CHECKING STATUS
I AM LISTENING TO
|

Saving files in WordPress using the Filesystem_API

5. February 2016
.SHARE

Table of Contents

When building plugins or addons, sometimes we need to save custom files within WordPress.

These can be custom JavaScript or CSS files that a user edited and are loaded to override core functionality.

In most cases inline styles and scripts are an option, but not always the most elegant way. Everyone has to decide that for themselves. (wp_add_inline_style) Not talking about performance between inline and external files here :)

Another option is the wp_head action:

WHERE

Many ask where can or should I save files created within a plugin.

  1. In the plugin folder ? Bad idea,  as that folder will be deleted on each upgrade of the plugin.
  2. In a separate plugin, just for those extra files. That is an option, but many webmasters prevent writing to any other folder than the upload folder. Also adding a blank plugin to just add upload folders is not really optimal.
  3. In the upload folder itself. Just like the name says, its the main folder to upload files to!

SECURITY

When dealing with file creation and uploads, security is always important. That relates to any other platform doing similar operations. A folder created within a plugin directory is not less or more secure than a folder created in the upload directory.

Its important to have the correct file and folder permissions set:

  1. Files should have permissions not higher than 664 (start at 644)
  2. Directories should have permissions not higher than 755 (start at 744) Try what works. The lower the more secure :)

There is a detailed article about permissions over at WordPress as well.

When it comes to creating files in PHP the term cross-site-scripting often comes up. When the system creates a file it is owned by the webserver and on a shared hosting account those files could be altered by another user on the same webserver. This could allow them to inject malicious code and compromise your sever. 

That is why the WP_Filesystem was created, to make things more secure and make sure that the owner of files is correct.

CREATING FILES

WordPress provides a nice clean interface to create folders and save files to the upload folder. Here a simple example from one of my current projects.

Prepare the filesystem

Get upload dir information and prepare directory to save to

Check if file exists, create folder, delete similar and save.
In my case I am adding a custom key and the page id to the file.

If the direct way is not possible, you can also use or force the FTP approach
(request_filesystem_credentials).

This will check for the ftp credentials and request them with a form if needed.

This is just a very rough outline of how to do it, but should get you started.

Enjoy coding …

Let’s Talk!

Looking for a reliable partner to bring your project to the next level? Whether it’s development, design, security, or ongoing support—I’d love to chat and see how I can help.

Get in touch,
and let’s create something amazing together!

RELATED POSTS

Days Of Docker 6

Day 6: Monocker – Monitor Docker – 7 Days of Docker

Monitoring the health and status of Docker containers is crucial for maintaining a reliable and efficient environment. Monocker is a lightweight tool designed to address this need by monitoring Docker container state changes and sending real-time alerts through various messaging platforms. What is Monocker? Monocker, short for “MONitors dOCKER,” is an open-source application that keeps […]

The Letters Of The Alphabet Are Arranged Crosswise 2023 11 27 05 02 11 Utc

Best Solutions to Run WordPress Locally 2025

Running WordPress locally is essential for testing, development, and experimentation without affecting a live website. There are several solutions available, each catering to different needs. Below, we explore the best ways to set up WordPress on your local machine, along with useful links. 1. Local by Flywheel Local is a powerful, free local development environment […]

Days Of Docker5

Day 5: mosparo an Open-Source Spam Protection solution – 7 Days of Docker

If you’re looking for an efficient and streamlined way to integrate mosparo, an open-source spam protection solution, into your workflow, running it via Docker is an excellent choice. Docker allows you to deploy mosparo quickly without worrying about dependencies or manual configurations. In this guide, we’ll walk through setting up mosparo with Docker. Prerequisites Before getting […]

Alexander

I am a full-stack developer. My expertise include:

  • Server, Network and Hosting Environments
  • Data Modeling / Import / Export
  • Business Logic
  • API Layer / Action layer / MVC
  • User Interfaces
  • User Experience
  • Understand what the customer and the business needs


I have a deep passion for programming, design, and server architecture—each of these fuels my creativity, and I wouldn’t feel complete without them.

With a broad range of interests, I’m always exploring new technologies and expanding my knowledge wherever needed. The tech world evolves rapidly, and I love staying ahead by embracing the latest innovations.

Beyond technology, I value peace and surround myself with like-minded individuals.

I firmly believe in the principle: Help others, and help will find its way back to you when you need it.