WordPress.WP.AlternativeFunctions.file_system_operations_touch

file system operations touch

The plugin performs filesystem work with raw PHP functions where WordPress expects safer filesystem handling.

medium weight

Why It Shows Up

Plugin Check found functions such as `fopen`, `fwrite`, `chmod`, `mkdir`, `readfile`, or related operations.

Why It Matters

WordPress sites can use different filesystem permissions and transports. Raw filesystem calls can fail on common hosts or write to unsafe locations.

How to Fix

  • Use WordPress filesystem helpers when writing, reading, or changing files in plugin-managed paths.
  • Validate paths and keep writes inside directories owned by the plugin or WordPress uploads.
  • Never write PHP code from user input or remote responses.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#51Export WordPress Pages to Static HTML & PDF — Static Site Export234903014k+Text Domain Mismatch
#52Fuse Social Floating Sidebar231,8401,57310k+Non-prefixed global variable
#53FV Flowplayer Video Player231,3111,45420k+Output is not escaped
#54Media Library Assistant231,1443,94370k+Nonce verification recommended
#55Next Active Directory Integration236832842k+Exception output is not escaped
#56NitroPack – Performance, Page Speed & Cache Plugin for Core Web Vitals, CDN & Image Optimization23316639100k+Output is not escaped
#57PowerPress Podcasting plugin by Blubrry234,8072,39420k+Output is not escaped
#58SiteOrigin Widgets Bundle23607455400k+Output is not escaped
#59The Events Calendar233,5113,851700k+Text Domain Mismatch
#60Travelpayouts237691106k+Output is not escaped
#61W3 Total Cache23307678900k+Non-prefixed global variable
#62Worth The Read238731383k+Text Domain Mismatch
#63WP Migrate Lite – Migration Made Easy23369255200k+Exception output is not escaped
#64WP STAGING – WordPress Backup, Restore, Migration & Clone231,4941,550100k+Non-prefixed global variable
#65Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress232,3171,7145k+Output is not escaped
#66404 Solution244861,33810k+Non-prefixed class
#67A2 Optimized WP – Turbocharge and secure your WordPress site2427123160k+Missing Arg Domain
#68Backuply – Backup, Restore, Migrate and Clone24704551700k+Non-prefixed global variable
#69Kognetiks Chatbot for WordPress246511,486600Non-prefixed global variable
#70Custom CSS247036571k+Output is not escaped
#71Enable Media Replace24212276600k+Output is not escaped
#72Event Tickets and Registration243,4114,21790k+Non-prefixed global variable
#73Featured Image from URL (FIFU)241,65441870k+Non Singular String Literal Domain
#74Featured Post with thumbnail24158122400Output is not escaped
#75Formidable PRO2PDF242184771k+Non-prefixed global variable
#76FV Player 8243231,3831k+Non-prefixed function
#77Newsletter – Send awesome emails from WordPress248982,214200k+Non-prefixed global variable
#78Post Status Notifier Lite24984451700Missing direct file access protection
#79Pz-LinkCard249511,58120k+Non-prefixed global variable
#80reGenerate Thumbnails Advanced2422012270k+Unsafe printing function
#81SEO Engine – Smart SEO with AI, Schema & Redirection for WordPress242393041k+Direct Query
#82SiteGuard WP Plugin24359350500k+Output is not escaped
#83User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder246643,32150k+Non-prefixed global variable
#84VikRentItems Flexible Rental Management System244,7554,639600Non-prefixed global variable
#85Vimeography: Vimeo Video Gallery WordPress Plugin24982125k+Nonce verification recommended
#86WP User Manager – User Profile Builder & Membership2478753910k+Exception output is not escaped
#87WPeMatico RSS Feed Fetcher241,37858710k+Output is not escaped
#88All 404 Redirect to Homepage25140301200k+date date
#89AIO Forms – Craft Complex Forms Easily25189418700Mixed line endings
#90ATUM WooCommerce Inventory Management and Stock Tracking252,6381,30410k+Non Singular String Literal Domain
#91Breeze Cache25218800400k+Non-prefixed global variable
#92Docket Cache – Object Cache Accelerator2533348120k+Output is not escaped
#93Site Kit by Google – Analytics, Search Console, AdSense, Speed251,3042425m+Missing direct file access protection
#94Hardcore Google Fonts Localizer25331261800Text Domain Mismatch
#95Index WP MySQL For Speed2525025550k+Output is not escaped
#96Loginizer258145041m+Output is not escaped
#97LWS Optimize – All-in-One Speed Booster & Cache Tools2543076420k+Non-prefixed global variable
#98Media Cleaner: Clean your WordPress!2515139190k+Direct Query
#99MyFatoorah – WooCommerce25191892k+Output is not escaped
#100PDF Importer for WPForms25332329400Non-prefixed global variable