WordPress.WP.AlternativeFunctions.file_system_operations_readfile

file system operations readfile

The plugin performs filesystem work with raw PHP functions where WordPress expects safer filesystem handling.

medium weight

Why It Shows Up

Plugin Check found functions such as `fopen`, `fwrite`, `chmod`, `mkdir`, `readfile`, or related operations.

Why It Matters

WordPress sites can use different filesystem permissions and transports. Raw filesystem calls can fail on common hosts or write to unsafe locations.

How to Fix

  • Use WordPress filesystem helpers when writing, reading, or changing files in plugin-managed paths.
  • Validate paths and keep writes inside directories owned by the plugin or WordPress uploads.
  • Never write PHP code from user input or remote responses.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#301Download Media Library4922401k+Text Domain Mismatch
#302Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE5434493300k+Offloaded Content
#303Yeloni Exit Popup | (Free) GDPR Compliance544112700Output is not escaped
#304REVIEWS.io for WooCommerce58711611k+Non-prefixed global variable
#305flowpaper59133110k+Non-prefixed function
#306AAM Protected Media Files621310600Direct Query
#307WP Downloader6211152k+Output is not escaped
#308Wp Theme plugin Download6211162k+Output is not escaped
#309Download Theme6418204k+wp function not compatible with requires wp
#310AC Advanced Flamingo Settings66632700Nonce verification recommended
#311Raptive Ads6635296k+Text Domain Mismatch
#312Easy PHP Settings6634481k+Missing Translators Comment
#313Falcon – WordPress Optimizations & Tweaks6929212k+Short PHP open tag found
#314Ghost702512600Output is not escaped
#315blueimp lightbox751921k+Output is not escaped
#316RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator773728240k+Non-prefixed global variable
#317Uptime Monitoring for WordPress – My Website is Online78187500Text Domain Mismatch
#318Cachify849369k+Non-prefixed global variable
#319Verify domain for Apple Pay with Stripe9232600Input is not sanitized
#320KP Zip Downloader99203k+file system operations readfile