WordPress.WP.AlternativeFunctions.file_system_operations_is_writable

file system operations is writable

The plugin performs filesystem work with raw PHP functions where WordPress expects safer filesystem handling.

medium weight

Why It Shows Up

Plugin Check found functions such as `fopen`, `fwrite`, `chmod`, `mkdir`, `readfile`, or related operations.

Why It Matters

WordPress sites can use different filesystem permissions and transports. Raw filesystem calls can fail on common hosts or write to unsafe locations.

How to Fix

Use WordPress filesystem helpers when writing, reading, or changing files in plugin-managed paths.
Validate paths and keep writes inside directories owned by the plugin or WordPress uploads.
Never write PHP code from user input or remote responses.

References

WordPress Filesystem API

Affected Plugins

Rank	Plugin	Score	Errors	Warnings	Installs	Updated	Top Issue
#1	BulletProof Security	0	5,048	4,949	20k+	1 month ago	Output Not Escaped
#2	Themify Builder	9	5,195	2,096	5k+	6 days ago	Text Domain Mismatch
#3	JetBackup – Backup, Restore & Migrate	10	1,559	145	100k+	2 months ago	Exception Not Escaped
#4	Visual Composer Website Builder	16	82	320	40k+	11 months ago	Non Prefixed Variable Found
#5	WPtouch – Make your WordPress Website Mobile-Friendly	17	1,466	325	50k+	7 months ago	Text Domain Mismatch
#6	Prime Slider Addons for Elementor	18	3,500	230	100k+	7 days ago	Text Domain Mismatch
#7	Shopping Cart & eCommerce Store	18	5,459	17,298	4k+	10 days ago	Non Prefixed Variable Found
#8	WP Import Export Lite	18	738	979	40k+	11 months ago	Non Prefixed Variable Found
#9	Element Pack – Widgets, Templates & Addons for Elementor	19	9,448	517	100k+	6 days ago	Text Domain Mismatch
#10	Advanced File Manager – Ultimate File Manager for WordPress And Document Library Solution	19	1,218	901	100k+	13 days ago	Exception Not Escaped
#11	Matomo Analytics – Powerful, Privacy-First Insights for WordPress	19	1,909	878	100k+	6 days ago	Exception Not Escaped
#12	Search Atlas SEO – Premier SEO Plugin for One-Click WP Publishing & Integrated AI Optimization	19	1,295	2,679	9k+	7 days ago	Output Not Escaped
#13	Realtyna Organic IDX plugin + WPL Real Estate	19	947	3,653	2k+	1 month ago	Non Prefixed Variable Found
#14	Really Simple Security – Simple and Performant Security (formerly Really Simple SSL)	19	541	385	3m+	5 days ago	Missing Translators Comment
#15	Membership Plugin – Kadence Memberships	19	5,082	2,982	9k+	27 days ago	Text Domain Mismatch
#16	SureCart – Ecommerce Made Easy For Selling Physical Products, Digital Downloads, Subscriptions, Donations, & Payments	19	526	1,119	90k+	6 days ago	Non Prefixed Variable Found
#17	WP Email Template	19	342	350	2k+	2 months ago	Exception Not Escaped
#18	BetterDocs – AI Documentation, Knowledge Base, Docs, Wikis, FAQ with Chatbot	20	508	1,406	30k+	4 days ago	Non Prefixed Variable Found
#19	GiveWP – Donation Plugin and Fundraising Platform	20	3,435	3,580	100k+	7 days ago	Output Not Escaped
#20	Link Library	20	1,941	1,397	10k+	2 months ago	Unsafe Printing Function
#21	Microthemer Lite – Visual Editor to Customize CSS	20	1,004	1,699	10k+	2 months ago	Non Prefixed Variable Found
#22	Nimble Page Builder	20	1,591	1,684	30k+	1 year ago	Missing Arg Domain
#23	Pix por Piggly (para Woocommerce)	20	547	195	4k+	2 years ago	Exception Not Escaped
#24	Powered Cache – Caching and Optimization for WordPress – Easily Improve PageSpeed & Web Vitals Score	20	147	231	3k+	2 months ago	Exception Not Escaped
#25	Robin Image Optimizer – Unlimited Image Optimization, WebP & AVIF	20	557	541	100k+	1 month ago	Output Not Escaped
#26	Store Locator WordPress	21	2,372	1,572	10k+	19 days ago	Text Domain Mismatch
#27	Backup Migration	21	981	1,093	80k+	17 days ago	Non Prefixed Variable Found
#28	rtMedia for WordPress, BuddyPress and bbPress	21	363	633	8k+	3 months ago	Non Prefixed Constant Found
#29	CallTrackingMetrics	21	923	286	3k+	4 months ago	Unsafe Printing Function
#30	CartFlows – Funnel Builder & Checkout Plugin for WooCommerce	21	461	614	200k+	20 days ago	Text Domain Mismatch
#31	Comet Cache	21	857	245	20k+	12 months ago	Output Not Escaped
#32	Duplicator – Backups & Migration Plugin – Cloud Backups, Scheduled Backups, & More	21	2,572	1,277	1m+	1 month ago	Output Not Escaped
#33	EventPrime – Events Calendar, Bookings and Tickets	21	872	4,297	7k+	2 days ago	Non Prefixed Variable Found
#34	FileOrganizer – WordPress File Manager	21	536	241	200k+	12 days ago	unlink unlink
#35	Modular DS: Monitor, update, and backup multiple websites	21	161	81	40k+	1 month ago	Exception Not Escaped
#36	Packeta	21	802	333	8k+	8 months ago	Exception Not Escaped
#37	Five Star Restaurant Reservations – WordPress Booking Plugin	21	1,099	1,147	10k+	3 days ago	Output Not Escaped
#38	Smart Forms – when you need more than just a contact form	21	776	574	5k+	1 month ago	Output Not Escaped
#39	Buckaroo Woocommerce Payments Plugin	21	563	326	2k+	6 days ago	Exception Not Escaped
#40	WebP Express	21	160	427	300k+	3 days ago	Non Prefixed Variable Found
#41	Wise Chat	21	470	506	5k+	4 months ago	Output Not Escaped
#42	Paysera Payment Gateway for WooCommerce	21	1,866	195	7k+	18 days ago	Exception Not Escaped
#43	Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools	21	786	3,395	30k+	5 days ago	Non Prefixed Variable Found
#44	Wordfence Security – Firewall, Malware Scan, and Login Security	21	1,592	2,973	5m+	1 month ago	Output Not Escaped
#45	WP-Lister Lite for eBay	21	6,697	5,129	2k+	19 days ago	Output Not Escaped
#46	WP phpMyAdmin	21	4,528	6,435	50k+	8 months ago	Missing Arg Domain
#47	wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin	21	1,814	1,461	70k+	today	Output Not Escaped
#48	Ajax Load More – Infinite Scroll, Load More, & Lazy Load	22	641	595	40k+	18 days ago	Unsafe Printing Function
#49	Booking for Appointments and Events Calendar – Amelia	22	1,489	480	90k+	4 days ago	Exception Not Escaped
#50	Better WordPress Minify	22	412	484	8k+	9 years ago	Non Singular String Literal Domain