I’m wondering when it is recommended to use the Filesystem API, and whether it’s useful at all?
WordPress seems a little inconsistent when it comes to Filesystem API usage, it uses the API only in a few places when uploading and unpacking files, and that doesn’t make much sense to me, I mean, where’s to point in using it at all when there are a lot of other situations where the PHP filesystem functions are used for direct access? Uploading packages would work even when there are ownership “problems”, however I’m pretty sure that these “problems” won’t go away 5 minutes later when I’m utilizing any of the functions that are using for example fwrite directly.
So why should I as a plugin/theme developer care about it anyways when half of the WordPress functions I’m using does not rely on the Filesystem API, my plugin/theme wouldn’t work correctly anyways, wouldn’t it?
1 Answer
There is a bit of practical split about where WP can write files and if Filesystem API
is invoked. It might be easier to see this divide not as technical, but as administrative.
There is user space.
Users must be able to do things like create attachments and must not need to have admin access credentials.
For these requirements uploads directory typically requires lax permissions and code that works with it is usually not using Filesystem API
.
Rest is admin space.
Administrators/developers must be able to (over)write anything (plugins, themes, WP core itself) and have admin credentials.
For such functionality code is using Filesystem API
and will prompt for credentials, if it can’t accomplish task without them.
So rule of a thumb for development distributable code is roughly – uploads directory is one and only place in WP installation where you can expect to perform writes without using Filesystem API
.