WordPress.WP.AlternativeFunctions.file_system_operations_fwrite

file system operations fwrite

The plugin performs filesystem work with raw PHP functions where WordPress expects safer filesystem handling.

medium weight

Why It Shows Up

Plugin Check found functions such as `fopen`, `fwrite`, `chmod`, `mkdir`, `readfile`, or related operations.

Why It Matters

WordPress sites can use different filesystem permissions and transports. Raw filesystem calls can fail on common hosts or write to unsafe locations.

How to Fix

  • Use WordPress filesystem helpers when writing, reading, or changing files in plugin-managed paths.
  • Validate paths and keep writes inside directories owned by the plugin or WordPress uploads.
  • Never write PHP code from user input or remote responses.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#601Shariff Wrapper323340430k+Non-prefixed global variable
#602System Dashboard32912051k+Request data is not unslashed
#603TK Google Fonts GDPR Compliant32582341k+Output is not escaped
#604WP 2-step verification32154651k+Output is not escaped
#605WP Bannerize Pro32281216800Text Domain Mismatch
#606Advanced Custom Fields: Typography Field33445574k+Text Domain Mismatch
#607Affiliate Program & Referral Tracking for WooCommerce & WordPress – Affilia3380172600Nonce verification recommended
#608Cargus334864700Input is not sanitized
#609Century ToolKit3311878800Output is not escaped
#610Contact List – Online Staff Directory & Address Book331183421k+Nonce verification recommended
#611Human Presence – Stop Form Spam Without ReCaptcha3354651k+Request data is not unslashed
#612Gallery Custom Links33646230k+Non Singular String Literal Domain
#613IP2Location Redirection331941158k+Output is not escaped
#614Janolaw AGB Hosting33198111k+Short PHP open tag found
#615LWSCache33471046k+Non-prefixed global variable
#616Merge + Minify + Refresh3378264k+date date
#617More Types33227198800Non-prefixed global variable
#618PeproDev WooCommerce Receipt Uploader33325491k+Non Singular String Literal Domain
#619Picture Gallery – Frontend Image Uploads, AJAX Photo List33112150400Request data is not unslashed
#620QNAP NAS Backup33374702k+Non Singular String Literal Domain
#621Social Rocket – Social Sharing Plugin331,0162551k+Unsafe printing function
#622Multi-Carrier EasyPost Shipping Methods & Address Validation for WooCommerce3342469400Non Singular String Literal Domain
#623Multi-Carrier Shippo Shipping Rates & Address Validation for WooCommerce33411733k+Non Singular String Literal Domain
#624PostNL for WooCommerce335981083k+Text Domain Mismatch
#625EasyMedia – Increase Media Upload File Size | Role-Based Upload Limit | Increase Execution Time338213870k+Non-prefixed global variable
#626WPReplace内容字符替换插件33209195800Non Singular String Literal Domain
#627XML Sitemaps3365622k+Output is not escaped
#628Advanced Custom Fields: reCAPTCHA Field3410453800Text Domain Mismatch
#629affiliate-toolkit – Multi-Network Affiliate & Amazon Product Display34326752k+Output is not escaped
#630All-in-One WP Migration and Backup3447695m+Missing nonce verification
#631AyeCode Connect3417825310k+Nonce verification recommended
#632Clean Testimonials3412787400Output is not escaped
#633Dr. Flex3483511k+Output is not escaped
#634Export Customers Data3410949500Text Domain Mismatch
#635FV Gravatar Cache345042700Output is not escaped
#636Garden Gnome Package34116514k+Text Domain Mismatch
#637Geolocation IP Detection3422716720k+Output is not escaped
#638Image Cleanup3452941k+Nonce verification recommended
#639IP2Location Country Blocker342958830k+Output is not escaped
#640Lenix Leads Collector3441424210k+Text Domain Mismatch
#641MantraBrain Starter Sites | MantraBrain Theme Demo Importer34117611k+Output is not escaped
#642Meow Analytics (Google Analytics)348054400Output is not escaped
#643Meow Lightbox34775210k+Non Singular String Literal Domain
#644NextGEN Gallery Optimizer34128922k+Output is not escaped
#645Meta pixel for WordPress349138400k+Exception output is not escaped
#646Child Theme Creator by Orbisius34863910k+Output is not escaped
#647OwnerRez347956700Unsafe printing function
#648PDF Invoices and Packing Slips For WooCommerce341082841k+Non-prefixed global variable
#649Redirection34322932m+Non-prefixed class
#650Software License Manager3469289900Nonce verification recommended