WordPress.WP.AlternativeFunctions.file_system_operations_touch
file system operations touch
The plugin performs filesystem work with raw PHP functions where WordPress expects safer filesystem handling.
Why It Shows Up
Plugin Check found functions such as `fopen`, `fwrite`, `chmod`, `mkdir`, `readfile`, or related operations.
Why It Matters
WordPress sites can use different filesystem permissions and transports. Raw filesystem calls can fail on common hosts or write to unsafe locations.
How to Fix
- Use WordPress filesystem helpers when writing, reading, or changing files in plugin-managed paths.
- Validate paths and keep writes inside directories owned by the plugin or WordPress uploads.
- Never write PHP code from user input or remote responses.
References
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #151 | Less PHP Compiler | 35 | 163 | 47 | 3k+ | Exception output is not escaped | ||
| #152 | Vendi Abandoned Plugin Check | 35 | 13 | 3 | 1k+ | trademarked term | ||
| #153 | Database Backup for WordPress | 35 | 128 | 88 | 70k+ | Output is not escaped | ||
| #154 | XServer Migrator | 35 | 39 | 53 | 10k+ | Interpolated SQL is not prepared | ||
| #155 | Cashflows for WooCommerce | 36 | 118 | 36 | 600 | Text Domain Mismatch | ||
| #156 | Constant Contact Forms | 36 | 39 | 89 | 20k+ | Missing nonce verification | ||
| #157 | Custom PHP Settings | 36 | 153 | 76 | 10k+ | Output is not escaped | ||
| #158 | Image Watermark | 36 | 76 | 179 | 40k+ | Missing nonce verification | ||
| #159 | QuickWebP – Compress / Optimize Images & Convert WebP | SEO Friendly | 36 | 172 | 108 | 8k+ | Non Singular String Literal Domain | ||
| #160 | Rabo Smart Pay for WooCommerce | 36 | 147 | 54 | 600 | Text Domain Mismatch | ||
| #161 | Export Themes | 36 | 122 | 90 | 2k+ | Non-prefixed constant | ||
| #162 | Skroutz & Bestprice XML feed for WooCommerce | 37 | 161 | 41 | 1k+ | Text Domain Mismatch | ||
| #163 | Admin Custom Font | 39 | 34 | 25 | 1k+ | Unsafe printing function | ||
| #164 | Dashboard Cleaner | 39 | 40 | 91 | 500 | Missing nonce verification | ||
| #165 | MaxLimits – Increase Maximum Upload, Post & PHP Limits | 41 | 99 | 16 | 2k+ | Unsafe printing function | ||
| #166 | Simple Cache | 41 | 33 | 59 | 1k+ | Input is not sanitized | ||
| #167 | Hyper Cache | 45 | 36 | 100 | 8k+ | Non-prefixed global variable | ||
| #168 | 404 Image Redirection (Replace Broken Images) | 47 | 118 | 85 | 500 | Text Domain Mismatch | ||
| #169 | iControlWP | 47 | 45 | 59 | 1k+ | Missing direct file access protection | ||
| #170 | PDF Invoices & Packing Slips for WooCommerce – Challan | 49 | 56 | 151 | 4k+ | Non-prefixed global variable | ||
| #171 | Debug This | 52 | 43 | 32 | 2k+ | Missing Translators Comment | ||
| #172 | Known Agents – Track AI Bots and Crawlers, Block Scrapers, Analyze LLM Referral Traffic | 57 | 37 | 12 | 1k+ | Setting is missing a sanitization callback | ||
| #173 | Easy SSL Plugin for SAKURA Rental Server | 62 | 23 | 17 | 50k+ | Input is not sanitized |