Is WP Mail SMTP the one accessing my account or a hacker?

  • Resolved thatssean

    (@thatssean)


    3 years, 6 months ago

    Hi, I’ve used WP Mail SMTP for a while now and it’s great, however recently my email provider has been notifying me that a 3rd party application has been accessing my email from somewhere in Utah, United States. Just wanted to check if this belongs to WP Mail SMTP since in order for the plugin to work, we have to provide our email account details during the setup phase. For now I’ve changed the password of my account so the plugin isn’t working of course, just wanted to find out if all’s good before I allow access again.

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Author Gregor Capuder

    (@capuderg)

    Hi @thatssean,

    our plugin does not access your email account in the way of actually logging into an email account. All our mailers have integrations with the API or other means of communication in order to send emails. Also, all the settings and details that you configure in your WP site (in plugin settings) are only available/visible to the administrators of your WP site.

    Could you please provide more information? Which mailer are you using in our plugin? Is it the “Other SMTP” mailer? The “Other SMTP” mailer uses PHPMailer library (SMTP protocol) in WordPress in order to send emails, so it does not actually log into your email account. I think you made a good choice in changing the password. If possible I would advise you to also enable the two-factor authentication if the email provider supports it.

    Take care!

    Thread Starter thatssean

    (@thatssean)

    Hi, I’m indeed using the “Other SMTP” mailer. It seems that whenever that business email account sends updates to my personal email (i.e updates on the website being successfully backed up), it coincides with when my email provider will tell me that a 3rd party application has accessed the account. In other words, I’m guessing that my mail provider considers one of my plugins as “accessing my account” by sending me updates? I’ve already reached out to my mail provider to hopefully give me more insight on specifically what application/plugin is making use of that account – hopefully they’ll get back to me soon and I’ll let you know the outcome of that conversation.

    Plugin Author Gregor Capuder

    (@capuderg)

    Hi @thatssean,

    do you use the SMTP details in any other plugin (or any other app/software not just your WP site)?

    I think contacting your mail provider is a good idea. They should be able to give you more details and you’ll know what is going on.

    Take care!

    Thread Starter thatssean

    (@thatssean)

    Hi, after much digging, I finally found out what’s causing this. The IP address that has been accessing my account is not from a rogue plugin/app, but rather it’s my website server itself. I have verified the IP address with my website hosting provider and they have confirmed this, so all is good. Thanks Gregor for your prompt help! Much appreciated.

    Plugin Author Gregor Capuder

    (@capuderg)

    Hi @thatssean,

    I’m glad the issue is resolved for you ??

    Have a nice day!

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Is WP Mail SMTP the one accessing my account or a hacker?’ is closed to new replies.