP open tag found
#790DEPRECATED – Shipmondo – A complete shipping solution for WooCommerce321661195k+Output is not escaped
#791Persian Admnin Fonts32343468500Non-prefixed global variable
#792Responsive Filterable Portfolio Gallery – Media Grid & Video Portfolio324361631k+Output is not escaped
#793Revolut Gateway for WooCommerce32851576k+Input is not sanitized
#794Shariff Wrapper323340430k+Non-prefixed global variable
#795Simple Ajax Chat – Add a Fast, Secure Chat Box321082662k+Output is not escaped
#796TK Google Fonts GDPR Compliant32582341k+Output is not escaped
#797Tumult Hype Animations32561171k+Output is not escaped
#798User Registration Using Contact Form 73210315500wp function not compatible with requires wp
#799Easy 3D Viewer323992411k+Text Domain Mismatch
#800WT GeoTargeting3289431k+Output is not escaped