WordPress.WP.AlternativeFunctions.file_system_operations_is_writeable
file system operations is writeable
The plugin performs filesystem work with raw PHP functions where WordPress expects safer filesystem handling.
Why It Shows Up
Plugin Check found functions such as `fopen`, `fwrite`, `chmod`, `mkdir`, `readfile`, or related operations.
Why It Matters
WordPress sites can use different filesystem permissions and transports. Raw filesystem calls can fail on common hosts or write to unsafe locations.
How to Fix
- Use WordPress filesystem helpers when writing, reading, or changing files in plugin-managed paths.
- Validate paths and keep writes inside directories owned by the plugin or WordPress uploads.
- Never write PHP code from user input or remote responses.
References
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #51 | Multilanguage by BestWebSoft – WordPress Translation Plugin and Language Switcher | 27 | 465 | 345 | 3k+ | Text Domain Mismatch | ||
| #52 | WP Hide & Security Enhancer | 27 | 124 | 375 | 50k+ | Input is not sanitized | ||
| #53 | Contact Form by BestWebSoft – Advanced WP Contact Form Builder for WordPress | 28 | 465 | 338 | 30k+ | Text Domain Mismatch | ||
| #54 | WP Synchro – The Ultimate WordPress Migration Tool | 28 | 243 | 244 | 2k+ | Missing Translators Comment | ||
| #55 | DoLogin Security | 29 | 312 | 305 | 7k+ | Output is not escaped | ||
| #56 | reCaptcha by BestWebSoft | 29 | 474 | 272 | 100k+ | Text Domain Mismatch | ||
| #57 | SmartCrawl SEO checker, analyzer & optimizer | 30 | 347 | 1,307 | 20k+ | Non-prefixed global variable | ||
| #58 | User Role by BestWebSoft – Add and Customize Roles and Capabilities in WordPress | 30 | 484 | 280 | 3k+ | Text Domain Mismatch | ||
| #59 | Titan Anti-spam & Security – Brute Force Protection, 2FA & Spam Filter | 31 | 57 | 196 | 50k+ | Nonce verification recommended | ||
| #60 | FastDup – Fastest WordPress Migration & Duplicator | 31 | 83 | 66 | 5k+ | wp function not compatible with requires wp | ||
| #61 | User Spam Remover | 31 | 115 | 14 | 1k+ | Output is not escaped | ||
| #62 | Pagination by BestWebSoft – Customizable WordPress Content Splitter and Navigation Plugin | 32 | 446 | 173 | 5k+ | Text Domain Mismatch | ||
| #63 | Secure Client Portal and Private File Sharing Plugin – User Private Files | 32 | 183 | 510 | 1k+ | Non-prefixed global variable | ||
| #64 | One User Avatar | User Profile Picture | 34 | 68 | 190 | 100k+ | Non-prefixed global variable | ||
| #65 | Elementor Website Builder – more than just a page builder | 35 | 46 | 428 | 10m+ | Non-prefixed global variable | ||
| #66 | Enlighter – Customizable Syntax Highlighter | 35 | 50 | 10 | 10k+ | Output is not escaped | ||
| #67 | Less PHP Compiler | 35 | 163 | 47 | 3k+ | Exception output is not escaped | ||
| #68 | NS Cloner – Site Copier | 35 | 29 | 16 | 7k+ | Missing direct file access protection | ||
| #69 | String locator | 35 | 52 | 319 | 100k+ | Non-prefixed global variable | ||
| #70 | WP-Paginate | 35 | 37 | 55 | 20k+ | Input is not validated | ||
| #71 | Custom PHP Settings | 36 | 153 | 76 | 10k+ | Output is not escaped | ||
| #72 | Video Thumbnails Reloaded | 36 | 343 | 58 | 2k+ | Text Domain Mismatch | ||
| #73 | Export Themes | 36 | 122 | 90 | 2k+ | Non-prefixed constant | ||
| #74 | WP Header Images | 36 | 174 | 133 | 6k+ | Unsafe printing function | ||
| #75 | WP Mail SMTP by WPForms – The Most Popular SMTP and Email Log Plugin | 36 | 18 | 146 | 4m+ | Direct Query | ||
| #76 | Payment Button for PayPal | 36 | 155 | 86 | 4k+ | Unsafe printing function | ||
| #77 | WP Safe Mode | 38 | 95 | 55 | 2k+ | Output is not escaped | ||
| #78 | Multiple Themes | 41 | 112 | 41 | 10k+ | Output is not escaped | ||
| #79 | Updater by BestWebSoft | 46 | 494 | 219 | 2k+ | Text Domain Mismatch | ||
| #80 | PDF Invoices & Packing Slips for WooCommerce – Challan | 49 | 56 | 151 | 3k+ | Non-prefixed global variable | ||
| #81 | Quotes and Tips by BestWebSoft | 51 | 485 | 190 | 1k+ | Text Domain Mismatch | ||
| #82 | Debug This | 52 | 43 | 32 | 2k+ | Missing Translators Comment | ||
| #83 | Error Log Viewer by BestWebSoft | 58 | 433 | 172 | 6k+ | Text Domain Mismatch | ||
| #84 | Easy SSL Plugin for SAKURA Rental Server | 62 | 23 | 17 | 50k+ | Input is not sanitized | ||
| #85 | OptionTree | 93 | 165 | 2 | 50k+ | Text Domain Mismatch |
