Introduction

When WordPress starts returning SMTP authentication errors, password reset emails, order notices, and contact form messages can all stop at once. The mail server is reachable, but it refuses to trust the site’s login credentials or sending method. That makes the issue feel like a general email outage even though the real problem is usually one setting mismatch. The fix is to verify the SMTP account, authentication method, and provider rules together instead of changing random mail options.

Symptoms

  • WordPress mail plugins report authentication failed or login rejected errors
  • Test emails from the site fail immediately even though the SMTP host resolves
  • Password reset, contact form, or WooCommerce emails stop sending
  • The issue started after changing the mail provider, password, or security policy
  • Other applications can send mail, but the WordPress site cannot

Common Causes

  • The SMTP username or password is wrong or outdated
  • The provider requires an app password or modern auth flow instead of the account password
  • Encryption mode, port, or authentication type does not match the provider requirements
  • The sender address is not allowed for the authenticated mailbox or relay
  • A mail security policy blocks new devices, unfamiliar IPs, or basic authentication

Step-by-Step Fix

  1. Review the exact SMTP error from the WordPress mail plugin so you know whether the failure is authentication, encryption, or connection related.
  2. Verify the SMTP username, password, host, port, and encryption mode against the provider’s current documented settings.
  3. Check whether the mailbox now requires an app password, relay credential, or approved device instead of the normal login password.
  4. Confirm the configured sender address is permitted for the authenticated account and matches any enforced send-as policy.
  5. Test the same credentials outside WordPress if possible to separate provider-side authentication issues from plugin-specific misconfiguration.
  6. Review recent security changes at the mail provider, such as MFA requirements, IP restrictions, or disabled basic authentication.
  7. Disable overlapping SMTP or email plugins so only one component owns WordPress outbound mail configuration.
  8. Send a real test email after correcting the settings and verify delivery through the provider logs, not just the WordPress success message.
  9. Keep SMTP credentials and provider-specific setup notes documented so future password rotations do not silently break site email.