Would you like to prevent SMTP settings from being edited in your WordPress admin area? On most sites, email deliverability is a critical functionality. But when settings are available in the WordPress admin area, any administrator on the site can see and edit those details (and the values are stored in your site’s database, too).
In this tutorial, we’ll show you how to prevent users from changing WP Mail SMTP settings in your WordPress admin area by setting up constants.
In This Article
Enabling Constants in WordPress
To get started, you’ll need to open your site’s wp-config.php file. If you’re not sure how to locate and edit this file, check out WPBeginner’s guide for more details.
Once this file is open, scroll down. Look for the line that reads /* That's all, stop editing! Happy publishing. */ Be sure to add any new code above this line.
Note: If you feel at all unsure about where to add the necessary code to wp-config.php, then place it at the top of the file. This will help ensure that the code can be used by your site.
Here’s the first line of code you’ll need to add:
define( 'WPMS_ON', true ); // True turns on constants support and usage, false turns it off.
As described in the code comment, this will enable the usage of WP Mail SMTP constants on your site.
Adding Constants for WP Mail SMTP
Once you’ve enabled constants for WP Mail SMTP, the next step is to add the code for any specific constants you want to use.
Below, you’ll find the code needed to create a constant for each SMTP value. Go ahead and copy the lines of code you need into your site’s wp-config.php file. After adding them to your file, be sure to check that all code values match what you need on your site.
General Settings
Every constant in this section can be used for any mailer because they’re not specific to any one mailer option.
define( 'WPMS_LICENSE_KEY', '' ); define( 'WPMS_MAIL_FROM', '[email protected]' ); define( 'WPMS_MAIL_FROM_FORCE', true ); // True turns it on, false turns it off. define( 'WPMS_MAIL_FROM_NAME', 'Example Name' ); define( 'WPMS_MAIL_FROM_NAME_FORCE', true ); // True turns it on, false turns it off. define( 'WPMS_MAILER', 'smtp' ); // Possible values: 'mail', 'gmail', 'mailgun', 'sendgrid', 'smtp'. define( 'WPMS_SET_RETURN_PATH', true ); // Sets $phpmailer->Sender if true. define( 'WPMS_DO_NOT_SEND', true ); // Possible values: true, false.
Email Logs
The constants in this section can also be used regardless of which mailer you choose.
define ( 'WPMS_LOGS_ENABLED', true ); // True turns it on, false turns it off. define ( 'WPMS_LOGS_LOG_EMAIL_CONTENT', true ); // True turns it on and stores email content, false turns it off. define ( 'WPMS_LOGS_LOG_RETENTION_PERIOD', 0 ); // How long email logs should be retained before they are deleted, in seconds. To disable the log retention period and keep logs forever, set to 0.
SendLayer Mailer
define( 'WPMS_MAILER', 'sendlayer' ); define( 'WPMS_SENDLAYER_API_KEY', '' );
SMTP.com Mailer
define( 'WPMS_SMTPCOM_API_KEY', '' ); define( 'WPMS_SMTPCOM_CHANNEL', '' ); define( 'WPMS_MAILER', 'smtpcom' );
Brevo (Sendinblue) Mailer
define( 'WPMS_MAILER', 'sendinblue' ); define( 'WPMS_SENDINBLUE_DOMAIN', '' ); define( 'WPMS_SENDINBLUE_API_KEY', '' );
Mailgun Mailer
define( 'WPMS_MAILGUN_API_KEY', '' ); define( 'WPMS_MAILGUN_DOMAIN', '' ); define( 'WPMS_MAILGUN_REGION', 'US' ); // Change to 'EU' for Europe. define( 'WPMS_MAILER', 'mailgun' );
SendGrid Mailer
define( 'WPMS_SENDGRID_API_KEY', '' ); define( 'WPMS_SENDGRID_DOMAIN', '' ); define( 'WPMS_MAILER', 'sendgrid' );
Amazon SES
define( 'WPMS_MAILER', 'amazonses' ); define( 'WPMS_AMAZONSES_CLIENT_ID', '' ); define( 'WPMS_AMAZONSES_CLIENT_SECRET', '' ); define( 'WPMS_AMAZONSES_REGION', '' ); // Possible values for region: 'us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'eu-west-1', 'eu-west-2', 'eu-west-3', 'eu-central-1', 'eu-north-1', 'ap-south-1', 'ap-northeast-1', 'ap-northeast-2', 'ap-southeast-1', 'ap-southeast-2', 'ca-central-1', 'sa-east-1'.
Google Mailer
define( 'WPMS_GMAIL_CLIENT_ID', '' ); define( 'WPMS_GMAIL_CLIENT_SECRET', '' ); define( 'WPMS_MAILER', 'gmail' );
Outlook Mailer
define( 'WPMS_MAILER', 'outlook' ); define( 'WPMS_OUTLOOK_CLIENT_ID', '' ); define( 'WPMS_OUTLOOK_CLIENT_SECRET', '' );
Postmark Mailer
define( 'WPMS_MAILER', 'postmark' ); define( 'WPMS_POSTMARK_SERVER_API_TOKEN', '' ); define( 'WPMS_POSTMARK_MESSAGE_STREAM', '' );
SparkPost Mailer
define( 'WPMS_MAILER', 'sparkpost' ); define( 'WPMS_SPARKPOST_API_KEY', '' ); define( 'WPMS_SPARKPOST_REGION', '' );
Zoho Mailer
define( 'WPMS_ZOHO_DOMAIN', ''); define( 'WPMS_ZOHO_CLIENT_ID', ''); define( 'WPMS_ZOHO_CLIENT_SECRET', ''); define( 'WPMS_MAILER', 'zoho' );
Other SMTP Mailer
define( 'WPMS_SMTP_HOST', 'example' ); // The SMTP mail host. define( 'WPMS_SMTP_PORT', 587 ); // The SMTP server port number. define( 'WPMS_SSL', '' ); // Possible values '', 'ssl', 'tls' - note TLS is not STARTTLS. define( 'WPMS_SMTP_AUTH', true ); // True turns it on, false turns it off. define( 'WPMS_SMTP_USER', 'username' ); // SMTP authentication username, only used if WPMS_SMTP_AUTH is true. define( 'WPMS_SMTP_PASS', 'password' ); // SMTP authentication password, only used if WPMS_SMTP_AUTH is true. define( 'WPMS_SMTP_AUTOTLS', true ); // True turns it on, false turns it off. define( 'WPMS_MAILER', 'smtp' );
Once you’ve copied the code you’d like to use, you’ll need to add the details that are relevant to your specific site configuration.
Note: If you aren’t sure which values are needed for your site, then be sure to check out the tutorial for the specific mailer you’ve chosen. You can find links to all of our mailer tutorials in this guide.
After your code is set up, make sure that you save the file.
Confirming Your Constants
The last step is to make sure your constants are working. To do this, you’ll need to open your WordPress admin area and go to WP Mail SMTP » Settings.
If you check the settings here, you should see that any fields using constants are disabled. They’ll appear grayed out and won’t be editable.
Updating Your Constants
Note: This section only applies to mailers SendLayer, SMTP.com, Brevo (Sendinblue), Mailgun, Postmark, SendGrid, and SparkPost. Other mailers do not support webhook delivery confirmation because they do not have this functionality.
Before you update your constants, you’ll need to disable the Webhook alerts and re-enable them once you’re done updating the constants. To do so, go to WP Mail SMTP » Settings and open the Email Log tab.
Here, click on the Unsubscribe button next to the Webhooks Status field.
Once your constants have been updated, refresh the page and click on the Subscribe button next to the Webhooks Status field. This ensures that the delivery verification webhooks will be configured correctly against your constant changes.
That’s it! You can now add your WP Mail SMTP settings to your site’s config file instead of the admin area to make them more secure.
Next, would you like to keep tabs on all the emails sent out from your WordPress site? WP Mail SMTP’s email logging feature lets you see all the emails generated by your site, as well as whether they were successfully sent or not.