Get pro tips and hot takes or your money back 💸

Gmail SMTP Settings and New Security Measures Demystified

If you’re not an internet guru, the Gmail SMTP settings can be pretty confusing. What’s more, if you use WordPress, getting your website to deliver email correctly with all of the different hosting environments can be a real trick. Using your web host for email is not entirely dependable and sometimes can even be impossible depending on a number of factors. Because of that, a lot of WordPress users and developers choose to use a method other than php mail to send email, which is what WordPress uses by default.

Before I dig into how to configure WordPress to work with Gmail’s SMTP server, you’ll need to know some basic information to get your gmail configuration up and running. You can also use these settings in any standard email client if you’re trying to set up Gmail to work on your desktop or cell phone.

Here Are the Default Gmail SMTP Settings

  • Gmail SMTP server address: smtp.gmail.com
  • Gmail SMTP username: Your full Gmail address (e.g. yourusername@gmail.com)
  • Gmail SMTP password: Your Gmail password
  • Gmail SMTP port (TLS): 587
  • Gmail SMTP port (SSL): 465
  • Gmail SMTP TLS/SSL required: yes

In this article, I won’t get into too many details about the various SMTP options available, but there are some popular services using the SMTP protocol besides Gmail. Some great examples are hosted email services like Mandrill, Sendgrid, or even something like Amazon Web Services SES. There are a whole bunch of other similar services that I could list here, but that’s not the purpose of this post.

This post is about properly setting up the Easy WP SMTP plugin, your gmail SMTP settings, and navigating some pretty confusing security restrictions just to get an email from point A to point B. We spent several hours diagnosing and troubleshooting this email delivery issue for a customer, and figured we’d save you the heartache by publishing a quick walk-through.

The reason we chose SMTP for this particular customer is because gmail already has SMTP support built in, and the customer wanted a quick solution that wasn’t going to require any kind of recurring costs. Considering there are only a few users on the site, using gmail to send their outgoing mail and form notifications was a good fit. For sites with higher volume of email, or critical delivery, or where you want more flexibility, some of the other options I listed above are probably better suited for that.

Install the Easy WP SMTP plugin

The first thing you’re going to want to do to setup the Easy WP SMTP plugin is to install it on your site. Easy enough right?

Note: we did see some other SMTP plugins out there, and Easy WP SMTP seemed to be the most solid. There were some that were even storing unmasked passwords in plain text, which can be a huge issue for your email security. If you’re going to use SMTP to deliver email, this plugin is a good way to go.

Connecting Your Gmail Account

The next step is also pretty straight forward. You’re going to need your gmail username and password, and a few SMTP server settings which we’ll provide below.

Navigate to Settings –> Easy WP SMTP in your WordPress dashboard.

Gmail SMTP Settings

Configure the plugin exactly the way you see it in the screenshot above. Keep in mind that this is only controlling mail being sent out from WordPress, so your from email address and from name should be what you want email recipients to see (most likely this is going to match whatever you use for your gmail account). Your SMTP username is going to be your full gmail address, and your SMTP password is going to be your gmail password.

Save Changes and you’re ready to send email using SMTP! Well, at least that was the case until recently when Google made some security changes to gmail which prevent remote logins unless you explicitly provide permission.

Gmail Wants to make Your Life Difficult (And Your Email More Secure).

louis-ck-frustratedWhen we set this up for our customer we only anticipated it taking a few minutes. That’s how it’s always been in the past. But after attempting multiple emails to our customer, none of them were getting through and we couldn’t figure out why.

Since we couldn’t get the emails to send, we tried the exact same setup on another server with an entirely different WordPress install, and my personal gmail account. The emails still weren’t getting through.

I opened my email and the first thing I saw was a notification from Google saying that they had blocked a sign-in to my gmail account. They knew that I was somewhere else in the world, so whoever or whatever was trying to access my account from Virginia wasn’t authorized.

But Google! I really want to authorize this server to access my email!

Email notification from Google about the blocked sign-in attempt.
Email notification from Google about the blocked sign-in attempt.

It turns out that in order for Google to authorize a third party server to access your account via SMTP now, you have to enable “Less Secure Apps” on your gmail account. You can read a full explanation of what risks that subjects you to, and get a full explanation here, but essentially, any apps that aren’t using security protocols that Google deems mandatory, will be blocked unless you enable the ability for less secure apps to access your gmail account.

Now while I won’t recommend you allow less secure apps to access your gmail account, it’s currently the only way I know of to allow WordPress to use your gmail account to send outgoing mail. If you do choose to enable less secure app access, you can do that on this page in your gmail account. There’s a screenshot below of where you’ll find the setting. Please don’t enable this access unless you fully understand what’s going on, and what the possible ramifications are.

gmail-less-secure-apps

Conclusion

It turns out that sending mail from WordPress through gmail with SMTP isn’t quite is easy as it used to be, and there are definitely better alternatives out there, but when you need a php mail alternative, and gmail seems to be the best fit, this is the best way to get that done without suffering through too much head banging on your desk.

Do you tend to use the default mail mechanism in WordPress? Or some other method? Have you run into any other strange quirks setting up alternate email routing? Hit us up in the comments and we’ll all commiserate together 🙂

Join thousands of others and get weekly articles on improving your website

42 Comments

  1. C S Hare

    i had to do a factory reset on my phone and now i cannot add vital (critical!) business-related email accounts!

    google!!! STOP IT!!!!! there is a fine line between “security” and “bloody f-g nuisance”!!!

  2. Alex

    Thank you for this solution smtp just stopped working for us (28/11/16). allowing less secure apps at least gets it sending – if not ideal from a security perspective.

    Thanks for the info.

  3. Leila

    Does this plugin work with business gmail accounts – ones that use the domain instead of @gmail.com? I am at my wit’s end – no WordPress emails are going through on the site, I have tried the Gmail SMTP plugin but it doesn’t work with business gmail apparently… I don’t know what to do!

  4. Mike

    We’re using Easy WP SMTP successfully for emailled tickets for events from our WooCommerce site. We were hoping emails sent from the site using Easy WP SMTP would save to the ‘Sent’ folder but that doesn’t seem to be the case. Anyone know if it’s possible to access these emails.

    (Our ticketing plugin sends a email ticket with QR code, but sometimes customers can’t find them even if we resend the ticket through the system – we need a way of being able to easily access their ticket so that we can print and send snail mail if necessary.)

    Thanks peoples.

    1. Mike

      I’m having the opposite problem as you. I’d like for emails sent from the site to NOT appear in the gmail sent folder/label. I’m using this plugin: https://wordpress.org/plugins/gmail-smtp/ Perhaps I should switch to the one you’re using and you should switch to the one I’m using lol…

  5. Jeff Nye

    Proofreading: “The reason we chose SMTP for this particular customer is because gmail already has SMTP support built in” – I’m pretty sure you meant to say “the reason we chose Gmail…”

    I found the Postman plugin as a fix for two different issues. I had one Gravity forms form that was timing out, another a WooCommerce cart issue that was timing out. I had no idea that both were timing out because they were both failing to send email fast enough (both had to send out email to the customer, and the site admin). Once I used Postman to force WordPress to use SMTP instead of the stock method (PHP) no more hangups occurred.

    Funny that WooCommerce support pretty much agreed to disagree that I solved the issue this way.

  6. Vin 'Karate' Lee

    Nice article. Here’s how I came across your solution…

    The contact form on my client website failed to send (orange box in “Contact Form 7” marked as “SPAM”. It was working previously on the Email which used the same domain as their website. But the client wanted me to change its setting to their other GMail and not “example@ClientSite.com” as they managed to “get it working on the phone’s EMail app”.

    After the change, Test Mails all got shot down. Found and read some articles about “wp-mail-smtp” but then saw an e-mail in my client’s GMail (lucky I had access to it, otherwise I wouldn’t have seen it).
    This GMail was set up for Contact Form, Google Drive, Calendar, amongst other things. The client never had a Gmail before this… Welcome to the World of Tomorrow!

    Here’s what the email said:
    =========
    Blocked sign-in attempt for security reasons
    Hi [Gmail user name here],
    Google just blocked someone from signing into your Google Account [clientGMail]@gmail.com from an app that may put your account at risk.
    Less secure app
    Sunday, July 10, 2016 1:06 AM (GMT)
    Don’t recognize this activity?
    If you didn’t recently receive an error while trying to access a Google service, like Gmail, from a non-Google application, someone may have your password.

    SECURE YOUR ACCOUNT

    Are you the one who tried signing in?
    Google will continue to block sign-in attempts from the app you’re using. To continue using this app, you can allow access to less secure apps, but your account may be more vulnerable.

    ALLOW ACCESS

    Best,
    The Google Accounts team

    ======
    Short term answer I’ll allow this “Less secure Apps” option for now until I see some positive feedback on plug-ins/practices based on the new GMail security protocol. (Postman sounds promising, but it’s now 2:20am).

  7. MitchFox5

    Thankyou very much, this was absolutely doing my head in. My NVR cameras were set to send email (GMAIL) alerts with a snapshot, and then it stopped working. I never got round to solving the issue, until I came upon this Gem. Thanks again.

  8. Korey Kashmer

    Great update on this blog post. Over the last month (April / May of 2016) i’ve been working on updating a few applications that run local on one of my internal network computers. I’ve used Google’s SMTP off a basic gmail account for years with this application. When I made the changes all the sudden Google’s SMTP wouldn’t work. I spent a few hours messing with it and ended up setting up a new user with HostGator just for sending. I kept researching and started to uncover recent changes that Google made to exactly what your mentioning here, Less Secure settings. I just went today and reverted everything back to Google’s smtp servers and updated all settings per your changes. Worked like a charm! Google never tells anyone when a change is made. I couldn’t find any updated articles on this a month ago when they probably made this change.

      1. Chad Salinas

        Hey Ryan! Followed the config exactly. Wondering if having a shared hosting plan on BlueHost, i.e. no dedicated IP addr may contribute to not working… getting a 405 Not Allowed on sending simple test e-mail.

  9. Chris

    I discovered today that my email from my domain was bouncing back to customers replying to my emails. I use gmail to send and receive emails from my domain account hosted by godaddy. After talking to godaddy they mentioned that my logo image in my signature was throwing a flag and marking it as spam, or gmail was, I have no idea. The whole thing was/is confusing. After removing the image and a link it seems to be working now. I have noticed with my formmaker plugin that all the forms sent to my email are sent to spam. Any ideas on how to get gmail to stop flagging the contact forms?

  10. Shariatimehr

    The only way gmail setup worked for me was throw this plugin . SMTP Gmail . the setup is a little bit long but it has good documentation . you must first create an API Client id with google developers console and then grant access in the plugin

  11. Ardwych

    I seem to be alone here, using Outlook 2010. I used to be able to use Gmail’s SMTP outgoing server from certain Gmail accounts set up in Outlook, but I no longer can.
    I found the ‘Less secure apps’ setting just before reading it here, and I succeeded having Outlook log in and check my Gmail IMAP account, but it failed in sending any test message.
    I don’t know whether Olk 2010 is getting too long in the tooth or not, but I see very few helping sites refer to all the settings in the program. For an IMAP account it has, variously filled in:
    Your Name
    E-mail Address
    Account Type [IMAP]
    Incoming mail server: imap.gmail.com
    Outgoing mail server: smtp.gmail.com
    User Name: (e-address)
    Password
    MORE SETTINGS …
    ‘Outgoing Server’
    [] My outgoing server (SMTP) requires authentication
    O Use same settings as my incoming server
    or
    O Log on using … User Name (e-address) Password
    [] Remember password
    [] Require Secure Password Authentication (SPA)
    ‘Advanced’
    Incoming server (IMAP): 993
    Use the following type of encrypted connection: SSL
    Outgoing server (SMTP): 465
    Use the following type of encrypted connection: TLS
    Server Timeouts: 1 min

    SMTP sending just won’t work. Can anyone see faulty/missing settings?
    Thx.

  12. Salil

    This was a lifesaver. Had to enable the Less Secure Apps option but will do for the time being. Thanks so much

  13. no longer frustrated

    thank you.
    this was helpful. i could FINALLY get gmail to download to mail!

  14. rahul bawa

    Thanks for writing such a nice blog.
    Can you can tell me if google SMTP servers send back a response on receiving a request to send an email ?

    Awaiting your response.
    Thanks

  15. Will

    I am surprised that Jason Hendriks’ modest mention of his newly designed plugin went largely unnoticed. Simply put, his plugin, Postman SMTP is the BEST installation to address the needs mentioned on this webpage. STOP reading and searching for other fixes here and there, and simply CHECK IT OUT!
    https://wordpress.org/plugins/postman-smtp/
    While other SMTP plugins may require users to turn, “Allow less secure apps: ON” in Google Security Settings (which can be frightening to many users), Postman SMTP allows the user to keep ALL of their favorite security measures in place, not sacrificing anything in order to create the link. I’ve looked at other alternatives, but they’re all old school and old hat. If you want to get with the future Postman SMTP really is the way to go. And no, I don’t know Jason, don’t work for him, and aren’t getting a commission for saying this. I just don’t want anymore people to waste their time like I’ve done. I’m telling you, check out Postman SMTP – it’s quite simply the best plugin currently available in its class. : )

  16. Rose

    Peter Cralen wrote: “really important thing is to set up email sending correctly on site and Sender has to be admin or domain email (verified with spf DNS records) and user who use form has to be ”Reply to” in header. Without this does not matter what provider you will use, any email can finish in spam, bc. anybody can send email from Obama’s personal email 🙂
    I used WP Mail SMTP plugin for smtp, did not tested others, but now I see it store password as text,”

    I need to use gmail for this particular form that I created with Gravity form, and I don’t relish the thought of changing the security settings. So I kept reading through the comments and I have to agree with his solution…I made the “Sender” an admin and the “Reply to” the person submitting the form and the emails went through and did not go to SPAM. The emails going into spam is what prompted this whole exercise in the first place. When I used the plugins WP-Mail-SMTP (I didn’t like the pswd stored as text) and Easy WP SMTP I kept getting SMTP: ERROR: Failed to connect to server: Connection refused (111) Had countless discussions with GoDaddy to see if it was on their side but to no avail. Found lots of discussion and solutions on web but the only one that worked and without a plugin was the solution provided here by Peter Cralen here.

    If anyone knows why I shouldn’t do it this way please let me know. Thanks!

    1. MSR

      Awesome Jeff!
      Your comment helped me a lot. I had followed all other instructions but still couldn’t figure out why I kept getting the same error for Authentication Failed.
      DisplayUnlockCaptcha was the missing piece.

    2. Gecko

      You’re way tops, Jeff!! This solved my issue, too! I could not send emails from my iPhone after having it inactive since February this year (2016) and reactivating it in the last week. Ta heaps!! 😄😄😄

  17. Michele

    I am not able to get this plugin to work for me. I keep getting an SMTP connect() Failed message. The site is hosted by GoDaddy. Does that have anything to do with the problem? Any work arounds?

    1. Ryan Sullivan

      Hey Michele,

      I’d check to make sure your mailbox settings are all correct. It shouldn’t matter that the site is hosted at GoDaddy. As long as you have the correct mailbox host, port number, and username and password, you should be able to connect without any problems.

  18. Jason Hendriks

    You wrote: you have to enable “Less Secure Apps”

    .. leaving aside a discussion on how bright an idea intentionally disabling security is, Google doesn’t even make this option available for users who use Google Apps legacy or Google Apps for Work.

    I very recently wrote a WordPress plugin to implement the ‘security protocols that Google deems mandatory’.. i.e. OAuth 2.0. It’s called Postman and you can find it here: https://wordpress.org/plugins/postman-smtp/

    As for storing plaintext passwords, well these plugins don’t have much choice. The passwords must be submitted via SMTPS in plaintext. Postman, however, sends your Gmail _without_ requiring your password in the first place.

    And unless you really, really, trust the software you’ve installed, should you be typing in your Google password to random plugins in the first place??

    A post on my blog I wrote about WordPress, SMTP and the new security measures of Web 2.0: http://programmer.jasonhendriks.com/how-to-send-gmail-from-wordpress-in-2015/

    1. WP Site Care

      This plugin looks sweet, Jason. We definitely prefer a solution like that one but it wasn’t available when we first published this, so we had to roll with what we knew. Gonna test this out and see how things go.

    2. Peter Cralen

      I don’t prefer to use Gmail for transactional email, I think there are much better solution even for free (I like Mandrill).
      Anyway I checked your plugin and it looks really cool, for smtp Gmail one which handle this issue right way. Good job
      Also I did not know, that password via smtp has to be send in plain text, that explain why all plugins handle it this way.
      Thanks.

  19. Peter Cralen

    Just notice, that Easy WP SMTP plugin store password in plain text too.

  20. Peter Cralen

    … really important thing is to set up email sending correctly on site and Sender has to be admin or domain email (verified with spf DNS records) and user who use form has to be ”Reply to” in header. Without this does not matter what provider you will use, any email can finish in spam, bc. anybody can send email from Obama’s personal email 🙂
    I used WP Mail SMTP plugin for smtp, did not tested others, but now I see it store password as text, so already uninstalled that crap 🙂

  21. Devin Walker

    I always recommend Mandrill over Amazon SES. After setting both up, Mandrill is 10x easier (no joke). Thanks for the Pingback Ryan.

  22. Gabor Javorszky

    Gmail was never built for transactional email. Yes, you can technically use it, because it does provide SMTP capabilities, but people should use something that’s properly built to handle them. Like Mandrill / Sendgrid / Mailgun / Amazon SES. 3 of these have free tiers too.

    1. WP Site Care

      Yep, that’s a great point Gabor. We definitely recommend using the other transaction email products. This is just for the rare case people choose to use gmail anyway.

Leave a Reply

Your email address will not be published. Required fields are marked *