WordPress.WP.AlternativeFunctions.file_system_operations_is_writable

file system operations is writable

The plugin performs filesystem work with raw PHP functions where WordPress expects safer filesystem handling.

medium weight

Why It Shows Up

Plugin Check found functions such as `fopen`, `fwrite`, `chmod`, `mkdir`, `readfile`, or related operations.

Why It Matters

WordPress sites can use different filesystem permissions and transports. Raw filesystem calls can fail on common hosts or write to unsafe locations.

How to Fix

Use WordPress filesystem helpers when writing, reading, or changing files in plugin-managed paths.
Validate paths and keep writes inside directories owned by the plugin or WordPress uploads.
Never write PHP code from user input or remote responses.

References

WordPress Filesystem API

Affected Plugins

Rank	Plugin	Score	Errors	Warnings	Installs	Updated	Top Issue
#101	Autoptimize	23	288	191	800k+	3 months ago	Output is not escaped
#102	Kadence Security – Password, Two Factor Authentication, and Brute Force Protection	23	1,053	967	700k+	25 days ago	Missing Translators Comment
#103	Cart Notices for WooCommerce	23	650	471	2k+	27 days ago	Text Domain Mismatch
#104	WPBot – AI ChatBot for Live Support, Lead Generation, AI Services	23	264	1,038	5k+	today	Non-prefixed global variable
#105	CleanTalk Anti-Spam. Spam Firewall & Bot protection	23	826	1,078	200k+	4 days ago	Missing nonce verification
#106	Content Egg – Affiliate Product Importer & Price Comparison	23	1,231	1,257	10k+	yesterday	Non-prefixed global variable
#107	DK PDF – WordPress PDF Generator	23	744	335	3k+	5 months ago	Exception output is not escaped
#108	Easy Digital Downloads – eCommerce Payments and Subscriptions made easy	23	3,723	10,283	40k+	4 days ago	Non-prefixed namespace
#109	Error Log Monitor	23	694	1,414	20k+	9 months ago	Non-prefixed global variable
#110	Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder with AI	23	395	1,342	90k+	4 days ago	Non-prefixed global variable
#111	Export WordPress Pages to Static HTML & PDF — Static Site Export	23	490	301	5k+	3 months ago	Text Domain Mismatch
#112	Ezoic	23	432	516	10k+	5 days ago	Output is not escaped
#113	Fuse Social Floating Sidebar	23	1,840	1,573	10k+	11 months ago	Non-prefixed global variable
#114	Futurio Extra	23	787	205	20k+	4 months ago	Text Domain Mismatch
#115	Gmedia Photo Gallery	23	350	1,121	7k+	5 months ago	Non-prefixed global variable
#116	Interactive Content – H5P	23	565	380	40k+	1 month ago	Non Singular String Literal Domain
#117	Payment forms, Buy now buttons, and Invoicing System \| GetPaid	23	370	1,258	5k+	4 days ago	Non-prefixed global variable
#118	Masteriyo LMS – LMS Course Builder, Quizzes & Certificates	23	197	1,748	5k+	1 month ago	Non-prefixed global variable
#119	Link Whisper Free	23	3,882	5,303	30k+	21 days ago	Text Domain Mismatch
#120	MailPoet – Newsletters, Email Marketing, and Automation	23	858	711	500k+	5 days ago	Exception output is not escaped
#121	MasterStudy LMS WordPress Plugin – for Online Courses and Education	23	1,419	4,875	10k+	4 days ago	Non-prefixed global variable
#122	MaxButtons – Create buttons	23	655	409	70k+	9 months ago	Output is not escaped
#123	Media Library Assistant	23	1,144	3,943	70k+	14 days ago	Nonce verification recommended
#124	MPG – Multiple Page Generator, Bulk Landing Pages & Programmatic SEO	23	488	580	2k+	1 month ago	Missing nonce verification
#125	Next Active Directory Integration	23	683	284	2k+	1 month ago	Exception output is not escaped
#126	NitroPack – Performance, Page Speed & Cache Plugin for Core Web Vitals, CDN & Image Optimization	23	315	631	100k+	7 days ago	Output is not escaped
#127	Patchstack – WordPress & Plugins Security	23	107	489	40k+	2 months ago	Missing nonce verification
#128	Postie	23	407	261	10k+	5 months ago	Output is not escaped
#129	PowerPress Podcasting plugin by Blubrry	23	4,807	2,394	20k+	5 days ago	Output is not escaped
#130	Pricing Table by Supsystic	23	1,299	447	10k+	22 days ago	Non Singular String Literal Domain
#131	Product Watermark for WooCommerce	23	696	457	2k+	27 days ago	Output is not escaped
#132	Real 3D Flipbook – 3D FlipBook, PDF FlipBook, PDF Viewer, PDF Embedder	23	856	1,365	10k+	4 months ago	Non-prefixed global variable
#133	Robo Gallery – Photo & Image Slider	23	1,291	530	40k+	26 days ago	Output is not escaped
#134	Local Google Analytics for WordPress – caches external requests	23	551	199	3k+	8 months ago	Output is not escaped
#135	Slider Hero with Video Background, Animation	23	1,565	1,253	3k+	3 days ago	Text Domain Mismatch
#136	Smart Slider 3	23	261	268	800k+	25 days ago	Non-prefixed global variable
#137	SiteOrigin Widgets Bundle	23	607	455	400k+	1 month ago	Output is not escaped
#138	Strong Testimonials	23	192	393	90k+	1 month ago	Nonce verification recommended
#139	The Events Calendar	23	3,512	3,848	700k+	3 days ago	Text Domain Mismatch
#140	Travelpayouts	23	769	110	6k+	4 months ago	Output is not escaped
#141	UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP	23	695	2,434	20k+	10 days ago	Non-prefixed hook name
#142	Cart PDF for WooCommerce	23	531	172	1k+	11 months ago	Exception output is not escaped
#143	WHMCS Bridge	23	247	472	4k+	4 years ago	Nonce verification recommended
#144	Worth The Read	23	873	138	3k+	2 years ago	Text Domain Mismatch
#145	WP BackItUp Community Edition	23	257	989	6k+	5 months ago	Non-prefixed global variable
#146	Clone	23	244	262	40k+	8 months ago	Output is not escaped
#147	WP Compress – Instant Performance & Speed Optimization	23	3,053	2,384	10k+	2 months ago	Non Singular String Literal Domain
#148	WP Editor	23	502	335	20k+	3 months ago	Unsafe printing function
#149	WP Migrate Lite – Migration Made Easy	23	368	254	200k+	20 days ago	Exception output is not escaped
#150	Shield Security – Smart Bot Blocking, Brute-Force Login Protection & File Scanning	23	1,118	202	40k+	13 days ago	Missing Translators Comment