WordPress.WP.AlternativeFunctions.file_system_operations_readfile

file system operations readfile

The plugin performs filesystem work with raw PHP functions where WordPress expects safer filesystem handling.

medium weight

Why It Shows Up

Plugin Check found functions such as `fopen`, `fwrite`, `chmod`, `mkdir`, `readfile`, or related operations.

Why It Matters

WordPress sites can use different filesystem permissions and transports. Raw filesystem calls can fail on common hosts or write to unsafe locations.

How to Fix

Use WordPress filesystem helpers when writing, reading, or changing files in plugin-managed paths.
Validate paths and keep writes inside directories owned by the plugin or WordPress uploads.
Never write PHP code from user input or remote responses.

References

WordPress Filesystem API

Affected Plugins

Rank	Plugin	Score	Errors	Warnings	Installs	Added	Updated	Top Issue
#151	Jetpack CRM – Clients, Leads, Invoices, Billing, Email Marketing, & Automation	24	1,211	3,152	30k+	10 years ago	1 month ago	Non-prefixed global variable
#152	Advanced WordPress Reset – Debug, Recover & Reset WP	25	475	464	20k+	10 years ago	29 days ago	Output is not escaped
#153	AIO Forms – Craft Complex Forms Easily	25	189	418	700	5 years ago	5 days ago	Mixed line endings
#154	Appointment Booking Calendar	25	327	1,070	1k+	14 years ago	8 days ago	Non-prefixed global variable
#155	Appointment Hour Booking – Booking Calendar	25	261	1,254	10k+	9 years ago	15 days ago	Non-prefixed global variable
#156	ATUM WooCommerce Inventory Management and Stock Tracking	25	2,638	1,304	10k+	9 years ago	2 months ago	Non Singular String Literal Domain
#157	Beaver Builder Page Builder – Drag and Drop Website Builder	25	4,463	1,819	100k+	12 years ago	22 days ago	Text Domain Mismatch
#158	Booking Package	25	1,700	3,977	10k+	8 years ago	6 days ago	Missing nonce verification
#159	BuddyPress Docs	25	284	421	7k+	15 years ago	3 months ago	Nonce verification recommended
#160	Colissimo shipping methods for WooCommerce	25	1,755	557	10k+	6 years ago	13 days ago	Text Domain Mismatch
#161	Contact Form Email	25	409	898	9k+	13 years ago	1 month ago	Non-prefixed global variable
#162	CP Contact Form with PayPal	25	466	936	800	14 years ago	1 month ago	Unsafe printing function
#163	Smash Balloon Social Post Feed – Simple Social Feeds for WordPress	25	554	982	200k+	13 years ago	20 days ago	Output is not escaped
#164	Docket Cache – Object Cache Accelerator	25	333	481	20k+	6 years ago	28 days ago	Output is not escaped
#165	FluentCart A New Era of eCommerce – Faster, Lighter, and Simpler	25	319	466	7k+	9 months ago	6 days ago	Non-prefixed global variable
#166	GD Rating System	25	1,511	1,043	1k+	11 years ago	2 months ago	Output is not escaped
#167	GD Security Headers	25	407	521	1k+	7 years ago	2 months ago	Output is not escaped
#168	Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation	25	789	313	30k+	11 years ago	15 days ago	Text Domain Mismatch
#169	Team Members – A WordPress Team Plugin with Gallery, Grid, Carousel, Slider, Table, List, and More	25	1,786	2,220	2k+	10 years ago	6 days ago	Non-prefixed global variable
#170	Solid Testimonials – Testimonial Slider, Video Testimonials & Customer Reviews	25	645	1,585	1k+	11 years ago	28 days ago	Non-prefixed global variable
#171	All-in-one Sticky Floating Contact Form, Call, Click to Chat, and 50+ Social Icon Tabs – My Sticky Elements	25	352	597	40k+	12 years ago	19 days ago	Non-prefixed global variable
#172	PDF Importer for WPForms	25	332	329	400	6 years ago	12 days ago	Non-prefixed global variable
#173	BerqWP – All-In-One Optimization for Core Web Vitals, Cache, CDN, Images, CSS & JavaScript	25	198	501	3k+	4 years ago	3 days ago	Non-prefixed global variable
#174	Secure Copy Content Protection and Content Locking	25	958	799	20k+	8 years ago	6 days ago	Output is not escaped
#175	SEO Repair Kit – Meta Manager, Schema Manager, SEO Content Monitoring, GSC Integration, Keyword & Rank Tracking	25	196	902	2k+	2 years ago	1 month ago	Direct Query
#176	TemplateSpare – 1000+ WordPress Starter Templates & Full Site Migration Tool \| 1-Click Import/Export & No-Code Builder	25	705	1,587	10k+	3 years ago	18 days ago	Non-prefixed global variable
#177	Toocheke Companion	25	409	1,113	1k+	7 years ago	6 days ago	Non-prefixed global variable
#178	Tourfic – AI Powered Travel Booking, Hotel Booking & Car Rental WordPress Plugin	25	119	2,700	2k+	5 years ago	6 days ago	Non-prefixed global variable
#179	Spectra Gutenberg Blocks – Website Builder for the Block Editor	25	253	3,227	1m+	8 years ago	1 month ago	Non-prefixed global variable
#180	VikAppointments Services Booking Calendar	25	9,753	5,207	500	7 years ago	1 month ago	Output is not escaped
#181	VikBooking Hotel Booking Engine & PMS	25	13,232	8,312	8k+	8 years ago	14 days ago	Output is not escaped
#182	PDF Builder for WooCommerce. Create invoices,packing slips and more	25	372	503	2k+	9 years ago	12 days ago	Non-prefixed global variable
#183	Super Page Cache – Cloudflare Cache, Page Speed & Core Web Vitals	25	137	353	60k+	7 years ago	1 month ago	Input is not sanitized
#184	WP-DownloadManager	25	607	508	3k+	19 years ago	5 months ago	Unsafe printing function
#185	WP Encryption – No.1 HTTPS plugin & One Click Free SSL Cert, HTTPS Redirect, Security	25	727	1,554	50k+	7 years ago	yesterday	Non-prefixed global variable
#186	Perfect Images: Regenerate Thumbnails, Image Sizes, WebP & AVIF	25	158	118	60k+	14 years ago	yesterday	Non-prefixed global variable
#187	SlimStat Analytics	25	1,177	870	70k+	16 years ago	6 days ago	Exception output is not escaped
#188	Smush – Image Optimization, Compression, Lazy Load, WebP & CDN	25	252	566	1m+	18 years ago	8 days ago	Non-prefixed hook name
#189	Wp Social Login and Register Social Counter	25	80	738	90k+	16 years ago	1 month ago	Non-prefixed global variable
#190	WP Statistics – Simple, privacy-friendly Google Analytics alternative	25	610	2,465	600k+	15 years ago	1 month ago	Non-prefixed global variable
#191	WP Time Slots Booking Form	25	439	1,137	1k+	8 years ago	6 days ago	Non-prefixed global variable
#192	WPvivid — Backup, Migration & Staging	25	899	1,461	900k+	7 years ago	6 days ago	Non-prefixed namespace
#193	Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button – Chaty	26	113	671	400k+	8 years ago	19 days ago	Non-prefixed global variable
#194	ezCache	26	127	269	10k+	7 years ago	yesterday	Direct Query
#195	MakeStories (for Google Web Stories)	26	117	416	600	8 years ago	2 years ago	Nonce verification recommended
#196	User Avatar	26	104	173	4k+	16 years ago	3 years ago	Non-prefixed constant
#197	Faktur Pro for WooCommerce	26	416	218	1k+	10 years ago	4 months ago	Text Domain Mismatch
#198	GSpeech TTS – WordPress Text To Speech Plugin	27	842	332	3k+	13 years ago	11 days ago	Output is not escaped
#199	Simple Download Monitor	27	218	273	20k+	17 years ago	12 days ago	Output is not escaped
#200	Transbank Webpay	27	198	211	10k+	6 years ago	2 months ago	Non-prefixed global variable