WordPress.WP.AlternativeFunctions.file_system_operations_touch

file system operations touch

The plugin performs filesystem work with raw PHP functions where WordPress expects safer filesystem handling.

medium weight

Why It Shows Up

Plugin Check found functions such as `fopen`, `fwrite`, `chmod`, `mkdir`, `readfile`, or related operations.

Why It Matters

WordPress sites can use different filesystem permissions and transports. Raw filesystem calls can fail on common hosts or write to unsafe locations.

How to Fix

  • Use WordPress filesystem helpers when writing, reading, or changing files in plugin-managed paths.
  • Validate paths and keep writes inside directories owned by the plugin or WordPress uploads.
  • Never write PHP code from user input or remote responses.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#151Less PHP Compiler35163473k+Exception output is not escaped
#152Vendi Abandoned Plugin Check351331k+trademarked term
#153Database Backup for WordPress351288870k+Output is not escaped
#154XServer Migrator35395310k+Interpolated SQL is not prepared
#155Cashflows for WooCommerce3611836600Text Domain Mismatch
#156Constant Contact Forms36398920k+Missing nonce verification
#157Custom PHP Settings361537610k+Output is not escaped
#158Image Watermark367617940k+Missing nonce verification
#159QuickWebP – Compress / Optimize Images & Convert WebP | SEO Friendly361721088k+Non Singular String Literal Domain
#160Rabo Smart Pay for WooCommerce3614754600Text Domain Mismatch
#161Export Themes36122902k+Non-prefixed constant
#162Skroutz & Bestprice XML feed for WooCommerce37161411k+Text Domain Mismatch
#163Admin Custom Font3934251k+Unsafe printing function
#164Dashboard Cleaner394091500Missing nonce verification
#165MaxLimits – Increase Maximum Upload, Post & PHP Limits4199162k+Unsafe printing function
#166Simple Cache4133591k+Input is not sanitized
#167Hyper Cache45361008k+Non-prefixed global variable
#168404 Image Redirection (Replace Broken Images)4711885500Text Domain Mismatch
#169iControlWP4745591k+Missing direct file access protection
#170PDF Invoices & Packing Slips for WooCommerce – Challan49561514k+Non-prefixed global variable
#171Debug This5243322k+Missing Translators Comment
#172Known Agents – Track AI Bots and Crawlers, Block Scrapers, Analyze LLM Referral Traffic5737121k+Setting is missing a sanitization callback
#173Easy SSL Plugin for SAKURA Rental Server62231750k+Input is not sanitized