WP-MAIL PLAIN AUTH

You have to trust that the plugin does what it is supposed to when you set it to use SSL (SMTPS) or TLS (STARTTLS).

If you are worried about your account password moving around the Internet, create an account at Gmail, Hotmail or Yahoo and switch from passwords to OAuth 2.0. OAuth 2.0 access tokens are changed every ten minutes and are easily revocable.

FYI @rbarnes305, this plugin, and Easy SMTP and Mailbank and most of the others on here all use PHPMailer underneath. PHPMailer is what handles the encryption. Not the plugins.

There are a few plugins that don’t use PHPMailer, they are Postman (Zend), Cimy (Swift), WP Mandrill (Mandrill API) and SendGrid (SendGrid API).

Thanks, Jason. All of that is good info. I just want to make sure that the credentials are not being sent via plain text. Anyway to verify that?

You’ll need something called a packet sniffer, and if you don’t already know what it is you probably won’t be able to use it ??

?? I figured that is what I needed; however, looking to see if there was something easier.

What you want to do is inspect + verify the traffic between the two servers. A sniffer is the only way.

If my site is https, would someone be able to intercept these items?

HTTPS is an unrelated protocol that deals with traffic between the web server and a web browser. Not the web server and an email server.

I figured. Didn’t know if that would have helped. Thank you.