WordPress.WP.AlternativeFunctions.file_system_operations_is_writable

file system operations is writable

The plugin performs filesystem work with raw PHP functions where WordPress expects safer filesystem handling.

medium weight

Why It Shows Up

Plugin Check found functions such as `fopen`, `fwrite`, `chmod`, `mkdir`, `readfile`, or related operations.

Why It Matters

WordPress sites can use different filesystem permissions and transports. Raw filesystem calls can fail on common hosts or write to unsafe locations.

How to Fix

  • Use WordPress filesystem helpers when writing, reading, or changing files in plugin-managed paths.
  • Validate paths and keep writes inside directories owned by the plugin or WordPress uploads.
  • Never write PHP code from user input or remote responses.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#301GD Security Headers254075211k+Output is not escaped
#302Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported)25501,0431k+Non-prefixed global variable
#303WPBruiser {no- Captcha anti-Spam}2564625910k+Non Singular String Literal Domain
#304Site Kit by Google – Analytics, Search Console, AdSense, Speed251,3042425m+Missing direct file access protection
#305Sitemap by BestWebSoft – WordPress XML Site Map Page Generator Plugin2560820720k+Text Domain Mismatch
#306Hardcore Google Fonts Localizer25331261800Text Domain Mismatch
#307HT Contact Form – Drag & Drop Form Builder for WordPress2516059410k+Non-prefixed global variable
#308Independent Analytics – WordPress Analytics Plugin251,1482,293100k+Non-prefixed global variable
#309Index WP MySQL For Speed2525025550k+Output is not escaped
#310Infinite Uploads – Offload Media and Video to Cloud Storage25579720800Direct Query
#311IP Location Block2552162410k+Output is not escaped
#312JobWP – Job Board, Job Listing, Career Page and Recruitment Plugin251,5411,5781k+Non-prefixed global variable
#313Loginizer258145041m+Output is not escaped
#314LWS Optimize – All-in-One Speed Booster & Cache Tools2543076420k+Non-prefixed global variable
#315MaxButtons – Create buttons2562640470k+Output is not escaped
#316Media Cloud Sync251,0952741k+Exception output is not escaped
#317MyFatoorah – WooCommerce25191892k+Output is not escaped
#318Nexter Extension – Security, Performance, Code Snippets & Site Toolkit2519871210k+Nonce verification recommended
#319PDF Importer for WPForms25332329400Non-prefixed global variable
#320PDF & Print by BestWebSoft – WordPress Posts and Pages PDF Generator Plugin251,0841,2969k+Non-prefixed global variable
#321phpinfo() WP — Site Health, PHP Compatibility & Server Audit252767043k+Non-prefixed global variable
#322Piotnet Forms251873743k+Alternative PHP tag found
#323reSmush.it : The original free image compressor and optimizer plugin2515569100k+Output is not escaped
#324BerqWP – All-In-One Optimization for Core Web Vitals, Cache, CDN, Images, CSS & JavaScript251985014k+Non-prefixed global variable
#325SEO Repair Kit – Meta Manager, Schema Manager, SEO Content Monitoring, GSC Integration, Keyword & Rank Tracking251969022k+Direct Query
#326Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin2596073860k+Text Domain Mismatch
#327Simply Static – The Static Site Generator2516544830k+Non-prefixed hook name
#328Sitemap by click5252861326k+Unsafe printing function
#329Tamara Checkout256012282k+Exception output is not escaped
#330Taskbuilder – Project Management & Task Management Tool With Kanban Board251274,332800Non-prefixed global variable
#331Toocheke Companion254091,1131k+Non-prefixed global variable
#332TrackShip for WooCommerce254219576k+Non-prefixed global variable
#333Ultimate Blocks – 25+ Gutenberg Blocks for Block Editor256911,58150k+Non-prefixed global variable
#334Ultimate Post Kit Addons for Elementor2518241230k+Missing nonce verification
#335Broadcast Live Video – Live Streaming : WebRTC, HLS, RTSP, RTMP25205959500Request data is not unslashed
#336VikBooking Hotel Booking Engine & PMS2513,2448,3148k+Output is not escaped
#337VikRentCar Car Rental Management System255,5375,0484k+Non-prefixed global variable
#338Advanced Shipment Tracking for WooCommerce2550172460k+Non-prefixed global variable
#339PDF Builder for WooCommerce. Create invoices,packing slips and more253725032k+Non-prefixed global variable
#340Pay with Vipps and MobilePay for WooCommerce258465145k+Output is not escaped
#341Analytify – Google Analytics Dashboard For WordPress (GA4 analytics tracking)2516929520k+Non-prefixed global variable
#342Super Page Cache – Cloudflare Cache, Page Speed & Core Web Vitals2513735360k+Input is not sanitized
#343WP-DownloadManager256075083k+Unsafe printing function
#344WP Encryption – No.1 HTTPS plugin & One Click Free SSL Cert, HTTPS Redirect, Security257271,55450k+Non-prefixed global variable
#345SlimStat Analytics251,17787070k+Exception output is not escaped
#346Smush – Image Optimization, Compression, Lazy Load, WebP & CDN252525661m+Non-prefixed hook name
#347WPvivid — Backup, Migration & Staging258991,461900k+Non-prefixed namespace
#348Backup, Restore and Migrate your sites with XCloner2523886410k+Input is not sanitized
#349ActiveCampaign for WooCommerce265411906k+Exception output is not escaped
#350Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More269727010k+error log error log