{"id":335769,"date":"2026-07-16T03:51:18","date_gmt":"2026-07-16T03:51:18","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/enjinmel-smtp\/"},"modified":"2026-07-16T03:51:08","modified_gmt":"2026-07-16T03:51:08","slug":"enjinmel-smtp","status":"publish","type":"plugin","link":"https:\/\/wordpress.org\/plugins\/enjinmel-smtp\/","author":3244,"comment_status":"closed","ping_status":"closed","template":"","meta":{"version":"0.2.5","stable_tag":"0.2.5","tested":"7.0.1","requires":"5.3","requires_php":"7.4","requires_plugins":null,"header_name":"EnjinMel SMTP","header_author":"Liew CheonFong","header_description":"Replaces the default WordPress email sending functionality with Enginemailer API key for enhanced deliverability and reliability.","assets_banners_color":"000000","last_updated":"2026-07-16 03:51:08","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"https:\/\/github.com\/liewcf\/enjinmel-smtp","header_author_uri":"https:\/\/github.com\/liewcf","rating":0,"author_block_rating":0,"active_installs":0,"downloads":29,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"0.2.5":{"tag":"0.2.5","author":"lcf","date":"2026-07-16 03:51:08"}},"upgrade_notice":{"0.2.5":"<p>COMPATIBILITY UPDATE: Verifies WordPress 7.0 support, restores legacy EngineMail upgrade paths, and hardens Send Test Email validation.<\/p>","0.2.4":"<p>RECOMMENDED SECURITY UPDATE: Preserves prior mail-blocking filters before EnjinMel sends, neutralizes spreadsheet formula prefixes in CSV log exports, hardens Send Test Email error rendering, and updates PHPUnit dev tooling.<\/p>","0.2.3":"<p>RECOMMENDED UPDATE: Addresses WordPress.org plugin check findings by removing the discouraged <code>load_plugin_textdomain()<\/code> call, properly prefixing uninstall globals, and regenerating the distributable bundle (with \/languages) referenced by the Domain Path.<\/p>","0.2.2":"<p>CRITICAL UPDATE: Fixes double-encryption bug that prevented API keys from working. Includes automatic repair for affected installations. Update immediately if experiencing email delivery issues.<\/p>","0.2.1":"<p>CRITICAL UPDATE: Fixes API V2 compatibility issues causing 500 errors. Updates immediately if you&#039;re unable to send emails after upgrading to 0.2.0.<\/p>","0.2.0":"<p>CRITICAL SECURITY UPDATE: Fixes multiple security vulnerabilities including encryption weaknesses and SQL injection prevention. Adds performance improvements and new security features. Update immediately!<\/p>","0.1.0":"<p>Initial release of EnjinMel SMTP plugin with full email delivery and logging features.<\/p>"},"ratings":[],"assets_icons":{"icon-256x256.png":{"filename":"icon-256x256.png","revision":3609734,"resolution":"256x256","location":"assets","locale":"","width":256,"height":256},"icon.svg":{"filename":"icon.svg","revision":3609733,"resolution":false,"location":"assets","locale":false}},"assets_banners":{"banner-1544x500.png":{"filename":"banner-1544x500.png","revision":3609734,"resolution":"1544x500","location":"assets","locale":"","width":1544,"height":500},"banner-772x250.png":{"filename":"banner-772x250.png","revision":3609734,"resolution":"772x250","location":"assets","locale":"","width":772,"height":250}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["0.2.5"],"block_files":[],"assets_screenshots":{"screenshot-1.png":{"filename":"screenshot-1.png","revision":3609733,"resolution":"1","location":"assets","locale":"","width":772,"height":712},"screenshot-2.png":{"filename":"screenshot-2.png","revision":3609733,"resolution":"2","location":"assets","locale":"","width":1167,"height":505}},"screenshots":{"1":"Settings page with API configuration","2":"Log viewer with filtering and export options"}},"plugin_section":[],"plugin_tags":[267,48589,6696,48586,6695],"plugin_category":[41],"plugin_contributors":[271811],"plugin_business_model":[],"class_list":["post-335769","plugin","type-plugin","status-publish","hentry","plugin_tags-email","plugin_tags-email-delivery","plugin_tags-smtp","plugin_tags-transactional-email","plugin_tags-wp_mail","plugin_category-communication","plugin_contributors-lcf","plugin_committers-lcf"],"banners":{"banner":"https:\/\/ps.w.org\/enjinmel-smtp\/assets\/banner-772x250.png?rev=3609734","banner_2x":"https:\/\/ps.w.org\/enjinmel-smtp\/assets\/banner-1544x500.png?rev=3609734","banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":"https:\/\/ps.w.org\/enjinmel-smtp\/assets\/icon.svg?rev=3609733","icon":"https:\/\/ps.w.org\/enjinmel-smtp\/assets\/icon.svg?rev=3609733","icon_2x":false,"generated":false},"screenshots":[{"src":"https:\/\/ps.w.org\/enjinmel-smtp\/assets\/screenshot-1.png?rev=3609733","caption":"Settings page with API configuration"},{"src":"https:\/\/ps.w.org\/enjinmel-smtp\/assets\/screenshot-2.png?rev=3609733","caption":"Log viewer with filtering and export options"}],"raw_content":"<!--section=description-->\n<p>EnjinMel SMTP replaces the default WordPress email sending functionality with the powerful Enginemailer REST API to ensure your transactional emails are delivered reliably and efficiently.<\/p>\n\n<p><strong>Important:<\/strong> This plugin is an independent WordPress integration and is not affiliated with or endorsed by Enginemailer.<\/p>\n\n<p><strong>Understanding the Names:<\/strong><\/p>\n\n<ul>\n<li><strong>EnjinMel SMTP<\/strong> - The name of this WordPress plugin<\/li>\n<li><strong>Enginemailer<\/strong> - The third-party email delivery API service (https:\/\/enginemailer.com)<\/li>\n<\/ul>\n\n<p>This plugin connects your WordPress site to the Enginemailer service API.<\/p>\n\n<p><strong>Key Features:<\/strong><\/p>\n\n<ul>\n<li><strong>Seamless Integration<\/strong> - Automatically intercepts all <code>wp_mail()<\/code> calls<\/li>\n<li><strong>Enhanced Deliverability<\/strong> - Routes emails through Enginemailer's reliable email infrastructure<\/li>\n<li><strong>Comprehensive Logging<\/strong> - Track email sends with detailed logs including timestamps, recipients, and status<\/li>\n<li><strong>Test Email Functionality<\/strong> - Verify your configuration by sending test emails<\/li>\n<li><strong>Secure API Key Storage<\/strong> - API keys are encrypted using AES-256-CBC encryption<\/li>\n<li><strong>Log Management<\/strong> - Automatic log retention with configurable cleanup schedules<\/li>\n<li><strong>Admin Interface<\/strong> - User-friendly settings page with log viewer<\/li>\n<\/ul>\n\n<p><strong>Perfect For:<\/strong><\/p>\n\n<ul>\n<li>Membership sites<\/li>\n<li>E-commerce platforms<\/li>\n<li>Contact forms<\/li>\n<li>Password reset emails<\/li>\n<li>Order confirmations<\/li>\n<li>User notifications<\/li>\n<\/ul>\n\n<h3>External services<\/h3>\n\n<p>This plugin requires an Enginemailer account and connects to the Enginemailer REST API at https:\/\/api.enginemailer.com to deliver email. The connection occurs whenever WordPress sends an email through <code>wp_mail()<\/code>, including when an administrator uses the Send Test Email feature.<\/p>\n\n<p>By default, each API request sends the configured Enginemailer API key, recipient addresses (To, CC, and BCC), sender name and email address, subject, email body, and any configured campaign name or template ID. If an email includes attachments, the plugin reads those local files and sends their filenames and Base64-encoded contents. Developers may modify the outbound payload or request using the plugin's documented filters.<\/p>\n\n<p>Enginemailer provides the email delivery service. Review its <a href=\"https:\/\/www.enginemailer.com\/legal\/termsofservice\">Terms of Service<\/a> and <a href=\"https:\/\/www.enginemailer.com\/legal\/privacypolicy\">Privacy Policy<\/a>.<\/p>\n\n<h3>Privacy<\/h3>\n\n<p>This plugin stores limited email metadata to aid troubleshooting and deliverability monitoring:<\/p>\n\n<ul>\n<li>Stored: recipient email address(es), subject, send status (sent\/failed), timestamp, and an error message when available.<\/li>\n<li>Not stored: email body content or attachments.<\/li>\n<li>Retention: logs are kept for 90 days by default and purged daily. Developers can adjust the retention via the <code>enjinmel_smtp_retention_days<\/code> filter, clear logs from the admin UI, or purge on uninstall by defining <code>ENJINMEL_SMTP_PURGE_LOGS_ON_UNINSTALL<\/code> in <code>wp-config.php<\/code>.<\/li>\n<\/ul>\n\n<h3>Additional Information<\/h3>\n\n<p><strong>Security:<\/strong>\n* API keys are encrypted before storage\n* All admin actions use WordPress nonces\n* Input sanitization and output escaping throughout\n* Capability checks on all admin operations\n* Existing <code>pre_wp_mail<\/code> blockers are preserved before EnjinMel sends\n* CSV log exports neutralize spreadsheet formula prefixes<\/p>\n\n<p><strong>Developers:<\/strong>\n* Follows WordPress Coding Standards\n* Comprehensive inline documentation\n* Extensible architecture with filters and actions<\/p>\n\n<p><strong>Support:<\/strong>\nFor issues, feature requests, or contributions, please refer to the project repository.<\/p>\n\n<!--section=installation-->\n<ol>\n<li>Upload the plugin files to <code>\/wp-content\/plugins\/enjinmel-smtp\/<\/code>, or install through the WordPress plugins screen<\/li>\n<li>Activate the plugin through the 'Plugins' screen in WordPress<\/li>\n<li>Navigate to EnjinMel SMTP settings page<\/li>\n<li>Enter your Enginemailer API key (get one at https:\/\/portal.enginemailer.com\/Account\/APIs)<\/li>\n<li>Configure your default From Name and From Email<\/li>\n<li>Send a test email to verify everything works<\/li>\n<\/ol>\n\n<p><strong>Optional:<\/strong> For enhanced security, you can define custom encryption constants in your <code>wp-config.php<\/code> file. If not provided, the plugin will auto-generate and store encryption keys in the database:\n    <code>php\ndefine('ENJINMEL_SMTP_KEY', 'your-32-character-key-here');\ndefine('ENJINMEL_SMTP_IV', 'your-16-character-iv-here');<\/code><\/p>\n\n<!--section=faq-->\n<dl>\n<dt id=\"where%20do%20i%20get%20an%20api%20key%3F\"><h3>Where do I get an API key?<\/h3><\/dt>\n<dd><p>You can obtain an API key from the Enginemailer portal at https:\/\/portal.enginemailer.com\/Account\/APIs<\/p><\/dd>\n<dt id=\"what%20are%20the%20encryption%20constants%20and%20why%20do%20i%20need%20them%3F\"><h3>What are the encryption constants and why do I need them?<\/h3><\/dt>\n<dd><p>The plugin uses AES-256-CBC encryption to securely store your API key in the database. By default, the plugin auto-generates and stores encryption keys in the database. For enhanced security in shared hosting or high-security environments, you can optionally define custom <code>ENJINMEL_SMTP_KEY<\/code> and <code>ENJINMEL_SMTP_IV<\/code> constants in your <code>wp-config.php<\/code> file.<\/p><\/dd>\n<dt id=\"can%20i%20view%20sent%20email%20logs%3F\"><h3>Can I view sent email logs?<\/h3><\/dt>\n<dd><p>Yes! The plugin includes a comprehensive log viewer accessible from the WordPress admin menu. You can filter, search, and export email logs.<\/p><\/dd>\n<dt id=\"how%20long%20are%20logs%20kept%3F\"><h3>How long are logs kept?<\/h3><\/dt>\n<dd><p>By default, logs are kept for 90 days. The plugin automatically purges older logs via a daily cron job.<\/p><\/dd>\n<dt id=\"is%20this%20compatible%20with%20other%20email%20plugins%3F\"><h3>Is this compatible with other email plugins?<\/h3><\/dt>\n<dd><p>This plugin intercepts <code>wp_mail()<\/code> calls, so it will override other email plugins. Only activate one email sending plugin at a time.<\/p><\/dd>\n<dt id=\"does%20this%20work%20with%20woocommerce%2C%20contact%20form%207%2C%20etc%3F\"><h3>Does this work with WooCommerce, Contact Form 7, etc?<\/h3><\/dt>\n<dd><p>Yes! Any plugin that uses WordPress's standard <code>wp_mail()<\/code> function will automatically use EnjinMel SMTP for email delivery.<\/p><\/dd>\n\n<\/dl>\n\n<!--section=changelog-->\n<h4>0.2.5<\/h4>\n\n<ul>\n<li>Fixed: Restored legacy EngineMail compatibility helpers for settings, log migration, cron cleanup, and mail failure metadata while keeping current EnjinMel behavior.<\/li>\n<li>Fixed: Hardened Send Test Email recipient validation to reject tampered input instead of sanitizing it into a different address.<\/li>\n<li>Fixed: Made log-table detection work for both persistent WordPress tables and temporary tables created by the WordPress PHPUnit test suite.<\/li>\n<li>Changed: Verified compatibility with WordPress 7.0 and updated <code>Tested up to<\/code>.<\/li>\n<li>Changed: Aligned the WordPress test stack with WordPress 7.0 using PHPUnit 9.6, <code>wp-phpunit<\/code> 7.0, and PHPUnit Polyfills 4.0.<\/li>\n<\/ul>\n\n<h4>0.2.4<\/h4>\n\n<ul>\n<li>Fixed: Security - Preserve prior non-null <code>pre_wp_mail<\/code> return values, including <code>WP_Error<\/code>, before sending through EnjinMel.<\/li>\n<li>Fixed: Security - Neutralize spreadsheet formula prefixes in exported email log CSV values.<\/li>\n<li>Hardened: Insert dynamic Send Test Email failure messages as text instead of HTML.<\/li>\n<li>Changed: Updated PHPUnit dev dependency to <code>12.5.25<\/code> to address CVE-2026-24765.<\/li>\n<li>Tests: Added regression coverage for prior <code>WP_Error<\/code> preservation and CSV formula neutralization.<\/li>\n<\/ul>\n\n<h4>0.2.3<\/h4>\n\n<ul>\n<li>Fix: Removes manual <code>load_plugin_textdomain()<\/code> so WordPress automatically loads translations for the plugin slug.<\/li>\n<li>Fix: Flags <code>wp_mail_failed<\/code>, <code>wp_mail_succeeded<\/code>, and <code>wp_mail_content_type<\/code> hooks with PHPCS ignores while mirroring core behavior.<\/li>\n<li>Fix: Prefixed uninstall globals before dropping log tables to satisfy NamingConventions checks.<\/li>\n<li>Changed: Rebuilt <code>\/dist\/enjinmel-smtp<\/code> and generated <code>enjinmel-smtp-0.2.3.zip<\/code>, including the required <code>\/languages<\/code> folder referenced by the Domain Path.<\/li>\n<\/ul>\n\n<h4>0.2.2<\/h4>\n\n<ul>\n<li>Fixed: CRITICAL - Double-encryption bug preventing API keys from working<\/li>\n<li>Fixed: Automatic detection and repair of corrupted double-encrypted keys<\/li>\n<li>Fixed: Added safeguard to prevent re-encryption of already encrypted values<\/li>\n<\/ul>\n\n<h4>0.2.1<\/h4>\n\n<ul>\n<li>Fixed: CRITICAL - API V2 compatibility (removed unsupported fields causing 500 errors)<\/li>\n<li>Fixed: Removed SubmittedContentType, IsHtmlContent, and ReplyToEmail fields not in V2 API<\/li>\n<li>Fixed: Made SenderName optional (only sent when not empty)<\/li>\n<li>Fixed: Added default values for empty subject and message fields<\/li>\n<\/ul>\n\n<h4>0.2.0<\/h4>\n\n<ul>\n<li><strong>CRITICAL SECURITY:<\/strong> Fixed per-message random IV encryption (replaced static IV)<\/li>\n<li><strong>CRITICAL SECURITY:<\/strong> Fixed SQL injection prevention via table sanitization<\/li>\n<li><strong>CRITICAL SECURITY:<\/strong> Fixed asset loading paths causing log viewer UI to break<\/li>\n<li><strong>HIGH SECURITY:<\/strong> Removed duplicate export handler (CSRF vulnerability)<\/li>\n<li><strong>HIGH SECURITY:<\/strong> Encryption keys no longer autoload (99.9% less loading)<\/li>\n<li>Added: Password-masked API key field with Show\/Hide toggle<\/li>\n<li>Added: Composite index for 50-80% faster filtered queries<\/li>\n<li>Added: Multibyte-safe text truncation (Unicode, emoji support)<\/li>\n<li>Added: Email validation at save time with user feedback<\/li>\n<li>Added: TRUNCATE fallback for universal host compatibility<\/li>\n<li>Fixed: Logging now defaults to enabled on first save<\/li>\n<li>Fixed: Email validation logic corrected<\/li>\n<li>Fixed: Whitespace API key handling<\/li>\n<li>Performance: Significant memory reduction and query optimization<\/li>\n<\/ul>\n\n<h4>0.1.0<\/h4>\n\n<ul>\n<li>Initial release<\/li>\n<li>Enginemailer REST API integration<\/li>\n<li>Encrypted API key storage<\/li>\n<li>Email logging with retention management<\/li>\n<li>Admin log viewer with filtering and export<\/li>\n<li>Test email functionality<\/li>\n<\/ul>","raw_excerpt":"Replace WordPress default email sending with Enginemailer API for enhanced deliverability and reliability.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/335769","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=335769"}],"author":[{"embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/lcf"}],"wp:attachment":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=335769"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=335769"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=335769"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=335769"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=335769"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=335769"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}