WordPress.WP.AlternativeFunctions.file_system_operations_mkdir

file system operations mkdir

The plugin performs filesystem work with raw PHP functions where WordPress expects safer filesystem handling.

medium weight

Why It Shows Up

Plugin Check found functions such as `fopen`, `fwrite`, `chmod`, `mkdir`, `readfile`, or related operations.

Why It Matters

WordPress sites can use different filesystem permissions and transports. Raw filesystem calls can fail on common hosts or write to unsafe locations.

How to Fix

Use WordPress filesystem helpers when writing, reading, or changing files in plugin-managed paths.
Validate paths and keep writes inside directories owned by the plugin or WordPress uploads.
Never write PHP code from user input or remote responses.

References

WordPress Filesystem API

Affected Plugins

Rank	Plugin	Score	Errors	Warnings	Installs	Added	Updated	Top Issue
#301	CSS & JavaScript Toolbox	25	155	617	10k+	15 years ago	8 months ago	Non-prefixed class
#302	DecaLog	25	943	236	1k+	7 years ago	3 months ago	Exception output is not escaped
#303	Disable Admin Notices – Hide Dashboard Notifications	25	465	195	100k+	8 years ago	1 month ago	Output is not escaped
#304	Docket Cache – Object Cache Accelerator	25	333	481	20k+	6 years ago	28 days ago	Output is not escaped
#305	F4 Post Tree	25	536	1,332	500	7 years ago	25 days ago	Non-prefixed global variable
#306	FluentCart A New Era of eCommerce – Faster, Lighter, and Simpler	25	319	466	7k+	9 months ago	6 days ago	Non-prefixed global variable
#307	WP Fast Total Search – The Power of Indexed Search	25	209	291	1k+	11 years ago	4 days ago	Non-prefixed global variable
#308	Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported)	25	50	1,043	1k+	8 years ago	11 days ago	Non-prefixed global variable
#309	Site Kit by Google – Analytics, Search Console, AdSense, Speed	25	1,304	242	5m+	7 years ago	yesterday	Missing direct file access protection
#310	Sitemap by BestWebSoft – WordPress XML Site Map Page Generator Plugin	25	608	207	20k+	14 years ago	2 months ago	Text Domain Mismatch
#311	Hardcore Google Fonts Localizer	25	331	261	900	8 years ago	5 years ago	Text Domain Mismatch
#312	Infinite Uploads – Offload Media and Video to Cloud Storage	25	579	720	800	5 years ago	19 days ago	Direct Query
#313	IP Locator	25	482	211	600	6 years ago	3 months ago	Text Domain Mismatch
#314	LWS Optimize – All-in-One Speed Booster & Cache Tools	25	430	764	20k+	4 years ago	15 days ago	Non-prefixed global variable
#315	MaxButtons – Create buttons	25	626	404	70k+	15 years ago	4 days ago	Output is not escaped
#316	Media Cloud Sync	25	1,095	274	1k+	2 years ago	23 days ago	Exception output is not escaped
#317	MyFatoorah – WooCommerce	25	191	89	3k+	5 years ago	4 months ago	Output is not escaped
#318	Nexter Extension – Security, Performance, Code Snippets & Site Toolkit	25	198	710	10k+	5 years ago	today	Nonce verification recommended
#319	NotificationX – FOMO, Live Sales Notification, WooCommerce Sales Popup, GDPR, Social Proof, Announcement Banner & Floating Notification Bar	25	257	400	40k+	7 years ago	6 days ago	Non-prefixed hook name
#320	PDF Importer for WPForms	25	332	329	400	6 years ago	12 days ago	Non-prefixed global variable
#321	PDF & Print by BestWebSoft – WordPress Posts and Pages PDF Generator Plugin	25	1,084	1,296	9k+	13 years ago	2 months ago	Non-prefixed global variable
#322	phpinfo() WP — Site Health, PHP Compatibility & Server Audit	25	276	704	3k+	5 years ago	15 days ago	Non-prefixed global variable
#323	Piotnet Forms	25	187	374	3k+	6 years ago	2 years ago	Alternative PHP tag found
#324	QuadMenu – Mega Menu	25	2,128	455	10k+	8 years ago	2 days ago	Output is not escaped
#325	reSmush.it : The original free image compressor and optimizer plugin	25	155	69	100k+	10 years ago	14 days ago	Output is not escaped
#326	BerqWP – All-In-One Optimization for Core Web Vitals, Cache, CDN, Images, CSS & JavaScript	25	198	501	3k+	4 years ago	3 days ago	Non-prefixed global variable
#327	SEO Repair Kit – Meta Manager, Schema Manager, SEO Content Monitoring, GSC Integration, Keyword & Rank Tracking	25	196	902	2k+	2 years ago	1 month ago	Direct Query
#328	STAGGS – Product Configurator Toolkit	25	626	2,180	400	4 years ago	13 days ago	Non-prefixed global variable
#329	Stylish Cost Calculator – Quote Generator, Lead Gen & Price Estimator	25	648	1,021	1k+	8 years ago	7 days ago	Output is not escaped
#330	SupportCandy – Helpdesk & Customer Support Ticket System	25	434	1,357	10k+	8 years ago	26 days ago	Direct Query
#331	Tamara Checkout	25	601	228	2k+	6 years ago	10 days ago	Exception output is not escaped
#332	Taskbuilder – Project Management & Task Management Tool With Kanban Board	25	127	4,332	800	5 years ago	12 days ago	Non-prefixed global variable
#333	TemplateSpare – 1000+ WordPress Starter Templates & Full Site Migration Tool \| 1-Click Import/Export & No-Code Builder	25	705	1,587	10k+	3 years ago	18 days ago	Non-prefixed global variable
#334	Ultimate Blocks – 25+ Gutenberg Blocks for Block Editor	25	690	1,581	50k+	8 years ago	1 month ago	Non-prefixed global variable
#335	Broadcast Live Video – Live Streaming : WebRTC, HLS, RTSP, RTMP	25	298	1,010	500	17 years ago	6 days ago	Request data is not unslashed
#336	VikAppointments Services Booking Calendar	25	9,753	5,207	500	7 years ago	1 month ago	Output is not escaped
#337	VikBooking Hotel Booking Engine & PMS	25	13,232	8,312	8k+	8 years ago	14 days ago	Output is not escaped
#338	VikRentCar Car Rental Management System	25	5,537	5,048	4k+	7 years ago	1 month ago	Non-prefixed global variable
#339	VikRestaurants Table Reservations and Take-Away	25	11,644	4,932	600	6 years ago	1 month ago	Output is not escaped
#340	PDF Builder for WooCommerce. Create invoices,packing slips and more	25	372	503	2k+	9 years ago	12 days ago	Non-prefixed global variable
#341	Pay with Vipps and MobilePay for WooCommerce	25	846	514	5k+	8 years ago	6 days ago	Output is not escaped
#342	Super Page Cache – Cloudflare Cache, Page Speed & Core Web Vitals	25	137	353	60k+	7 years ago	1 month ago	Input is not sanitized
#343	WP Data Access – App Builder for Tables, Forms, Charts, Maps & Dashboards	25	1,431	1,270	10k+	9 years ago	5 days ago	Output is not escaped
#344	WP-DownloadManager	25	607	508	3k+	19 years ago	5 months ago	Unsafe printing function
#345	WP Review Slider	25	1,186	2,279	6k+	9 years ago	25 days ago	Non-prefixed global variable
#346	WP Go Maps – Google Map, OpenStreetMap, Leaflet Map	25	4,996	1,008	300k+	14 years ago	13 days ago	Unsafe printing function
#347	WP Encryption – No.1 HTTPS plugin & One Click Free SSL Cert, HTTPS Redirect, Security	25	727	1,554	50k+	7 years ago	yesterday	Non-prefixed global variable
#348	SlimStat Analytics	25	1,177	870	70k+	16 years ago	6 days ago	Exception output is not escaped
#349	Smush – Image Optimization, Compression, Lazy Load, WebP & CDN	25	252	566	1m+	18 years ago	8 days ago	Non-prefixed hook name
#350	WP Super Cache	25	800	989	1m+	19 years ago	1 month ago	Output is not escaped