WordPress.WP.AlternativeFunctions.file_system_operations_readfile

file system operations readfile

The plugin performs filesystem work with raw PHP functions where WordPress expects safer filesystem handling.

medium weight

Why It Shows Up

Plugin Check found functions such as `fopen`, `fwrite`, `chmod`, `mkdir`, `readfile`, or related operations.

Why It Matters

WordPress sites can use different filesystem permissions and transports. Raw filesystem calls can fail on common hosts or write to unsafe locations.

How to Fix

Use WordPress filesystem helpers when writing, reading, or changing files in plugin-managed paths.
Validate paths and keep writes inside directories owned by the plugin or WordPress uploads.
Never write PHP code from user input or remote responses.

References

WordPress Filesystem API

Affected Plugins

Rank	Plugin	Score	Errors	Warnings	Installs	Updated	Top Issue
#1	Themify Builder	9	5,195	2,096	5k+	5 days ago	Text Domain Mismatch
#2	AnyComment	17	445	449	5k+	4 years ago	Output Not Escaped
#3	Podlove Podcast Publisher	18	2,326	1,429	3k+	17 days ago	Output Not Escaped
#4	Shopping Cart & eCommerce Store	18	5,459	17,298	4k+	9 days ago	Non Prefixed Variable Found
#5	WP Import Export Lite	18	738	979	40k+	11 months ago	Non Prefixed Variable Found
#6	Matomo Analytics – Powerful, Privacy-First Insights for WordPress	19	1,909	878	100k+	5 days ago	Exception Not Escaped
#7	Search Atlas SEO – Premier SEO Plugin for One-Click WP Publishing & Integrated AI Optimization	19	1,295	2,679	9k+	6 days ago	Output Not Escaped
#8	Membership Plugin – Kadence Memberships	19	5,082	2,982	9k+	26 days ago	Text Domain Mismatch
#9	Link Library	20	1,941	1,397	10k+	2 months ago	Unsafe Printing Function
#10	Pix por Piggly (para Woocommerce)	20	547	195	4k+	2 years ago	Exception Not Escaped
#11	Powered Cache – Caching and Optimization for WordPress – Easily Improve PageSpeed & Web Vitals Score	20	147	231	3k+	2 months ago	Exception Not Escaped
#12	Backup Migration	21	981	1,093	80k+	16 days ago	Non Prefixed Variable Found
#13	Free Downloads WooCommerce	21	430	359	4k+	1 month ago	Output Not Escaped
#14	Duplicator – Backups & Migration Plugin – Cloud Backups, Scheduled Backups, & More	21	2,572	1,277	1m+	1 month ago	Output Not Escaped
#15	Formidable Forms – WordPress Form Builder for Contact Forms, Calculators, Quizzes & More	21	52	1,959	300k+	5 days ago	Non Prefixed Variable Found
#16	JCH Optimize	21	953	133	4k+	5 months ago	Output Not Escaped
#17	Smart Forms – when you need more than just a contact form	21	776	574	5k+	1 month ago	Output Not Escaped
#18	Paysera Payment Gateway for WooCommerce	21	1,866	195	7k+	17 days ago	Exception Not Escaped
#19	Wordfence Security – Firewall, Malware Scan, and Login Security	21	1,592	2,973	5m+	1 month ago	Output Not Escaped
#20	WP-Lister Lite for eBay	21	6,697	5,129	2k+	18 days ago	Output Not Escaped
#21	WP phpMyAdmin	21	4,528	6,435	50k+	8 months ago	Missing Arg Domain
#22	wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin	21	1,354	1,140	70k+	13 days ago	Output Not Escaped
#23	Frontend Admin by DynamiApps	22	5,922	3,208	10k+	4 days ago	Text Domain Mismatch
#24	Better Messages – Chat Rooms, Group Chat, Private Messages & AI Chat Bots	22	1,604	2,019	10k+	11 days ago	Direct Query
#25	Better WordPress Minify	22	412	484	8k+	9 years ago	Non Singular String Literal Domain
#26	Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer	22	2,858	1,270	50k+	2 months ago	Text Domain Mismatch
#27	RegistrationMagic – User Registration Forms Plugin	22	3,654	5,062	8k+	yesterday	Non Prefixed Variable Found
#28	Download Manager	22	2,290	1,301	100k+	5 days ago	Output Not Escaped
#29	FireBox Popups – Increase Sales and Grow Your Email List	22	153	812	7k+	6 days ago	Non Prefixed Variable Found
#30	Gutenberg	22	628	342	300k+	4 days ago	missing direct file access protection
#31	Csomagpontok és Címkék WooCommerce-hez	22	2,001	769	7k+	18 days ago	Text Domain Mismatch
#32	InfiniteWP Client	22	2,286	1,812	200k+	4 months ago	Exception Not Escaped
#33	Import WP – Export and Import CSV and XML files to WordPress	22	580	330	4k+	2 months ago	Exception Not Escaped
#34	LearnPress – WordPress LMS Plugin for Create and Sell Online Courses	22	2,361	3,384	70k+	4 days ago	Non Prefixed Variable Found
#35	MailOptin – Popup, Optin Forms & Email Newsletters for Mailchimp, HubSpot, AWeber Etc.	22	2,619	2,453	10k+	2 days ago	Output Not Escaped
#36	PageSpeed Ninja – Cache, Minify, Defer CSS JavaScript, Critical CSS, Optimize Images, Convert WebP	22	984	407	5k+	2 years ago	Unsafe Printing Function
#37	Seraphinite Accelerator	22	594	255	50k+	2 days ago	Output Not Escaped
#38	Swift Performance Lite	22	2,346	1,325	7k+	4 months ago	Text Domain Mismatch
#39	10Web Booster – Website speed optimization, Cache & Page Speed optimizer	22	513	601	80k+	25 days ago	Non Prefixed Variable Found
#40	Theme Editor	22	798	685	50k+	3 months ago	Output Not Escaped
#41	File Manager	22	740	520	1m+	2 months ago	Unsafe Printing Function
#42	WP Super Minify • Minify, Compress and Cache HTML, CSS & JavaScript	22	164	257	9k+	28 days ago	Non Prefixed Constant Found
#43	WP-WebAuthn	22	957	396	2k+	2 months ago	Exception Not Escaped
#44	Advanced Contact form 7 DB	23	761	1,959	70k+	2 months ago	Non Prefixed Variable Found
#45	BSK PDF Manager	23	1,576	625	7k+	2 months ago	Text Domain Mismatch
#46	Export WordPress Pages to Static HTML & PDF — Static Site Export	23	490	301	5k+	3 months ago	Text Domain Mismatch
#47	Front End PM	23	978	2,264	5k+	1 year ago	Non Prefixed Variable Found
#48	Tracking and Consent Manager – WP Full Picture	23	1,280	3,223	3k+	3 months ago	Non Prefixed Variable Found
#49	Kadence Blocks — Page Builder Toolkit for Gutenberg Editor	23	55	2,127	600k+	10 days ago	Non Prefixed Variable Found
#50	Masteriyo LMS – LMS Course Builder, Quizzes & Certificates	23	197	1,748	5k+	1 month ago	Non Prefixed Variable Found