Get pro WordPress tips or your money back!

Gmail SMTP Settings and New Security Measures Demystified

If you’re not an internet guru, the Gmail SMTP settings can be pretty confusing. What’s more, if you use WordPress, getting your website to deliver email correctly, without WordPress Support, with all of the different hosting environments can be a real trick.

Using your web host for email is not entirely dependable and sometimes can even be impossible depending on a number of factors. Because of that, a lot of WordPress users and developers choose to use a method other than PHP mail to send email, which is what WordPress uses by default.

Wait, so what exactly is SMTP anyway?

For the uninitiated, SMTP stands for Simple Mail Transfer Protocol. It’s the standardized method for sending email everywhere, and is certainly the most popular delivery method across all major email providers.

While SMTP is an essential part of delivering email reliably from your website, you can also use these settings in any standard email client if you’re trying to set up Gmail to work on your desktop or cell phone.

Here Are the Default Gmail SMTP Settings

  • Gmail SMTP server address: smtp.gmail.com
  • Gmail SMTP username: Your full Gmail address (e.g. [email protected])
  • Gmail SMTP password: Your Gmail password
  • Gmail SMTP port (TLS): 587
  • Gmail SMTP port (SSL): 465
  • Gmail SMTP TLS/SSL required: yes
Google SMTP Server Settings

In this article, I won’t get into too many details about the various SMTP options available, but there are some popular services using the SMTP protocol besides Gmail. Some great examples are hosted email services like Mandrill, Sendgrid, or even something like Amazon Web Services SES. There are a whole bunch of other similar services that I could list here, but that’s not the purpose of this post. Our official recommendation is to use SendGrid for email delivery and avoid using Gmail SMTP as your outgoing email server (you’ll see why below), but for those who want to be adventurous, this post is for you.

In this post I want to show you how to setup and configure the WP Mail SMTP WordPress plugin, your Gmail SMTP settings, and how to navigate some pretty confusing security restrictions in order to get an email from point A to point B. We spent several hours diagnosing and troubleshooting this email delivery issue for a client and figured we’d save you the heartache by publishing a walk-through.

The reason we chose SMTP for this particular customer is because Gmail already has SMTP support built in, and the customer wanted a quick solution that wasn’t going to require any kind of recurring costs. Considering there are only a few users on the site, using Gmail to send their outgoing mail and form notifications was a reasonable solution. For sites with higher volume of emails, or critical delivery, or where you want more flexibility, some of the other options I listed above are much better suited.

Install the WP Mail SMTP plugin

The first thing you’re going to want to do to setup the WP Mail SMTP plugin is to install it on your site. Easy enough right?


Note: If you choose not to use WP Mail SMTP, that’s fine. But do note we found several SMTP plugins that were storing unmasked passwords in plain text, which can be a huge issue for your email security. If you’re going to use SMTP to deliver email, WP Mail SMTP is our recommended method.

Connecting Your Gmail Account

The next step is also pretty straight forward. You’re going to need your gmail username and password, and a few SMTP server settings which we’ll provide below.

Navigate to Settings –> WP Mail SMTP in your WordPress dashboard.

From the settings screen you’ll choose the following options:

  • Your FROM email – this is the email address you want to show as the sender when WordPress sends emails.
  • Your FROM name – This is commonly either the individual’s name for a personal website, or a business’ name for a business website.
  • Your Mail Service – We’ll be using Google in this tutorial

The other options will change depending on the service you choose. The plugin has links to handy documentation to show you exactly what needs to be done in order to configure your specific service.

Once you’ve completed the setup required by their documentation, Save Changes and you’re ready to send email using SMTP! But we wouldn’t be very helpful if we just wrote a tutorial about how to follow a tutorial, would we?

Setting Up WordPress Email Delivery with Google SMTP

While the instructions in the WP Mail SMTP documentation are relatively straightforward, we can do better. In the video below we walk you through the setup and configuration of the app required by google to route email through their SMTP servers.

It’s not the most straightforward process in the world, but it only takes about five minutes to get started, and then you can route all of your mail through Google’s SMTP servers at no additional monthly cost.


Conclusion

Configuring your Gmail SMTP settings to send mail from WordPress isn’t quite as easy as it used to be. There are better and more simple alternatives available, but when you need a PHP mail alternative, and you don’t want to pay any recurring fees, Google provides a nice service and WP Mail SMTP makes it relatively straightforward to get up and running.

Are you using built-in PHP email for WordPress? Or some other method? Have you run into any other strange quirks setting up alternate email routing? Hit us up in the comments and we’ll get into some lively discussion!

Enjoy this post? Never miss another one.

55 Comments

  1. sachin parmar

    Plx help me out of this Error ….

    A PHP Error was encountered
    Severity: Warning
    Message: fsockopen(): unable to connect to smtp.gmail.com:25 (An attempt was made to access a socket in a way forbidden by its access permissions. )
    Filename: libraries/Email.php
    Line Number: 2069
    Backtrace:
    File: C:\xampp\htdocs\session\application\controllers\Welcome.php
    Line: 119
    Function: send
    File: C:\xampp\htdocs\session\index.php
    Line: 315
    Function: require_once

  2. Joe B

    Please check out the new “app passwords” setting in google account settings under “signing into google”. if 2 factor authentication is enabled, you can create application specific password that can be pasted into this particular email-smtp setup )

  3. charlie

    i was wondering, if any one use the plugin “all in one wp migration” ?
    Will my previous configure gmail setting in wp be transfer successful.

    1. Ryan Sullivan

      Hey Charlie, I’m not sure about that specific plugin but typically speaking migration plugins should keep all your plugin settings intact. They’re just moving the database values to a new location so you shouldn’t need to reconfigure anything post-migration. Hope that helps!

  4. Rasmita

    Thanks for this awesome tutorial, you are a genious. You really saved my day, now my smtp working fine with this recommended settings.

  5. David

    But My issue is, when some one sending mail, I got it, But can not reply. It shows Message blocked โ€“ Message rejected. What is the solution ?

  6. Golam Qauser

    This is also helpful. But My issue is, when some one sending mail, I got it, But can not reply. It shows Message blocked – Message rejected. What is the solution ?

  7. Clemence Lim

    Hi,
    I bought a Canon copier machine last week. I try to use my wife’s gmail to configure send to email but invalid. Machine indicates “authentication error”. However, I use my gmail account to send the mail from the copier machine it works. Just wonder what could be the problem.

    Regard
    Clemence

    1. GT

      You have to update the pop and imap settings in the gmail account. Go to settings, then forwarding pop/imap, then enable imap so smtp works.

  8. C S Hare

    i had to do a factory reset on my phone and now i cannot add vital (critical!) business-related email accounts!

    google!!! STOP IT!!!!! there is a fine line between “security” and “bloody f-g nuisance”!!!

  9. Alex

    Thank you for this solution smtp just stopped working for us (28/11/16). allowing less secure apps at least gets it sending – if not ideal from a security perspective.

    Thanks for the info.

  10. Leila

    Does this plugin work with business gmail accounts – ones that use the domain instead of @gmail.com? I am at my wit’s end – no WordPress emails are going through on the site, I have tried the Gmail SMTP plugin but it doesn’t work with business gmail apparently… I don’t know what to do!

    1. Manuel Montoya

      Did you found a way to send emails with business gmail?

  11. Mike

    We’re using Easy WP SMTP successfully for emailled tickets for events from our WooCommerce site. We were hoping emails sent from the site using Easy WP SMTP would save to the ‘Sent’ folder but that doesn’t seem to be the case. Anyone know if it’s possible to access these emails.

    (Our ticketing plugin sends a email ticket with QR code, but sometimes customers can’t find them even if we resend the ticket through the system โ€“ we need a way of being able to easily access their ticket so that we can print and send snail mail if necessary.)

    Thanks peoples.

    1. Mike

      I’m having the opposite problem as you. I’d like for emails sent from the site to NOT appear in the gmail sent folder/label. I’m using this plugin: https://wordpress.org/plugins/gmail-smtp/ Perhaps I should switch to the one you’re using and you should switch to the one I’m using lol…

  12. Jeff Nye

    Proofreading: “The reason we chose SMTP for this particular customer is because gmail already has SMTP support built in” – I’m pretty sure you meant to say “the reason we chose Gmail…”

    I found the Postman plugin as a fix for two different issues. I had one Gravity forms form that was timing out, another a WooCommerce cart issue that was timing out. I had no idea that both were timing out because they were both failing to send email fast enough (both had to send out email to the customer, and the site admin). Once I used Postman to force WordPress to use SMTP instead of the stock method (PHP) no more hangups occurred.

    Funny that WooCommerce support pretty much agreed to disagree that I solved the issue this way.

  13. Ryan Sullivan

    It was weird seeing my name used in your examples! ๐Ÿ™‚

  14. Vin 'Karate' Lee

    Nice article. Here’s how I came across your solution…

    The contact form on my client website failed to send (orange box in “Contact Form 7” marked as “SPAM”. It was working previously on the Email which used the same domain as their website. But the client wanted me to change its setting to their other GMail and not “[email protected]” as they managed to “get it working on the phone’s EMail app”.

    After the change, Test Mails all got shot down. Found and read some articles about “wp-mail-smtp” but then saw an e-mail in my client’s GMail (lucky I had access to it, otherwise I wouldn’t have seen it).
    This GMail was set up for Contact Form, Google Drive, Calendar, amongst other things. The client never had a Gmail before this… Welcome to the World of Tomorrow!

    Here’s what the email said:
    =========
    Blocked sign-in attempt for security reasons
    Hi [Gmail user name here],
    Google just blocked someone from signing into your Google Account [clientGMail]@gmail.com from an app that may put your account at risk.
    Less secure app
    Sunday, July 10, 2016 1:06 AM (GMT)
    Don’t recognize this activity?
    If you didn’t recently receive an error while trying to access a Google service, like Gmail, from a non-Google application, someone may have your password.

    SECURE YOUR ACCOUNT

    Are you the one who tried signing in?
    Google will continue to block sign-in attempts from the app you’re using. To continue using this app, you can allow access to less secure apps, but your account may be more vulnerable.

    ALLOW ACCESS

    Best,
    The Google Accounts team

    ======
    Short term answer I’ll allow this “Less secure Apps” option for now until I see some positive feedback on plug-ins/practices based on the new GMail security protocol. (Postman sounds promising, but it’s now 2:20am).

  15. MitchFox5

    Thankyou very much, this was absolutely doing my head in. My NVR cameras were set to send email (GMAIL) alerts with a snapshot, and then it stopped working. I never got round to solving the issue, until I came upon this Gem. Thanks again.

  16. Korey Kashmer

    Great update on this blog post. Over the last month (April / May of 2016) i’ve been working on updating a few applications that run local on one of my internal network computers. I’ve used Google’s SMTP off a basic gmail account for years with this application. When I made the changes all the sudden Google’s SMTP wouldn’t work. I spent a few hours messing with it and ended up setting up a new user with HostGator just for sending. I kept researching and started to uncover recent changes that Google made to exactly what your mentioning here, Less Secure settings. I just went today and reverted everything back to Google’s smtp servers and updated all settings per your changes. Worked like a charm! Google never tells anyone when a change is made. I couldn’t find any updated articles on this a month ago when they probably made this change.

      1. Chad Salinas

        Hey Ryan! Followed the config exactly. Wondering if having a shared hosting plan on BlueHost, i.e. no dedicated IP addr may contribute to not working… getting a 405 Not Allowed on sending simple test e-mail.

  17. Chris

    I discovered today that my email from my domain was bouncing back to customers replying to my emails. I use gmail to send and receive emails from my domain account hosted by godaddy. After talking to godaddy they mentioned that my logo image in my signature was throwing a flag and marking it as spam, or gmail was, I have no idea. The whole thing was/is confusing. After removing the image and a link it seems to be working now. I have noticed with my formmaker plugin that all the forms sent to my email are sent to spam. Any ideas on how to get gmail to stop flagging the contact forms?

  18. Shariatimehr

    The only way gmail setup worked for me was throw this plugin . SMTP Gmail . the setup is a little bit long but it has good documentation . you must first create an API Client id with google developers console and then grant access in the plugin

  19. Ardwych

    I seem to be alone here, using Outlook 2010. I used to be able to use Gmail’s SMTP outgoing server from certain Gmail accounts set up in Outlook, but I no longer can.
    I found the ‘Less secure apps’ setting just before reading it here, and I succeeded having Outlook log in and check my Gmail IMAP account, but it failed in sending any test message.
    I don’t know whether Olk 2010 is getting too long in the tooth or not, but I see very few helping sites refer to all the settings in the program. For an IMAP account it has, variously filled in:
    Your Name
    E-mail Address
    Account Type [IMAP]
    Incoming mail server: imap.gmail.com
    Outgoing mail server: smtp.gmail.com
    User Name: (e-address)
    Password
    MORE SETTINGS …
    ‘Outgoing Server’
    [] My outgoing server (SMTP) requires authentication
    O Use same settings as my incoming server
    or
    O Log on using … User Name (e-address) Password
    [] Remember password
    [] Require Secure Password Authentication (SPA)
    ‘Advanced’
    Incoming server (IMAP): 993
    Use the following type of encrypted connection: SSL
    Outgoing server (SMTP): 465
    Use the following type of encrypted connection: TLS
    Server Timeouts: 1 min

    SMTP sending just won’t work. Can anyone see faulty/missing settings?
    Thx.

  20. Salil

    This was a lifesaver. Had to enable the Less Secure Apps option but will do for the time being. Thanks so much

  21. no longer frustrated

    thank you.
    this was helpful. i could FINALLY get gmail to download to mail!

  22. rahul bawa

    Thanks for writing such a nice blog.
    Can you can tell me if google SMTP servers send back a response on receiving a request to send an email ?

    Awaiting your response.
    Thanks

  23. Will

    I am surprised that Jason Hendriks’ modest mention of his newly designed plugin went largely unnoticed. Simply put, his plugin, Postman SMTP is the BEST installation to address the needs mentioned on this webpage. STOP reading and searching for other fixes here and there, and simply CHECK IT OUT!
    https://wordpress.org/plugins/postman-smtp/
    While other SMTP plugins may require users to turn, “Allow less secure apps: ON” in Google Security Settings (which can be frightening to many users), Postman SMTP allows the user to keep ALL of their favorite security measures in place, not sacrificing anything in order to create the link. I’ve looked at other alternatives, but they’re all old school and old hat. If you want to get with the future Postman SMTP really is the way to go. And no, I don’t know Jason, don’t work for him, and aren’t getting a commission for saying this. I just don’t want anymore people to waste their time like I’ve done. I’m telling you, check out Postman SMTP – it’s quite simply the best plugin currently available in its class. : )

  24. Rose

    Peter Cralen wrote: “really important thing is to set up email sending correctly on site and Sender has to be admin or domain email (verified with spf DNS records) and user who use form has to be โ€Reply toโ€ in header. Without this does not matter what provider you will use, any email can finish in spam, bc. anybody can send email from Obamaโ€™s personal email ๐Ÿ™‚
    I used WP Mail SMTP plugin for smtp, did not tested others, but now I see it store password as text,”

    I need to use gmail for this particular form that I created with Gravity form, and I don’t relish the thought of changing the security settings. So I kept reading through the comments and I have to agree with his solution…I made the “Sender” an admin and the “Reply to” the person submitting the form and the emails went through and did not go to SPAM. The emails going into spam is what prompted this whole exercise in the first place. When I used the plugins WP-Mail-SMTP (I didn’t like the pswd stored as text) and Easy WP SMTP I kept getting SMTP: ERROR: Failed to connect to server: Connection refused (111) Had countless discussions with GoDaddy to see if it was on their side but to no avail. Found lots of discussion and solutions on web but the only one that worked and without a plugin was the solution provided here by Peter Cralen here.

    If anyone knows why I shouldn’t do it this way please let me know. Thanks!

    1. MSR

      Awesome Jeff!
      Your comment helped me a lot. I had followed all other instructions but still couldn’t figure out why I kept getting the same error for Authentication Failed.
      DisplayUnlockCaptcha was the missing piece.

    2. Gecko

      You’re way tops, Jeff!! This solved my issue, too! I could not send emails from my iPhone after having it inactive since February this year (2016) and reactivating it in the last week. Ta heaps!! ???

  25. Michele

    I am not able to get this plugin to work for me. I keep getting an SMTP connect() Failed message. The site is hosted by GoDaddy. Does that have anything to do with the problem? Any work arounds?

    1. Ryan Sullivan

      Hey Michele,

      I’d check to make sure your mailbox settings are all correct. It shouldn’t matter that the site is hosted at GoDaddy. As long as you have the correct mailbox host, port number, and username and password, you should be able to connect without any problems.

  26. Jason Hendriks

    You wrote: you have to enable โ€œLess Secure Appsโ€

    .. leaving aside a discussion on how bright an idea intentionally disabling security is, Google doesn’t even make this option available for users who use Google Apps legacy or Google Apps for Work.

    I very recently wrote a WordPress plugin to implement the ‘security protocols that Google deems mandatory’.. i.e. OAuth 2.0. It’s called Postman and you can find it here: https://wordpress.org/plugins/postman-smtp/

    As for storing plaintext passwords, well these plugins don’t have much choice. The passwords must be submitted via SMTPS in plaintext. Postman, however, sends your Gmail _without_ requiring your password in the first place.

    And unless you really, really, trust the software you’ve installed, should you be typing in your Google password to random plugins in the first place??

    A post on my blog I wrote about WordPress, SMTP and the new security measures of Web 2.0: http://programmer.jasonhendriks.com/how-to-send-gmail-from-wordpress-in-2015/

    1. WP Site Care

      This plugin looks sweet, Jason. We definitely prefer a solution like that one but it wasn’t available when we first published this, so we had to roll with what we knew. Gonna test this out and see how things go.

    2. Peter Cralen

      I don’t prefer to use Gmail for transactional email, I think there are much better solution even for free (I like Mandrill).
      Anyway I checked your plugin and it looks really cool, for smtp Gmail one which handle this issue right way. Good job
      Also I did not know, that password via smtp has to be send in plain text, that explain why all plugins handle it this way.
      Thanks.

  27. Peter Cralen

    Just notice, that Easy WP SMTP plugin store password in plain text too.

  28. Peter Cralen

    … really important thing is to set up email sending correctly on site and Sender has to be admin or domain email (verified with spf DNS records) and user who use form has to be ”Reply to” in header. Without this does not matter what provider you will use, any email can finish in spam, bc. anybody can send email from Obama’s personal email ๐Ÿ™‚
    I used WP Mail SMTP plugin for smtp, did not tested others, but now I see it store password as text, so already uninstalled that crap ๐Ÿ™‚

  29. Devin Walker

    I always recommend Mandrill over Amazon SES. After setting both up, Mandrill is 10x easier (no joke). Thanks for the Pingback Ryan.

  30. Gabor Javorszky

    Gmail was never built for transactional email. Yes, you can technically use it, because it does provide SMTP capabilities, but people should use something that’s properly built to handle them. Like Mandrill / Sendgrid / Mailgun / Amazon SES. 3 of these have free tiers too.

    1. WP Site Care

      Yep, that’s a great point Gabor. We definitely recommend using the other transaction email products. This is just for the rare case people choose to use gmail anyway.

Leave a Reply

You have to agree to the comment policy.