Reading and writing to a file is going to be dicey. You are going to be fighting with file permissions if you save anywhere but the wp-content/uploads directory (and it looks like you want to save to the plugins directory). If you have sufficient control of the server, you may get this to work by editing permissions in the plugins directory, but I wouldn’t. It introduces, potentially, security problems. At any rate, requiring that directory permissions be edited will make your code very non-portable.
- You can save your file to
wp-content/uploadsbut it may well
accessible to snooping. - You can use
WP_Filesystembut you will need to get
request_filesystem_credentials()working most likely. I don’t know
what you mean by using it withoutadmin_menu()but I am thinking
you mean without the dialogue. If I remember correctly, if you
hardcode credentials in towp-config.phpyou won’t get the popup
dialogue. You may be requiring users to edit files, which makes
your code less portable. - The best option to me is to simply not try to juggle data into and
out of a file. Save your data as user meta in the database.