There is no frustration quite like a silent failure in software. You test your WooCommerce checkout or Contact Form 7 setup, the UI reports a successful submission, but the email never arrives.
On managed hosting platforms like SiteGround, this is rarely a plugin bug. It is a fundamental infrastructure conflict between how WordPress sends mail by default and how modern spam filters trust incoming messages.
If you are experiencing undelivered transactional emails or messages landing in spam, increasing the PHP memory limit or reinstalling plugins will not fix it. You must change the transport protocol from sendmail to authenticated SMTP.
The Root Cause: Why wp_mail() Fails on Cloud Hosting
To solve the problem, we must understand the execution flow of a standard WordPress email.
When a plugin calls wp_mail(), WordPress invokes the PHPMailer class. By default, PHPMailer uses the native PHP function mail(). On a Linux environment (like SiteGround), mail() relies on a local binary (usually Sendmail or Postfix) to route the message.
The Authentication Gap
When mail() sends a message, it is technically sent by the server’s system user (e.g., u123-456@server101.siteground.eu), not your actual domain email (admin@yourdomain.com).
While WordPress attempts to spoof the "From" header to match your domain, receiving servers (Gmail, Outlook) analyze the envelope sender. When they detect a mismatch between the "From" address and the actual origin server, they flag the email as spoofed.
SiteGround's Strict Quotas
SiteGround, to protect its IP reputation, imposes strict limits on unauthenticated emails sent via standard PHP scripts. If a script attempts to send email without proper SMTP authentication, it is often silently dropped or queued indefinitely if it exceeds strictly governed hourly quotas.
The Solution: Authenticated SMTP
The fix is to bypass the local mail() function entirely. We will reconfigure WordPress to connect directly to an SMTP server using credentials, exactly like a desktop email client (Outlook or Thunderbird).
This ensures two things:
- Identity Alignment: The envelope sender matches the "From" address.
- Trusted Origin: The email is cryptographically signed and authenticated by the mail server.
Prerequisites
Before implementing the code, ensure you have an email account created in your SiteGround Site Tools:
- Go to Site Tools > Email > Accounts.
- Create an account (e.g.,
noreply@yourdomain.com). - Note the Incoming/Outgoing Server (usually
mail.yourdomain.comor a specific SiteGround server hostname).
Method 1: The "Code-First" Implementation (Performance Optimized)
As developers, we often prefer to avoid installing heavy plugins for functionality that requires fewer than 20 lines of code. The cleanest way to enforce SMTP is by hooking into the phpmailer_init action.
Step 1: Secure Your Credentials
Never hardcode passwords in your theme's functions.php. Store them in your wp-config.php file, which sits outside the theme directory and is generally more secure.
Add this to wp-config.php, above the line that says /* That's all, stop editing! */:
/**
* SMTP Credentials
*/
define( 'SMTP_HOST', 'mail.yourdomain.com' ); // Replace with your SiteGround mail host
define( 'SMTP_USER', 'noreply@yourdomain.com' );
define( 'SMTP_PASS', 'YourStrongPasswordHere' );
define( 'SMTP_PORT', 465 ); // SiteGround prefers 465 for SSL
define( 'SMTP_SECURE', 'ssl' ); // Use 'ssl' for 465, 'tls' for 587
define( 'SMTP_FROM', 'noreply@yourdomain.com' );
define( 'SMTP_NAME', 'Your Site Name' );
Step 2: Create a Must-Use Plugin (mu-plugin)
Do not put this logic in functions.php, as it is infrastructure-level logic, not theme logic. Create a file named smtp-config.php inside wp-content/mu-plugins/. If the folder doesn't exist, create it.
Paste the following code:
<?php
/**
* Plugin Name: Custom SMTP Configuration
* Description: Forces PHPMailer to use SiteGround SMTP via wp-config credentials.
* Version: 1.0.0
* Author: Your Name
*/
defined( 'ABSPATH' ) || exit;
add_action( 'phpmailer_init', 'pse_configure_smtp_transport' );
/**
* Intercepts the PHPMailer instance and applies SMTP settings.
*
* @param PHPMailer $phpmailer The PHPMailer instance passed by reference.
*/
function pse_configure_smtp_transport( $phpmailer ) {
// Only configure if constants are defined in wp-config.php
if ( ! defined( 'SMTP_HOST' ) || ! defined( 'SMTP_USER' ) ) {
return;
}
$phpmailer->isSMTP();
$phpmailer->Host = SMTP_HOST;
$phpmailer->SMTPAuth = true;
$phpmailer->Port = defined( 'SMTP_PORT' ) ? SMTP_PORT : 465;
$phpmailer->Username = SMTP_USER;
$phpmailer->Password = SMTP_PASS;
$phpmailer->SMTPSecure = defined( 'SMTP_SECURE' ) ? SMTP_SECURE : 'ssl';
// Optional: Force the "From" address to match the authenticated user
// This prevents "relaying denied" errors on strict servers.
$phpmailer->From = SMTP_FROM;
$phpmailer->FromName = defined( 'SMTP_NAME' ) ? SMTP_NAME : 'WordPress';
}
This code intercepts the mailer object immediately before sending. It forces the internal flag isSMTP() to true, effectively bypassing the PHP mail() function entirely.
Method 2: The Plugin Approach (Admins)
If you are handing this site off to a client or prefer a GUI, WP Mail SMTP is the industry standard.
- Install and activate WP Mail SMTP.
- Navigate to WP Mail SMTP > Settings.
- Mailer: Select "Other SMTP".
- SMTP Host:
mail.yourdomain.com(Check Site Tools for the exact string). - Encryption: SSL.
- Port: 465.
- Authentication: On.
- Username/Password: The credentials created in Site Tools.
Note: While plugins like "Post SMTP" offer logging, they add database overhead. For high-performance sites, the code-first method or a lightweight configuration is preferred.
Critical Requirement: DNS Authentication (SPF & DKIM)
Authenticating via SMTP is step one. Step two is proving to the world that your SiteGround server is allowed to send email on behalf of your domain. Without this, you will still hit spam folders.
1. SPF (Sender Policy Framework)
You must have a TXT record in your DNS zone that lists SiteGround as an authorized sender.
- Go to Site Tools > Domain > DNS Zone Editor.
- Look for a TXT record starting with
v=spf1. - Ensure it includes SiteGround's lookup. It should look like this:
v=spf1 include:siteground.net +a +mx ~all
If you use Google Workspace or Office 365 for your personal email but the website sends transactional email via SiteGround, you must combine them:
v=spf1 include:siteground.net include:_spf.google.com ~all
2. DKIM (DomainKeys Identified Mail)
DKIM adds a digital signature to headers.
- Not all SiteGround plans enable this by default for sub-accounts.
- Check Site Tools > Email > Authentication.
- Ensure DKIM is "Active". If not, generate the key and add the specific TXT record provided to your DNS zone.
Troubleshooting & Edge Cases
The "Connection Timed Out" Error
If your logs show a timeout connecting to the SMTP host:
- Firewall Check: Ensure your security plugins (Wordfence, iThemes) aren't blocking outgoing connections on port 465.
- Port Swap: Switch from SSL/465 to TLS/587 in your configuration.
The "Sender Address Rejected" Error
SiteGround's SMTP servers are strict about relaying. You cannot authenticate as sales@yourdomain.com but try to send an email with the "From" header set to visitor@gmail.com (which often happens if you use the "Reply-To" email as the "From" email in contact forms).
The Fix: Always set the "From" address to the authenticated account (noreply@yourdomain.com). Use the visitor's email address in the Reply-To header only.
Google Workspace / external MX Records
If your domain's MX records point to Google or Outlook, sending email from the web server (SiteGround) can be tricky. The web server is not the mail server.
In this scenario, the Code-First approach above is vital. You must authenticate via the SiteGround local mail account (which exists even if MX records point elsewhere) OR configure the SMTP settings to relay through Google's SMTP servers (smtp.gmail.com). Note that relaying through Google requires App Passwords and has lower rate limits. Sticking to SiteGround's local SMTP for transactional site mail is usually faster and more reliable, provided your SPF records authorize both Google and SiteGround.
Conclusion
The default wp_mail() function is a relic of an older web. In a modern infrastructure dominated by strict spam filters and cloud hosting partitions, it is insufficient for business-critical communication.
By implementing authenticated SMTP via phpmailer_init, you align your WordPress application with modern email standards, bypassing server quotas and ensuring high deliverability for transactional alerts.