WordPress.WP.AlternativeFunctions.file_system_operations_fopen
file system operations fopen
The plugin performs filesystem work with raw PHP functions where WordPress expects safer filesystem handling.
Why It Shows Up
Plugin Check found functions such as `fopen`, `fwrite`, `chmod`, `mkdir`, `readfile`, or related operations.
Why It Matters
WordPress sites can use different filesystem permissions and transports. Raw filesystem calls can fail on common hosts or write to unsafe locations.
How to Fix
- Use WordPress filesystem helpers when writing, reading, or changing files in plugin-managed paths.
- Validate paths and keep writes inside directories owned by the plugin or WordPress uploads.
- Never write PHP code from user input or remote responses.
References
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #1101 | Transferito: WP Migration | 88 | 16 | 115 | 500 | Non-prefixed global variable | ||
| #1102 | External files in Media Library | 90 | 18 | 68 | 400 | Direct Query | ||
| #1103 | Snow Monkey Forms | 91 | 36 | 41 | 30k+ | Non-prefixed global variable | ||
| #1104 | Drag and Drop File Upload for Elementor Forms | 94 | 29 | 1 | 1k+ | curl curl setopt | ||
| #1105 | Speed Up – Browser Caching | 95 | 13 | 2 | 700 | file system operations is writable | ||
| #1106 | All Sources Images – Free Images from Pixabay, Unsplash, Openverse, Pexels & Giphy | 96 | 9 | 9 | 700 | wp function not compatible with requires wp | ||
| #1107 | Enable SVG, WebP, and ICO Upload | 96 | 12 | 16 | 10k+ | Non-prefixed global variable | ||
| #1108 | Grow for WordPress | 96 | 7 | 5 | 10k+ | trademarked term | ||
| #1109 | iGen SEO | 96 | 5 | 10 | 400 | Non-prefixed hook name | ||
| #1110 | Flexible Cookies | 97 | 5 | 39 | 3k+ | Non-prefixed global variable | ||
| #1111 | Performant Translations | 97 | 5 | 9 | 40k+ | Non-prefixed global variable |
