How to Secure SMTP Settings by Using Constants

Would you like to prevent SMTP settings from being edited in your WordPress admin area? On most sites, email deliverability is a critical functionality. But when settings are available in the WordPress admin area, any administrator on the site can see and edit those details (and the values are stored to your site’s database, too).

In this tutorial, we’ll show you how to prevent users from changing WP Mail SMTP settings in your WordPress admin area by setting up constants.


Enabling Constants in WordPress

To get started, you’ll need to open your site’s wp-config.php file. If you’re not sure how to locate and edit this file, check out WPBeginner’s guide.

Once this file is open, scroll down. Look for the line that reads /* That's all, stop editing! Happy publishing. */ Be sure to add any new code above this line.

Note: If you feel at all unsure about where to add the necessary code to wp-config.php, then place it at the top of the file. This will help ensure that the code can be used by your site.

Here’s the first line of code you’ll need to add:

define( 'WPMS_ON', true ); // True turns on constants support and usage, false turns it off.

As described in the code comment, this will enable the usage of WP Mail SMTP constants on your site.

Adding Constants for WP Mail SMTP

Once you’ve enabled constants for WP Mail SMTP, the next step is to add the code for any specific constants you want to use.

Below, you’ll find the code needed to create a constant for each SMTP value. Go ahead and copy the lines of code you need into your site’s wp-config.php file. After adding them to your file, be sure to check that all code values match what you need on your site.

General Settings

Every constant in this section can be used regardless of which mailer you use; they’re not specific to any one mailer option.

define( 'WPMS_LICENSE_KEY', '' ); 
define( 'WPMS_MAIL_FROM', '[email protected]' );
define( 'WPMS_MAIL_FROM_FORCE', true ); // True turns it on, false turns it off.
define( 'WPMS_MAIL_FROM_NAME', 'Example Name' );
define( 'WPMS_MAIL_FROM_NAME_FORCE', true ); // True turns it on, false turns it off.
define( 'WPMS_MAILER', 'smtp' ); // Possible values: 'mail', 'gmail', 'mailgun', 'sendgrid', 'smtp'.
define( 'WPMS_SET_RETURN_PATH', true ); // Sets $phpmailer->Sender if true.
define( 'WPMS_DO_NOT_SEND', true ); // Possible values: true, false.

Email Logs

The constants in this section can also be used regardless of which mailer you choose to use.

define ( 'WPMS_LOGS_ENABLED', true ); // True turns it on, false turns it off.
define ( 'WPMS_LOGS_LOG_EMAIL_CONTENT', true ); // True turns it on and stores email content, false turns it off.
define ( 'WPMS_LOGS_LOG_RETENTION_PERIOD', 0 ); // How long email logs should be retained before they are deleted, in seconds. To disable the log retention period and keep logs forever, set to 0.

SMTP.com Mailer

define( 'WPMS_SMTPCOM_API_KEY', '' );
define( 'WPMS_SMTPCOM_CHANNEL', '' );
define( 'WPMS_MAILER', 'smtpcom' );

Sendinblue Mailer

define( 'WPMS_MAILER', 'sendinblue' );
define( 'WPMS_SENDINBLUE_DOMAIN', '' );
define( 'WPMS_SENDINBLUE_API_KEY', '' );

Mailgun Mailer

define( 'WPMS_MAILGUN_API_KEY', '' );
define( 'WPMS_MAILGUN_DOMAIN', '' );
define( 'WPMS_MAILGUN_REGION', 'US' ); // Change to 'EU' for Europe.
define( 'WPMS_MAILER', 'mailgun' );

SendGrid Mailer

define( 'WPMS_SENDGRID_API_KEY', '' );
define( 'WPMS_SENDGRID_DOMAIN', '' );
define( 'WPMS_MAILER', 'sendgrid' );

Amazon SES

define( 'WPMS_MAILER', 'amazonses' );
define( 'WPMS_AMAZONSES_CLIENT_ID', '' );
define( 'WPMS_AMAZONSES_CLIENT_SECRET', '' );
define( 'WPMS_AMAZONSES_REGION', '' ); // Possible values for region: 'us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'eu-west-1', 'eu-west-2', 'eu-west-3', 'eu-central-1', 'eu-north-1', 'ap-south-1', 'ap-northeast-1', 'ap-northeast-2', 'ap-southeast-1', 'ap-southeast-2', 'ca-central-1', 'sa-east-1'.

Google Mailer

define( 'WPMS_GMAIL_CLIENT_ID', '' );
define( 'WPMS_GMAIL_CLIENT_SECRET', '' );
define( 'WPMS_MAILER', 'gmail' );

Outlook Mailer

define( 'WPMS_MAILER', 'outlook' );
define( 'WPMS_OUTLOOK_CLIENT_ID', '' );
define( 'WPMS_OUTLOOK_CLIENT_SECRET', '' );

Zoho Mailer

define( 'WPMS_ZOHO_DOMAIN', '');
define( 'WPMS_ZOHO_CLIENT_ID', '');
define( 'WPMS_ZOHO_CLIENT_SECRET', '');
define( 'WPMS_MAILER', 'zoho' );

Other SMTP Mailer

define( 'WPMS_SMTP_HOST', 'example' ); // The SMTP mail host.
define( 'WPMS_SMTP_PORT', 587 ); // The SMTP server port number.
define( 'WPMS_SSL', '' ); // Possible values '', 'ssl', 'tls' - note TLS is not STARTTLS.
define( 'WPMS_SMTP_AUTH', true ); // True turns it on, false turns it off.
define( 'WPMS_SMTP_USER', 'username' ); // SMTP authentication username, only used if WPMS_SMTP_AUTH is true.
define( 'WPMS_SMTP_PASS', 'password' ); // SMTP authentication password, only used if WPMS_SMTP_AUTH is true.
define( 'WPMS_SMTP_AUTOTLS', true ); // True turns it on, false turns it off.
define( 'WPMS_MAILER', 'smtp' );

Once you’ve copied the code you’d like to use, you’ll need to add the details that are relevant to your specific site configuration.

Note: If you aren’t sure which values are needed for your site, then be sure to check out the tutorial for the specific mailer you’ve chosen. You can find links to all of our mailer tutorials in this guide.

After your code is set up, make sure that you save the file.

Confirming Your Constants

The last step is to make sure your constants are working. To do this, you’ll need to open your WordPress admin area and go to WP Mail SMTP ┬╗ Settings.

If you check the settings here, you should see that any fields using constants are disabled. They’ll appear grayed out and won’t be editable.

WP Mail SMTP settings defined by constants grayed out in the Settings page

That’s it! You can now add your WP Mail SMTP settings to your site’s config file instead of the admin area to make them more secure.

Next, would you like to keep tabs on all the emails sent out from your WordPress site? WP Mail SMTP’s email logging feature┬álets you see all the emails generated by your site, as well as whether they were successfully sent or not.