I recently worked on one of our client websites, which was sending sensitive information via email. We wanted to make sure that everything that could be done to ensure the security of this information was in place and working as expected. However, sending secure email with WordPress can be more complicated than it seems on the surface.
Doesn’t WordPress send secure emails by default?
The answer is no. WordPress isn’t concerned with sending secure email. That’s not to say it doesn’t matter to WordPress. The WordPress community and developers push for best practices and standards all the time, but WordPress doesn’t actually send your website emails itself.
If you’ve done any custom coding or plugin development for WordPress, you’ve probably come across the wp_mail function. It’s a simple function that takes a couple of parameters for basic usage and has some more advanced options if you need them. WordPress itself doesn’t actually send email. It hands the responsibility off to whatever mail transfer agent (MTA) with which your system is configured to use.
On most Unix and Linux systems, this is sendmail, but it could be any number of applications. WordPress has no real knowledge of this and doesn’t need to know. Instead, it packages up the email into a standard format and hands it off to the system to be sent or queued for sending. This is all perfectly normal. This is how it works in most applications because sending email is the responsibility of the underlying system and not PHP or WordPress itself.
So the question came up: is this method secure for sending email with WordPress? Unfortunately, the answer is that it depends on how the system is set up; and it can be hard to figure out without sending some test emails or checking with the host.
The bottom line is that if the underlying MTA is not set up to use Secure Socket Layer (SSL)—that is, encrypted by an SSL certificate—then it’s not secure. The email will be sent via plain text in the clear. This is not ideal for sensitive information.
If you have sufficient access and are a little familiar with Unix/Linux (or Windows if that’s your server), then you can go in and change sendmail or whatever MTA is set up to use SSL for sending secure email. But WordPress has another option: Simple Mail Transfer Protocol (SMTP).
SMTP is a better option for a number of reasons. For one, you have better tools to diagnose potential issues if the mail is not being delivered as expected. It’s a more robust system. But, like sendmail or other MTAs, it may not be configured to be secure either. You need to make sure that even if you switch to SMTP that you are using SSL. WordPress can easily be configured to use STMP via wp-config with some constants or through a custom function in your functions.php file or the easy way with one of the many SMTP plugins.
A word of caution for SMTP Plugins: many of them enable message logging by default. Depending on the nature of your emails, you may not want to store this information. For our particular client, storing the emails would be another vector for a potential hack to get their hands on sensitive data; so we only enabled logging while were were testing.
Does using SSL mean that the emails are 100% secure? Absolutely not. Email by nature is a plain text medium. The SSL will help with sending secure email with WordPress, but the emails themselves are not encrypted in any way and a vulnerable to other types of attacks.
Think of SSL as an armored USPS mail truck with guards. No one is going to get your mail while it’s in transit. But once it’s delivered, all they have to do is find a way to sneak into your mailbox and they can read the message just fine.
So using SSL will allow WordPress to send emails securely, but if there’s any node or hop between where the email is sent and when it’s received, then the SSL doesn’t end up helping much. Any insecure node in the delivery chain could be exploited. So how do how we protect the data and not just the transmission? That’s where encryption comes in.
Now add PGP
Pretty Good Privacy (PGP) is an encryption format that allows you to use a public and private key so that only the sender and receiver can view the mail. Thankfully, there are a number of PGP plugins for WordPress that will let you send completely encrypted emails. Combined with SSL, this is about as secure as it’s going to get. Technically speaking, any encryption can be broken. But the reason we still use it is in cases like this, breaking PGP would take hundreds of computers many, many decades to decrypt.
This is by no means a comprehensive guide for sending secure emails with WordPress. But we ran across the issue, had some discussions, ran some tests, and we wanted to share what we learned. By default, WordPress does not send secure emails. No encryption is used and no SSL is enforced when handing it off to the system to be mailed. You need to look at the needs of your project and decide if you need more security. At a minimum, we recommend making sure the system is using SSL when sending. And if you are sending especially sensitive information, you should take the extra steps and use SMTP with PGP encryption or something similar.
If after reading this you find that you’re still having issues sending secure emails with WordPress, contact us for assistance. We can get you and your WordPress site set up with a secure email marketing process.