How to Secure SMTP Settings by Using Constants

Would you like to avoid adding SMTP settings directly to your WordPress admin area? On most sites, email deliverability is critical functionality. But when settings are added to the WordPress admin area, any administrator on the site can see and edit those details (and the values get stored to the site’s database, as well).

In this tutorial, we’ll show you how to avoid adding SMTP settings to your WordPress admin area by setting up constants.


To get started, you’ll need to open your site’s wp-config.php file. If you’re not sure how to locate and edit this file, be sure to check out WPBeginner’s guide.

Once this file is open, scroll to the bottom. If there’s a closing PHP tag (?>) at the end of the file, be sure to add any new code above that.

Here’s the first line of code you’ll need to add:

define( 'WPMS_ON', true ); // True turns on the whole constants support and usage, false turns it off.

As described in the code comment, this will enable the usage of constants on your site.

Below, you’ll find the additional code needed to create a constant for each SMTP value. Go ahead and copy the lines of code you need into your site’s wp-config.php file.

General Settings

Everything in this section can be used regardless of mailer (not specific to any one mailer option).

define( 'WPMS_LICENSE_KEY', '' ); 
define( 'WPMS_MAIL_FROM', 'mail@example.com' );
define( 'WPMS_MAIL_FROM_FORCE', true ); // True turns it on, false turns it off.
define( 'WPMS_MAIL_FROM_NAME', 'Example Name' );
define( 'WPMS_MAIL_FROM_NAME_FORCE', true ); // True turns it on, false turns it off.
define( 'WPMS_MAILER', 'smtp' ); // Possible values: 'mail', 'gmail', 'mailgun', 'sendgrid', 'smtp'.
define( 'WPMS_SET_RETURN_PATH', true ); // Sets $phpmailer->Sender if true.
define( 'WPMS_DO_NOT_SEND', true ); // Possible values: true, false.
Sendinblue Mailer
define( 'WPMS_MAILER', 'sendinblue' );
define( 'WPMS_SENDINBLUE_API_KEY', '' );
Mailgun Mailer
define( 'WPMS_MAILGUN_API_KEY', '' );
define( 'WPMS_MAILGUN_DOMAIN', '' );
define( 'WPMS_MAILGUN_REGION', 'US' ); // Change to 'EU' for Europe.
SendGrid Mailer
define( 'WPMS_SENDGRID_API_KEY', '' );
Amazon SES
define( 'WPMS_MAILER', 'amazonses' );
define( 'WPMS_AMAZONSES_CLIENT_ID', '' );
define( 'WPMS_AMAZONSES_CLIENT_SECRET', '' );
define( 'WPMS_AMAZONSES_REGION', '' ); // Possible values for region: 'email.us-east-1.amazonaws.com', 'email.us-west-2.amazonaws.com', 'email.eu-west-1.amazonaws.com'.
Google Mailer
define( 'WPMS_GMAIL_CLIENT_ID', '' );
define( 'WPMS_GMAIL_CLIENT_SECRET', '' );
Outlook Mailer
define( 'WPMS_MAILER', 'outlook' );
define( 'WPMS_OUTLOOK_CLIENT_ID', '' );
define( 'WPMS_OUTLOOK_CLIENT_SECRET', '' );
Other SMTP Mailer
define( 'WPMS_SMTP_HOST', 'example' ); // The SMTP mail host.
define( 'WPMS_SMTP_PORT', 587 ); // The SMTP server port number.
define( 'WPMS_SSL', '' ); // Possible values '', 'ssl', 'tls' - note TLS is not STARTTLS.
define( 'WPMS_SMTP_AUTH', true ); // True turns it on, false turns it off.
define( 'WPMS_SMTP_USER', 'username' ); // SMTP authentication username, only used if WPMS_SMTP_AUTH is true.
define( 'WPMS_SMTP_PASS', 'password' ); // SMTP authentication password, only used if WPMS_SMTP_AUTH is true.
define( 'WPMS_SMTP_AUTOTLS', true ); // True turns it on, false turns it off.

Once you’ve copied the code you’d like to use, you’ll need to add the details that are relevant to your specific site configuration.

Note: If you aren’t sure what values are needed for your site, then be sure to check out the tutorial for the specific mailer you’ve chosen. You can find links to all of our mailer tutorials in this guide.

After your code is set up, make sure that you save the file.

The last step is to make sure your constants are working. To do this, you’ll need to open your WordPress admin area and go to WP Mail SMTP ยป Settings. If you check the settings here, you should see that any fields using constants are disabled (they’ll appear slightly greyed out).

Fields using constants will be disabled in the WordPress admin area

That’s it! You can now add your WP Mail SMTP settings to your site’s config file instead of the admin area to make them more secure.

Next, would you like to keep tabs on all emails sent out from your WordPress site? WP Mail SMTP’s email logging option lets you see all emails that have been sent, as well as whether they were able to send successfully.