WordPress.WP.AlternativeFunctions.file_system_operations_touch
file system operations touch
The plugin performs filesystem work with raw PHP functions where WordPress expects safer filesystem handling.
Why It Shows Up
Plugin Check found functions such as `fopen`, `fwrite`, `chmod`, `mkdir`, `readfile`, or related operations.
Why It Matters
WordPress sites can use different filesystem permissions and transports. Raw filesystem calls can fail on common hosts or write to unsafe locations.
How to Fix
- Use WordPress filesystem helpers when writing, reading, or changing files in plugin-managed paths.
- Validate paths and keep writes inside directories owned by the plugin or WordPress uploads.
- Never write PHP code from user input or remote responses.
References
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Updated | Top Issue |
|---|---|---|---|---|---|---|---|
| #101 | Custom Scrollbar | 27 | 184 | 191 | 2k+ | Output Not Escaped | |
| #102 | Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin | 27 | 122 | 135 | 3k+ | Non Prefixed Variable Found | |
| #103 | MLSImport – Download and synchronize real estate data from various MLS (Multiple Listing Services) | 27 | 154 | 551 | 5k+ | Non Prefixed Variable Found | |
| #104 | WP Hide & Security Enhancer | 27 | 124 | 375 | 50k+ | Input Not Sanitized | |
| #105 | Database Cleaner | 29 | 135 | 297 | 10k+ | Direct Query | |
| #106 | DoLogin Security | 29 | 312 | 305 | 7k+ | Output Not Escaped | |
| #107 | PhastPress | 29 | 95 | 52 | 10k+ | Exception Not Escaped | |
| #108 | Urvanov Syntax Highlighter | 30 | 221 | 87 | 3k+ | Output Not Escaped | |
| #109 | SpeedyCache – Cache, Optimization, Performance | 31 | 65 | 115 | 600k+ | Input Not Validated | |
| #110 | Volunteer Sign Up Sheets | 32 | 967 | 401 | 1k+ | Output Not Escaped | |
| #111 | Extra Product Options Builder for WooCommerce | 33 | 101 | 155 | 2k+ | Non Prefixed Hookname Found | |
| #112 | Companion Sitemap Generator – Simple, Smart, and SEO-Ready | 33 | 118 | 57 | 7k+ | Missing Translators Comment | |
| #113 | FastPixel Cache – Optimize Page Speed: Compress Images, Minify, Clean Database & CDN | 34 | 49 | 324 | 4k+ | Missing Unslash | |
| #114 | Meow Lightbox | 34 | 75 | 52 | 10k+ | Non Singular String Literal Domain | |
| #115 | Child Theme Creator by Orbisius | 34 | 86 | 39 | 10k+ | Output Not Escaped | |
| #116 | Tidio – Live Chat & AI Chatbots | 34 | 52 | 19 | 80k+ | curl curl setopt | |
| #117 | EWWW Image Optimizer | 35 | 225 | 729 | 1m+ | Direct Query | |
| #118 | Imsanity | 35 | 32 | 29 | 200k+ | Direct Query | |
| #119 | Less PHP Compiler | 35 | 163 | 47 | 3k+ | Exception Not Escaped | |
| #120 | Database Backup for WordPress | 35 | 128 | 88 | 70k+ | Output Not Escaped | |
| #121 | XServer Migrator | 35 | 39 | 53 | 10k+ | Interpolated Not Prepared | |
| #122 | Constant Contact Forms | 36 | 40 | 81 | 20k+ | Missing | |
| #123 | Custom PHP Settings | 36 | 153 | 76 | 10k+ | Output Not Escaped | |
| #124 | Image Watermark | 36 | 76 | 179 | 40k+ | Missing | |
| #125 | QuickWebP – Compress / Optimize Images & Convert WebP | SEO Friendly | 36 | 172 | 108 | 8k+ | Non Singular String Literal Domain | |
| #126 | Export Themes | 36 | 122 | 90 | 2k+ | Non Prefixed Constant Found | |
| #127 | Skroutz & Bestprice XML feed for WooCommerce | 37 | 161 | 41 | 1k+ | Text Domain Mismatch | |
| #128 | All-in-One WP Migration and Backup | 40 | 28 | 61 | 5m+ | Missing | |
| #129 | MaxLimits – Increase Maximum Upload, Post & PHP Limits | 41 | 99 | 16 | 1k+ | Unsafe Printing Function | |
| #130 | Simple Cache | 41 | 33 | 59 | 1k+ | Input Not Sanitized | |
| #131 | Hyper Cache | 45 | 36 | 100 | 8k+ | Non Prefixed Variable Found | |
| #132 | PDF Invoices & Packing Slips for WooCommerce – Challan | 49 | 56 | 151 | 3k+ | Non Prefixed Variable Found | |
| #133 | Debug This | 52 | 43 | 32 | 2k+ | Missing Translators Comment | |
| #134 | Easy SSL Plugin for SAKURA Rental Server | 62 | 23 | 17 | 50k+ | Input Not Sanitized |
