= What's the most secure way to setup SMTP email sending for Wordpress? =
Hey Guys,
I'm running a Wordpress site which is using the default Wordpress php mail feature
I'm finding even though I've added the IP address of my dedicated Wordpress hosting to my SPF email records, email still ends up in thefolder
I hear you can install any number of various Wordpress SMTP plugins to solve this and route your email through another account/service. But a quick Google seems to point out that many of those plugins have been hacked and have lead to a compromised Wordpress sites
I hear you can use secure SMTP sending service like Sendgrid, Postmark , Mailgun, SMTP2Go etc. They also seem to install a Wordpress plugin to link to their service
So, my question are this: How secure are these mail services? How secure are their Wordpress plugins? Is there a better more secure method without plugins I should consider instead?
Not sure which plugin you're referring to, but the only info I could find is related to Easy WP SMTP being hacked last year. I've never used it so I don't know. I've used Post SMTP for years and never had issues with it
I use that plugin as it lets you integrate with any of the servers you listed. I've only ever used mailgun and sendgrid as both have free tiers. (Mailgun just phased it out though, so I use sendgrid now if you're sending less than 100/emails per day on their free tier) plus it's very easy to setup (compared to mailgun)
Any of your plugins could be vectors for attack on your site, so as long as you keep your plugins updated regularly, you should be fine
I use a G Suite alias ("[email protected]") of my main e-mail address to send the transactional e-mails generated by my website (WooCommerce, etc.) via the Post SMTP plugin. The pluginvia SMTP-STARTTLS to smtp.gmail.com:587 using OAuth 2.0 authentication, and the "From:" e-mail address and name have "Prevent
**plugins** and **themes** from changing this" checked for both under "Message" tab of the plugin
I also have setup SPF and DKIM for the domain in my DNS records
All transactional e-mails are sent from "Domain Name" at "[email protected]" with no cases of them going to spam
How secure are these mail services?
Sendgrid, Postmark, Mailgun are used by top sites like Asana, Uber, Spotify, Reddit, etc. So yes, you can be sure of some level of security. Unless I'm missing the question
How secure are their Wordpress plugins
If you stick to the official plugins for the services and update them regularly, I'd say you will be fine
I use the plugin "WP Mail SMTP" paired up with Amazon SES for my emails. Amazon SES is a bit cumbersome / clunky to set up, but there are guides online you can follow. I haven't had a problem with delivery at all
Amazon SES also gives you the SPF and DKIM records you need to add to your domain
Ignoring the fact that mail itself is concidered unsafe, SendGrid/SendInBlue and other email sending services use api's instead of smtp to contact their servers for sending email
I cant comment on the plugins safety, but those plugins are probably the easiest kind of plugins to protect from any attack, because there's barely any user interaction
It's insanely easy to do the exact same stuff the big name SMTP plugins do by hand. There's a hook that gets called during init which let's youthe PHPMailer object
Here's a snippet which forces from address to be configured value and enables routing email through MailSlurpr on the Dev server. The most important part is $mailer is a PHPMailer instance you can reconfigure as needed. Check the PHPMailer docs for more info
add_action( 'phpmailer_init', function ( $mailer ) { $from = carbon_get_theme_option( 'crb_settings_email_from_address' ); $doRelay = carbon_get_theme_option( 'crb_settings_email_enable_dev_relay' ); $mailer->setFrom( $from ); if ( $doRelay ) { $mailer->isSMTP $mailer->Host = carbon_get_theme_option( 'crb_settings_email_dev_relay_host' ); $mailer->Port = carbon_get_theme_option( 'crb_settings_email_dev_relay_port' ); } }, 10, 1 );
== About Community ==
Members
Online
Reddit
