How to send WordPress email via SMTP

Short answer: WordPress sends mail with PHP’s mail() function by default, which fails on most modern hosts, so your password resets, contact form notices, and order receipts never arrive. The fix is to install an SMTP plugin (WP Mail SMTP, FluentSMTP, Post SMTP, or Easy WP SMTP), create an account with a mail-sending service, and enter that service’s connection details: the SMTP host, port 587 with TLS, and your username and password. Send a test email from the plugin to confirm it works. This guide covers the generic SMTP setup that works with any provider, how to choose the port and encryption, where to find your credentials, and how to fix the connection errors that come up most often.

This is the hands-on, fill-in-the-fields companion to the deliverability side of the same problem. If your mail is sending but landing in spam, that is a DNS authentication issue, and setting up DMARC, SPF, and DKIM for WordPress is the guide you want. This one is about getting the plugin connected and mail flowing in the first place.

Why you need SMTP at all#

Out of the box, WordPress calls PHP’s mail() function to send every email it generates: new user notifications, password resets, comment alerts, and anything a plugin sends through wp_mail() . That function hands the message to a local mail program on the web server and hopes it gets delivered. On a modern host it usually does not, for two reasons.

First, most hosts block the outbound port that mail() needs to reach other mail servers directly, because leaving it open lets compromised sites blast spam. When it is blocked, mail() reports success to WordPress while the message quietly goes nowhere. There is a full explanation of why port 25 is blocked if you want the background.

Second, even when the mail does leave the server, it comes from a shared IP address with no sending reputation and carries no authentication, so the receiving inbox treats it as suspicious. That is the deliverability half of the problem, and it is covered separately.

SMTP fixes the first problem completely and sets up the second one to be solved. Instead of handing mail to a local program, WordPress logs in to a real mail-sending service over an authenticated connection and asks that service to deliver the message. The service has a trusted IP, proper infrastructure, and a port that is not blocked. Your job is to give WordPress the login details for that service.

What you need before you start#

Three things, in this order:

• An SMTP plugin installed. This is the piece that reroutes WordPress mail through SMTP instead of mail() .
• An account with a mail-sending service. This is who actually delivers the mail. More on choosing one below.
• The connection details from that service. A host, a port, and a username and password (or an API key). The service gives you these after you sign up.

You do not need to touch any code, edit functions.php , or write your own mailer. The plugin does all of it through a settings screen.

Step 1: Install an SMTP plugin#

In your WordPress admin, go to Plugins > Add new, search for WP Mail SMTP, and click Install now then Activate. The free version from the WordPress.org directory is enough for this.

WP Mail SMTP is the most widely used, so this guide uses its terminology, but the alternatives work identically. FluentSMTP is completely free with no paid upsell. Post SMTP keeps a built-in log of every email it tries to send, which is useful for debugging. Easy WP SMTP is the lightest of the set. Whichever you pick, the fields you fill in are the same because they all configure the same underlying SMTP connection.

Install and activate the plugin, but do not configure it yet. First pick the service it will connect to.

Step 2: Pick a mail-sending service and get your credentials#

This is the service that actually delivers your mail. For a typical WordPress or WooCommerce site sending transactional mail (password resets, form notifications, order receipts) under roughly 40,000 emails a month, any of these work well and have a free or cheap tier:

• Brevo (formerly Sendinblue) sends 300 emails per day on the free plan.
• SMTP2GO offers 1,000 emails per month free.
• SendGrid sends 100 per day free.
• Mailgun is pay-as-you-go and good for higher volume.
• Postmark is transactional-only and paid from the first email, which is exactly why its deliverability is excellent.
• Amazon SES is the cheapest at volume but has the most setup overhead.

Pick one and stick with it. Each service has its own authentication records to set up later, so switching means redoing that work. For a small site that only sends transactional mail, any of them is fine.

After you create an account, find the SMTP credentials in the service’s dashboard. Every provider buries them in a slightly different place, but you are always looking for the same four values:

• SMTP host (also called server or hostname) — something like smtp-relay.brevo.com , mail.smtp2go.com , or smtp.sendgrid.net .
• SMTP port — usually a choice of 587 , 465 , 2525 , or 25 .
• Username — sometimes your account email, sometimes a generated login or the literal word apikey .
• Password — often a generated SMTP key or API key, not your account login password.

Most services label this under a heading like “SMTP”, “SMTP & API”, or “Sending > SMTP”. Generate or copy the credentials and keep that page open for the next step. Treat the password like any other secret: it can send mail as your domain, so do not paste it into a public place.

> A note on API keys versus SMTP. Many services offer two ways to connect: classic SMTP (host, port, username, password) and a direct API integration. WP Mail SMTP has dedicated “mailer” options for the popular services that use the API path, which can be slightly more reliable because it does not depend on an open SMTP port. If your provider has a dedicated mailer in the plugin’s list, that is the easier route. This guide uses the generic “Other SMTP” path because it works with every provider, including ones the plugin does not list.

Step 3: Enter the SMTP settings in the plugin#

In your WordPress admin, open WP Mail SMTP > Settings. Two areas matter here: the mail identity at the top, and the mailer connection below it.

The From settings#

• From Email — the address your site sends as. This must be an address on your own domain, for example noreply@yourdomain.com . Do not use a Gmail or Yahoo address here; sending as you@gmail.com from your own server fails modern authentication and gets rejected. Tick the “Force From Email” option so plugins cannot override it with something that breaks delivery.
• From Name — the display name recipients see, such as your site name.

The mailer connection#

Choose Other SMTP as the mailer. This is the generic option that accepts any provider’s details. Now fill in the values you copied from your service:

• SMTP Host — paste the host exactly as the service gave it, for example smtp-relay.brevo.com .
• Encryption — choose TLS for port 587 , or SSL for port 465 . Pick one to match the port below. (The difference is explained in the next section.)
• SMTP Port — 587 if you chose TLS, 465 if you chose SSL.
• Authentication — turn this on. It is what makes the plugin log in with your username and password.
• SMTP Username — the username from the service.
• SMTP Password — the password or SMTP key from the service.

Save the settings. If your provider gave you an API key labelled as the username (for example SendGrid wants the literal username apikey and the key as the password), enter them exactly as the provider documents, because those services are strict about the format.

Choosing the port and encryption#

The port and encryption settings have to agree with each other, and the wrong combination is the single most common reason a connection fails. Here is what each one is for:

• Port 587 with TLS is the modern standard and the right default. The connection starts in plain text and upgrades to encryption immediately (this upgrade is called STARTTLS). Use this unless you have a specific reason not to.
• Port 465 with SSL is the older but still fully supported encrypted submission port. The connection is encrypted from the very first byte. Use this if 587 is blocked on your host or your provider recommends it.
• Port 2525 is an unofficial alternative that several providers offer specifically because some hosts block 587. It behaves like 587 (use TLS). Try it if both 587 and 465 fail to connect.
• Port 25 is the one to avoid. It is for server-to-server delivery, it is almost always blocked for outbound mail, and it is not the right port for submitting authenticated mail from WordPress.

If you are not sure which to use, start with 587 and TLS. If the test in the next step times out, switch to 465 and SSL, and if that also fails, try 2525 with TLS.

Step 4: Send a test email#

Every SMTP plugin has a test feature, and you should never skip it. In WP Mail SMTP, go to the Email Test tab, enter an address you can check (your own inbox is fine), and send.

A successful test shows a green confirmation, and the email arrives within a minute. If it arrives, WordPress mail is now flowing through SMTP and the transport problem is solved.

For a more realistic check, trigger a real WordPress email. Request a password reset from your own login screen, or submit your site’s contact form. These exercise the exact wp_mail() path that was failing before, so seeing them arrive confirms the fix end to end.

If the test email arrives in your inbox, you are done with the SMTP setup. If it lands in the spam folder instead, the connection is working but your domain is not authenticated yet, which is the next thing to fix.

Step 5: Make sure it lands in the inbox, not spam#

Getting WordPress to send mail and getting that mail into the inbox are two different jobs. Once SMTP is connected, mail leaves your site reliably, but inbox providers still decide whether to trust it. That decision is made by three DNS records:

• SPF lists which servers are allowed to send mail for your domain. See what SPF is and how to set up a record.
• DKIM cryptographically signs each message so the recipient can verify it was not tampered with. See what DKIM is and how to set it up.
• DMARC tells inbox providers what to do when a message fails the first two checks, and reports who is sending as your domain. See what DMARC is and how to set it up.

Your sending service provides the exact values for each record during onboarding, and you add them to your domain’s DNS. The full walkthrough, including how to test your score on mail-tester.com and read the authentication headers, is in setting up DMARC, SPF, and DKIM for a WordPress site. Do that step once and your WordPress mail stops landing in spam.

Fixing the most common SMTP errors#

When a test fails, the plugin usually shows the raw error from the mail server. These are the ones that come up most, and what each one means.

“Could not authenticate” or “535 authentication failed.” The host and port connected fine, but the username or password was rejected. Re-copy both from the service, watching for a trailing space. Remember that many services do not use your account login here: the password is usually a generated SMTP key or API key, and the username is sometimes the literal word apikey rather than your email. Also confirm the “Authentication” toggle is on.

“Connection timed out” or “Could not connect to host.” The plugin could not reach the server on that port at all. This is almost always the port: your host is blocking it. Switch from 587 to 465 (and Encryption to SSL), or try 2525 . If every port times out, your host may block all outbound SMTP, in which case use the provider’s API-based mailer option instead of “Other SMTP”, because it connects over HTTPS, which is never blocked.

“SSL/TLS handshake failed” or certificate errors. The encryption setting does not match the port. Port 587 needs TLS, port 465 needs SSL. Setting SSL on 587, or TLS on 465, produces this error. Swap the encryption to match the port.

The test passes, but real WordPress emails still do not arrive. The SMTP connection is fine, so the problem is elsewhere. Check the “From Email” is an address on your own domain and that “Force From Email” is on, because some services reject mail whose From address does not match the authenticated account. If a specific plugin’s mail is missing, that plugin may be sending through its own mailer instead of wp_mail() ; check its settings for an SMTP section of its own.

The test passes and mail arrives, but in spam. Nothing is wrong with SMTP. This is the DNS authentication step from above. Set up SPF, DKIM, and DMARC and re-test.

A note on contact forms#

If you came here because your contact form stopped sending notifications, the form plugin is almost certainly not the problem, and switching form plugins will not help. Contact Form 7, WPForms, Gravity Forms, and the rest all hand their notifications to wp_mail() , which falls back to the failing mail() function. The submission succeeds from the visitor’s side, but the admin notice never sends.

The fix is exactly the SMTP setup on this page. Once wp_mail() is routed through a relay, every form’s notifications start arriving, because they all use the same underlying mail path. The one form setting worth checking is the notification’s From address: set it to an address on your own domain and put the submitter’s address in Reply-To instead, so you can still reply to them without breaking authentication.

Common mistakes#

• Sending as a Gmail or Yahoo From address. Setting “From Email” to you@gmail.com while sending through your own site fails authentication and gets the mail rejected. Always send from an address on your own domain.
• Mismatching the port and encryption. Port 587 with SSL, or 465 with TLS, fails to connect. Keep 587 with TLS and 465 with SSL.
• Using your account password instead of the SMTP key. Most services issue a separate SMTP credential or API key for sending. Your login password usually will not authenticate.
• Skipping the test email. The settings can look correct and still be subtly wrong. Always send a test before assuming it works.
• Stopping at “it sends” and ignoring spam placement. A working SMTP connection gets mail off your server, but without SPF and DKIM it still lands in spam. The job is not finished until a test message reaches the inbox.
• Switching form plugins to fix missing emails. Every form plugin uses wp_mail() and fails the same way without SMTP. Fix the transport, not the form.

Summary#

WordPress sends mail through PHP’s mail() function by default, and on a modern host that mail either never leaves the server or arrives looking untrustworthy. Routing it through SMTP fixes this: install a plugin like WP Mail SMTP, sign up with a sending service such as Brevo, SMTP2GO, or SendGrid, and enter that service’s host, port 587 with TLS, username, and password in the plugin’s “Other SMTP” settings. Send a test email to confirm the connection. If the connection fails, the port is usually the culprit, so switch to 465 with SSL or 2525 . If mail sends but lands in spam, the transport is fine and you need the DNS authentication step in setting up DMARC, SPF, and DKIM for a WordPress site. Do this once per site and WordPress email becomes something that simply works. If you also send broadcast newsletters rather than just transactional mail, the best WordPress newsletter plugins covers which plugin pairs cleanly with which sending service.