WordPress.org

Make WordPress Core

Opened 4 years ago

Closed 4 years ago

#41344 closed enhancement (duplicate)

Secure Email Integration

Reported by: ina2n Owned by:
Milestone: Priority: normal
Severity: normal Version: 4.8
Component: Mail Keywords:
Focuses: administration, multisite Cc:

Description (last modified by SergeyBiryukov)

By the time an entrepreneur decides to use WP multisite, the need for extensive email integration is a requirement. Whether the new startup company is on shared or dedicated hosting, the need for proper secure email integration into their WP sites is a must. The necessary code to deliver secure email with PHPMailer is minimal, and the need to do so in today's email environment is critical.

As you may know, Gmail (possibly others) has placed more strict requirements on using their SMTP email servers for outside accounts, and this has created a greater need for private email servers.

Please integrate secure email into WP multisite core with proper admin menus. I've been using the following code as a personal plugin for more than a year:

<?php
defined( 'ABSPATH' ) OR exit;
/**
 * Plugin Name: WP Simple SMTP Settings
 * Description: Simple SMTP server settings with SSL/TLS for PHPMailer, expressly designed to enable Wordpress to send emails with s self-signed certificate on their private email server.
 * Author: ina2n
 * Author URL: https://ina2n.com
 * License: GPLv2 or later
 * License URI: http://www.gnu.org/licenses/gpl-2.0.html
 */
add_action( 'phpmailer_init', 'phpmailerSMTP' );
function phpmailerSMTP( $phpmailer ) {
$phpmailer->IsSMTP();
$phpmailer->Host        = 'mail.youremailserver.com';  // SMTP Host
$phpmailer->SMTPAuth    = true;  // Authentication, other option is false, but reckless and ill advised
$phpmailer->Username    = 'yourusername@youremailserver.com';
$phpmailer->Password    = 'yourpassword';
$phpmailer->SMTPSecure  = 'ssl'; // enable if required, 'tls' is another possible value
$phpmailer->Port        = 587;    // SMTP Port
$phpmailer->SMTPOptions = array (
'ssl' => array('verify_peer'  => false,'verify_peer_name' => false,'allow_self_signed' => true));  //Enable SMTP on email servers with self-signed certificates
// The following settings are optional and can be set for static emails, however, if you're using a dynamic email newsletter plugin such as Woocommerce or SendPress, then you want to comment out these lines by leaving the // at the front of each line. Any variables placed here will override all other email sending plugins. You can change any one of these settings to override all email sending plugins. For example, you might want your email 'FromName' to read as your company name, regardless of what you have setup in Woocommerce, SendPress or other email sending plugins.
//	$phpmailer->From        = 'yourusername@youremailserver.com';
//	$phpmailer->FromName    = 'Your Company Name';  //This can be your company, website, or your your name
//	$phpmailer->Subject     = 'Your Company Title';  // Leave this blank '' if you don't want the subject line automatically populated
//	$phpmailer->SMTPDebug	= 2;
//	1: show client -> server messages only. Don't use this - it's very unlikely to tell you anything useful.
//	2: show client -> server and server -> client messages - this is usually the setting you want
//	3: As 2, but also show details about the initial connection; only use this if you're having trouble connecting (e.g. connection timing out)
//	4: As 3, but also shows detailed low-level traffic. Only really useful for analysing protocol-level bugs, very verbose, probably not what you need.
}

Attachments (1)

wp-simple-smtp.php (2.5 KB) - added by ina2n 4 years ago.
Simple SMTP Email Integration

Download all attachments as: .zip

Change History (9)

@ina2n
4 years ago

Simple SMTP Email Integration

#1 follow-up: @earnjam
4 years ago

A couple of questions:
1) Why is this marked as specific to multisite and not just core in general?
2) What is the rationale for integrating this into core instead of leaving it as a separate plugin, since it seems to function fine using the phpmailer_init hook?

#2 follow-up: @JanR
4 years ago

I agree with @ina2n that this should be core functionality nowadays, and not plugin territory. See #29069 for a similar Trac ticket.

#3 in reply to: ↑ 1 @ina2n
4 years ago

Replying to earnjam:

A couple of questions:
1) Why is this marked as specific to multisite and not just core in general?
2) What is the rationale for integrating this into core instead of leaving it as a separate plugin, since it seems to function fine using the phpmailer_init hook?

1) I run WP multisite, and have no need for single site setups. As WP moves forward, I don't see the WP single site as a viable product any more. I can build and maintain a website for a customer using multisite at a significantly greater efficiency. I can reduce/eliminate the need for staff when using multisite, and manage individual user sites with ease.

In my opinion, WP would be a much better solution for everyone if all sites were setup as multisite capable from the start. From the multisite environment, any user can create their own "dev" site within their own environment setup. This makes upgrades and design much easier to push, and more capable for even a novice.

2) You're right. The phpmailer_init hook does work. But just like WP multisite domain mapping was a plugin for years, I pushed for multisite mapping integration into the core over a year ago. Integrating more email capabilities into core is just a natural progression, and I'm confident that many new WP users don't realize the complexities of getting their own private emails up and running within WP. The email integration is not a necessity because of WP, it's a necessity because of the natural progression of email security standards.

Personally, I don't know of any hosting provider that allows emails to be sent over the non-secure Port 25. And no hosting provider allows emails to be sent without password authorization. Any hosting provider, I know because I am one, cannot allow an open relay on Port 25. We would all be blacklisted within 48 hours, and that's why the present WP core email provisions are lacking.

When you review the file I uploaded, I explain every line and you'll see that it's only a handful of lines that would be added to core. This makes WP significantly more email friendly, because everyone has a need to send emails via their WP console, and the load on the core is insignificant.

Last edited 4 years ago by ina2n (previous) (diff)

#4 in reply to: ↑ 2 @ina2n
4 years ago

Replying to JanR:

I agree with @ina2n that this should be core functionality nowadays, and not plugin territory. See #29069 for a similar Trac ticket.

Wow! You've been pushing for better SMTP integration for years! Well done! You are correct and I think the core needs an update ASAP.

#5 @SergeyBiryukov
4 years ago

  • Component changed from Administration to Mail
  • Description modified (diff)

This ticket was mentioned in Slack in #core-multisite by ina2n. View the logs.


4 years ago

This ticket was mentioned in Slack in #core-multisite by pmbaldha. View the logs.


4 years ago

#8 @johnbillion
4 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to duplicate
  • Status changed from new to closed

Thanks again for the ticket, but this really is plugin territory due to the huge variety of mechanisms and services for sending mail.

In addition, running your own SMTP server is increasingly less common for individuals, small businesses, and indeed large businesses. If you want to securely send mail through your own SMTP server, there is a plugin for that, and if you want to send mail via a hosted mail delivery service then there's almost certainly a plugin for that too.

Duplicate of #29069

Note: See TracTickets for help on using tickets.