Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App

We’ve been using Post SMTP for years. Initially, we started with WP Mail SMTP, but the free version didn’t include logging, while Post SMTP did, and that occasionally came in handy. So we switched to Post SMTP across all our projects. About two years ago, several websites we manage were hacked due to a vulnerability in Post SMTP. Well, you could argue that maybe something like that can happen ONCE. But it already caused a serious loss of trust for us. Fortunately, we haven’t had any further breaches related to this plugin since then, but that’s only because we’ve been extremely cautious about updating it. However, over the past two years, the plugin has had FIVE high-severity and TWO critical vulnerabilities. That’s simply unacceptable for serious projects. After the latest “Unauthenticated Stored Cross-Site Scripting” issue, I’m done with this plugin for good, and we’re switching to WP Mail SMTP everywhere. I’ve already subscribed. I’d rather pay for a reliable and secure plugin than use a free one that keeps leaving the door wide open to attackers once or twice every year. After the last critical issue, I even opened a support request in November, where support claimed that “security remains an absolute top priority.” And now here we are again, 6 months later, with another “unauthenticated” vulnerability – even if it’s “just” XSS this time, and depends on stack and setup. That’s enough for me. It feels like nothing has really changed. This is not a serious plugin, and it should NOT be used for serious projects. I’ve never left a one-star rating before, but this time I had to. Just take a look at the vulnerabilities of Post SMTP on Wordfence Vulnerability Database, their severity, and how often they occur. And compare it with something else, like WP Mail SMTP. We’re moving on and not looking back. Goodbye Post SMTP, hello paid WP Mail SMTP.If you still decide to stick with this plugin, only use it with auto-updates enabled.

frzsombor

March 18, 2026

|

After purchasing PostSMTP Pro and facing some incompatibility issues with other plugins I asked for help and I was impressed by the awesome and rapid support given by M Aqib Khan to solve the issue.Great thanks! Just as an information for people who are using AIOS Security and Firewall : the Open Email Tracking needs the option “Advanced Character String Filter” to be disabled (AIOS => Firewall => PHP rules => String filtering). I highly recommend this plugin.

mahonyson

March 13, 2026

|

Great Plugin easy to config and troubleshoot.

jcalmeida

March 2, 2026

|

After purchasing PostSMTP Pro and facing some incompatibility issues with other plugins I asked for help and I was impressed by the awesome and rapid support given by M Aqib Khan to solve the issue.Great thanks! Just as an information for people who are using AIOS Security and Firewall : the Open Email Tracking needs the option “Advanced Character String Filter” to be disabled (AIOS => Firewall => PHP rules => String filtering). I highly recommend this plugin.

mahonyson

March 13, 2026

|

Great Plugin easy to config and troubleshoot.

jcalmeida

March 2, 2026

|

Aqib was very helpful in setting up PostSMTP on my site. The plug-in is working very well.

AdamJB13

February 26, 2026

|

We’ve been using Post SMTP for years. Initially, we started with WP Mail SMTP, but the free version didn’t include logging, while Post SMTP did, and that occasionally came in handy. So we switched to Post SMTP across all our projects. About two years ago, several websites we manage were hacked due to a vulnerability in Post SMTP. Well, you could argue that maybe something like that can happen ONCE. But it already caused a serious loss of trust for us. Fortunately, we haven’t had any further breaches related to this plugin since then, but that’s only because we’ve been extremely cautious about updating it. However, over the past two years, the plugin has had FIVE high-severity and TWO critical vulnerabilities. That’s simply unacceptable for serious projects. After the latest “Unauthenticated Stored Cross-Site Scripting” issue, I’m done with this plugin for good, and we’re switching to WP Mail SMTP everywhere. I’ve already subscribed. I’d rather pay for a reliable and secure plugin than use a free one that keeps leaving the door wide open to attackers once or twice every year. After the last critical issue, I even opened a support request in November, where support claimed that “security remains an absolute top priority.” And now here we are again, 6 months later, with another “unauthenticated” vulnerability – even if it’s “just” XSS this time, and depends on stack and setup. That’s enough for me. It feels like nothing has really changed. This is not a serious plugin, and it should NOT be used for serious projects. I’ve never left a one-star rating before, but this time I had to. Just take a look at the vulnerabilities of Post SMTP on Wordfence Vulnerability Database, their severity, and how often they occur. And compare it with something else, like WP Mail SMTP. We’re moving on and not looking back. Goodbye Post SMTP, hello paid WP Mail SMTP.If you still decide to stick with this plugin, only use it with auto-updates enabled.

frzsombor

March 18, 2026

|

It seems with each release a new critical vulnerability. I’m guessing the vibe coding over there is going well… Colour me not impressed.

defmans7

November 20, 2025

|

1 reply

I really loved this plugin and the features for the free and pro version, but the security in this plugin has been an ongoing joke for a really long time now. At one point we got critical updated from WordFence every 2 weeks and had to update and test a huge amount of sites, to stay secure. With the latest critical update, which the danish intelligence service also warned about, we decided to use the time and money to change all sites. Review updated from 5 stars to 1 star. Original review from +2 years ago:Been using this plugin for SMTP for ages and on +100 sites. I absolutely love it and it works every time. BUT in the newest version, where we migrated to a new log, the “resend” function is missing? I really need this, for the few times the SMTP settings change and emails are not send out correctly. The feature list still include it, so where is it?

nicolaifriis

November 13, 2025

|

3 replies