Tutorials UPDATED: 03 November 2022

WordPress Emails and SMTP

Tassos Antoniou

11 min read
Image for WordPress Emails and SMTP

Have you experienced issues with sending emails from your WordPress website? Perhaps you’ve heard about using an SMTP service to process emails in order to improve reliability? It can all seem a little confusing!

If you’re unsure how emails and WordPress work, or are having a problem with these then you’re in the right place. In this article, we’re going to take a look at how WordPress handles emails ‘straight out of the box’, the potential issues, and, most importantly how you can solve the problems you might be experiencing with WordPress and email.

Let’s get going!

When do you use email with WordPress?

First things first… when we talk about using email and WordPress, we’re NOT discussing configuring a ‘regular’ email account that is used by you on a day-to-day basis to send email from your domain. It’s an important distinction. If you’re reading this article because you want to know how to setup your own email system for everyday ‘regular’ email then check out our article ‘Google vs Rackspace vs Microsoft – Which Email Provider is Best?‘ which will give you all the info you need to get going.

The type of email we’re discussing in this article is email that is sent from your WordPress website – typically ‘transactional’ email that might include things like password reset notifications, login notifications and so on. This also includes email notifications that are generated when you configure forms on your website using popular form plugins like Contact Form 7. You can check one of these super quickly by heading to the login screen on your WordPress website and clicking on the ‘Lost your password’ link.

In theory, you should get a password reset link sent to your email Inbox. Note we said ‘in theory’! The email delivery system used by default in WordPress is notoriously unreliable. It’s unfair however to entirely blame WordPress. Many of the issues around the WordPress default email delivery system rely heavily on the underlying server setup. As is almost always the case, cheaper hosting tends to be more problematic.

Although the finger can reliably be pointed at hosting for causing WordPress email issues, there are undoubtedly some aspects of the WordPress email system that are less than perfect.

The Problem with WordPress’s Default Email Delivery

WordPress sends emails using the wp_mail built-in function that is based on PHP mail function and allows you to send emails via your WordPress site using the standard mail function of your host. Its implementation is simple and most developers will have no issue working with something like this.

There are however some well-known flaws in this system that can cause a range of issues:

  • No authentication/verification: Emails sent via a basic PHP mail function aren’t subject to any sort of authentication or verification that would now normally occur to emails sent using more sophisticated systems. This will likely result in them being viewed as spam or junk by the recipient’s email account.
  • Likely to be hijacked: The email protocol is relatively easy for spammers to ‘hijack’ and use to send their own spam emails (sometimes tens of thousands of them!). This behavior will not only place additional load on your server (and in doing so, slow down your website) but will also result in your domain being flagged by spam filters. This will harm the deliverability of any email that uses your domain (even if it is sent using a reputable email provider like Microsoft).

Because of these weaknesses, some hosting providers will disable the WordPress wp_mail function which means you can’t send any transactional email without enabling a third-party SMTP service.

What is SMTP?

The SMTP stands for Simple Mail Transfer Protocol and is used to manage outgoing emails in a more reliable manner.

Like all email protocols, it is used for sending email messages from one email account to another via the internet and it includes a set of rules that let different email clients and accounts easily exchange information.

SMTP servers

You might have heard the words ‘SMTP’ and ‘SMTP Servers’ being used interchangeably. SMTP refers to the protocol and a server is just the computer used to run the actual process. Major email providers like Google have their own SMTP servers that they run.

Their job is to accept messages from an SMTP client and send them to the client after making sure they are valid. This means most emails you receive from people you have given permission to send you emails are checked to make sure they are legitimate.

How does SMTP work?

Let’s quickly run through how an SMTP server actually works:

  1. When you send an email, the SMTP client (or sender) establishes a connection with the SMTP server (using port 25) in order to validate and transfer data using the appropriate commands.
  2. Next, the client starts the transaction by sending the FROM: and TO: mail addresses to the server. The server will check whether these addresses are legitimate and reply with a corresponding message.
  3. Once the addresses are approved, the SMTP client sends the email content as well which is then sent to the recipient(s).

This all happens in milliseconds and for the most part, goes unnoticed by the sender and the recipient.

Differences between SMTP and other email protocols

As well as SMTP, you might have heard of other types of email protocols, namely POP and IMAP.

Both POP and IMAP, however, restrict e-mail delivery to approved servers only. They are not suitable for use in inter-network communication. This is where SMTP is useful, as it can “push” emails between unknown mail servers.

SMTP and WordPress

So, what has SMTP got to do with WordPress?

As we’ve seen (and you may well have experienced yourself) the default WordPress mail protocol can be problematic to use. Fortunately, by leveraging a suitable SMTP server we can bypass this inbuilt email mechanism in WordPress and replace it with something much more reliable. We can do this with the assistance of a WordPress SMTP mail plugin that allows us to utilize the services of an external ESP (Email Sending Provider) to deliver outgoing messages that were created on your WordPress website.

Host your website with Pressidium

60-DAY MONEY BACK GUARANTEE

SEE OUR PLANS

Ensuring that emails sent from your WordPress website are delivered reliably is especially important when you need to send emails to users, customers, members, or visitors. Whilst the odd password reset email ending up in Junk when it’s just you using the site isn’t such an issue, you can appreciate it’s not a good look for things like order confirmation emails to end up in a customer’s spam folder.

Gettings Started with SMTP and Your WordPress Website

In order to leverage the benefits of using an SMTP server to process transactional email on your WordPress website you’re going to need two things.

  1. A WordPress SMTP Plugin
  2. An SMTP service such as Mailgun or Gmail

WordPress SMTP Plugins

Using a separate SMTP server to process transaction email is relatively common. As a result, there are numerous excellent SMTP plugins you can choose from. Too many in fact for us to write about here! As they all broadly do the same thing, we’ll focus on just one. The WP Mail SMTP Plugin.

With 3+ million active installs, it’s clear this is a popular plugin. It makes configuring an SMTP server super simple with multiple ‘out of the box’ choices ready to go.

Once you’ve downloaded and installed it, follow the setup wizard. The first step in the process will be to choose an SMTP Service. As you’ll see you have numerous options. Ones such as Mailgun are normally services you’ll need to pay for. These are worth the outlay (especially if you’re sending a large volume of email) but, if you only have a handful of email going through your site (such as message notifications) then you might want to choose a free option. Perhaps the most familiar will be Gmail.

This is an especially great choice if you already have a Gmail account but be warned it’s not necessarily the simplest!

With this selected, you’ll now have to create a web app in your Google Account.

Configuring the Google Web App to send email via SMTP

To begin, head to the Google Developers Console. You should be able to access this right away if you’re logged into your Google account. Create a new project. After the creation is complete, select the project to open it.

On the left side, hit “Enable APIs and Services”

In the new screen, find the “Gmail API” and go to its page to enable it.

Once you enable it, use the CREATE CREDENTIALS button at the top right to enter the credentials page.

In “Credential Type”, you choose Gmail API and User Data. Then hit Next to go to the “OAuth Consent Screen” section and fill in the app name, user email support and developer contact information.

Save and continue to the next page, which is about the ‘Scopes’ for the Gmail API. You can skip this step as it is optional (it helps you control access to private data when authorizing your app).

Step 4, “OAuth Client ID” is for the OAuth 2.0 protocol that is used for authentication and authorization. Here, you should select “Web Application” as the Application Type from the dropdown menu and then set a name for your OAuth 2.0 client.

Next is the Authorized JavaScript origins, which again is optional. Here, you can enter multiple origins to allow for your app to run on different protocols, domains, or subdomains. Keep in mind that you cannot use wildcards.

In the Authorized redirect URLs, you can set the path users will be redirected to after they have authenticated with Google. The path cannot contain URL fragments, relative paths, or wildcards, and it can’t be a public IP address.

After you are done with these settings, hit the Create button and you will see a Client Id is created.

There is a button to download the credentials and a DONE button that will conclude the process.

Finalizing Your WordPress SMTP Setup

Head back to your WordPress website. If the wizard is still open you’ll need to enter the Client ID, Client Secret and redirect URI we generated in the Google console.

NOTE: You can re-open the wizard if needed by going to the WP Mail SMTP menu item and then hit the “Launch Setup Wizard” button.

After the page is reloaded, click the “Allow plugin to send emails using your Google account” button at the bottom of the settings page. You should now receive a confirmation that you’re good to go. Test this out, for example my using a message form on your website. Do you receive the email successfully?

Please bear in mind that if you have a larger website that processes a lot of transaction email (such as an active WooCommerce website) then using the Google SMTP server won’t be suitable as emails sent through this are rate and volume limited. Instead you’ll want to use an alternative like Mailgun.

Conclusion

Hopefully, you can now configure your website on your own to send emails using the Gmail SMTP server or understand the options around alternatives. In reality, unless you only ever need things like password reset emails to function on your site, you’ll want to enable an SMTP service of some description. Alternatively, you could choose a host that already leverages the power of a dedicated SMTP service on your behalf (such as Pressidium).

Host your Website with Pressidium!

View our price plans

OUR READERS ALSO VIEWED:

Building a CI/CD Workflow – Automatically Deploying a WordPress Theme with GitHub Actions

Streamline your WordPress deployment process using GitHub Actions and a CI/CD workflow. Automatically build and deploy a WordPress theme to your Pressidium WordPress site.
Konstantinos Pappas
Konstantinos Pappas
22 min read

Types of Cross-Site Scripting (XSS) Attacks

In this article, on XSS attacks we're going to deep dive cross-site scripting examples to better understand how these types of attacks work.
Tassos Antoniou
Tassos Antoniou
6 min read

5 Best Tips For Web Developers When Coding For eCommerce Websites

So how can you become a successful web developer when coding for ecommerce websites? Check out this article to find out!
Daryl Bush
Daryl Bush
7 min read

WordPress and Cross-Site Scripting (XSS)

Cross-site scripting (XSS) attacks are a common types of website attack seen across the internet. Find out how to protect your website!
Tassos Antoniou
Tassos Antoniou
7 min read
SUBSCRIBE