WordPress.WP.AlternativeFunctions.file_system_operations_fopen

file system operations fopen

The plugin performs filesystem work with raw PHP functions where WordPress expects safer filesystem handling.

medium weight

Why It Shows Up

Plugin Check found functions such as `fopen`, `fwrite`, `chmod`, `mkdir`, `readfile`, or related operations.

Why It Matters

WordPress sites can use different filesystem permissions and transports. Raw filesystem calls can fail on common hosts or write to unsafe locations.

How to Fix

  • Use WordPress filesystem helpers when writing, reading, or changing files in plugin-managed paths.
  • Validate paths and keep writes inside directories owned by the plugin or WordPress uploads.
  • Never write PHP code from user input or remote responses.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#151NinjaFirewall (WP Edition) – Advanced Security Plugin and Firewall221,2662,059100k+Non-prefixed global variable
#152NinjaScanner – Virus & Malware scan2259655130k+Non-prefixed global variable
#153oik224891802k+Non Singular String Literal Domain
#154Packeta228013338k+Exception output is not escaped
#155PDF Builder for WPForms22321266900SQL query is not prepared
#156Smart Popup by Supsystic223,17250310k+Non Singular String Literal Domain
#157Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App221,5812,326300k+Non-prefixed global variable
#158Prime Mover – Migrate WordPress Website & Backups221,3261,60010k+Non-prefixed global variable
#159Product Catalog Feed by PixelYourSite225813578k+Output is not escaped
#160PageSpeed Ninja – Cache, Minify, Defer CSS JavaScript, Critical CSS, Optimize Images, Convert WebP229844075k+Unsafe printing function
#161RealPress – Real Estate Plugin226041,167500Non-prefixed global variable
#162Social Sharing Plugin – Sassy Social Share221,689233100k+wp function not compatible with requires wp
#163Seraphinite Accelerator2259425550k+Output is not escaped
#164ShortPixel Image Optimizer – Optimize Images, Convert WebP & AVIF221,044799300k+Non-prefixed global variable
#165Simple Job Board226341,35510k+Non-prefixed global variable
#166Slim Jetpack222,5861,9472k+Text Domain Mismatch
#167SNS Count Cache229181208k+Non Singular String Literal Domain
#168SportsPress – Sports Club & League Manager224602,24210k+Non-prefixed global variable
#169SSL Zen — SSL Certificate Installer & HTTPS Redirects227851,58810k+Non-prefixed global variable
#170Stylish Price List – Price Table Builder & QR Code Restaurant Menu226746783k+Output is not escaped
#171Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent222255198k+error log error log
#172The Moneytizer227512711k+Text Domain Mismatch
#173Theme Editor2279868550k+Output is not escaped
#174Customize Feeds for Twitter22921714k+Non-prefixed global variable
#175RapidLoad AI – Optimize Web Vitals Automatically2281840700Nonce verification recommended
#176Search & Replace Everything – Quick and Easy Way to Find and Replace Text, Links221,0441,79720k+Non-prefixed global variable
#177UpStream: a Project Management Plugin for WordPress22683703600Non-prefixed global variable
#178URL Shortify – Simple and Easy URL Shortener221,5202,68910k+Non-prefixed global variable
#179Welcart e-Commerce2210,37810,93110k+Text Domain Mismatch
#180UserFeedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds22444243200k+Text Domain Mismatch
#181WCFM – Frontend Manager for WooCommerce224,7545,05420k+Non-prefixed global variable
#182WCFM Marketplace – Multivendor Marketplace for WooCommerce221,9341,96610k+Non-prefixed global variable
#183WCFM Membership – WooCommerce Memberships for Multivendor Marketplace2255967510k+Non-prefixed global variable
#184Wenprise WeChatPay Payment Gateway For WooCommerce22443178400Exception output is not escaped
#185WooCommerce221,3596,1727m+Non-prefixed global variable
#186Simple Shopping Cart2279653610k+Unsafe printing function
#187ManageWP Worker225075651m+Non-prefixed class
#188WP Easy Pay – Payment and Donation form Builder for Square229101,8351k+Non-prefixed global variable
#189WP Express Checkout (Fast Payments via PayPal & Stripe)225916271k+Output is not escaped
#190File Manager227405201m+Unsafe printing function
#191WP Fusion Lite – Marketing Automation and CRM Integration for WordPress222756835k+Nonce verification recommended
#192WP Umbrella: Update Backup Restore & Monitoring2291891670k+Exception output is not escaped
#193Wp-Insert2226730110k+Output is not escaped
#194AidWP – Donation & Payment Forms (Stripe Powered)221,3171,675800Non-prefixed global variable
#195WP Super Minify • Minify, Compress and Cache HTML, CSS & JavaScript221642579k+Non-prefixed constant
#196NotifSMS – SMS Notifications OTP & 2FA for WordPress & WooCommerce221,3531,4122k+Non-prefixed global variable
#197WP-WebAuthn229573962k+Exception output is not escaped
#198WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell225,9962,7905k+Text Domain Mismatch
#199WPSSO Core – Complete Schema Markup and Meta Tags221,4074125k+Missing Translators Comment
#200YaySMTP – WP Mail SMTP with Email Logs, Tracking & Reports2265443510k+Exception output is not escaped