Would not recommend anymore, now connection link to their site middleman.

Hi Ryan,

yes, we made a change to the oAuth process for Gmail mailer. This change was made so users with mod_security and other WP security plugins issues can also use the Gmail mailer without any issues.

Google returns the scope GET parameter in a URL format. This triggers mod_security and WP security plugins and breaks the oAuth process, resulting in unsuccessful Gmail authorization.

Our redirect just encodes (base64_encode) the scope GET parameter and returns the scope and code parameters to the client site. Nothing is being saved and processed on our end. That’s the only thing that’s done and it resolved the mod_security issues our users were having.

We understand your concern and we may add additional support for the old method for advanced users.

Have a nice day!

Well, to give the plugin authors some credit, there is visibility for middleman URI in config UI; they could have hidden it, and most people would not notice. Oh, but wait, it would not have worked then, as users would not have added URI in their Google API creds.

So, the answer above looks false and misleading to me. If it were true, plugin authors would have allowed users to use their own URI and have not required theirs. There is no way to edit it.

So, yes, this is not secure, and by using this plugin, you will most probably be violating a lot of rules and would not even know this if you are not savvy in web security.

I do not see how it is ok to compromise personal data security with this approach.