Hayward H400ND1 Induced Draft Gas Pool Heater – Troubleshooting & Repair
February 6, 2017
Repair 2005 Mazda RX-8 Climate Control Unit
February 8, 2017

Getting Gmail SMTP server to work with WordPress if 2-factor authentication is enabled

The Dilemma

Outgoing emails for new user registrations would not send from Wordpress. What I'm speaking of is users are not receiving emails when they Register via the Wordpress Register Form. I am receiving emails myself from Wordpress on Tutanota but users weren't receiving the email. When I received a new email from Wordpress, it would be addressed from Me (www-data@unknown.tutanota.de). There was also a little caution symbol that stated the technical sender is different from the email address in the 'From' field. So from a bit of experience with managing enterprise mail servers in the past, I assume this issue is due to the email getting blocked by a Spam Filter of some sort since Wordpress (via PHP Mail function) is just using a generic email by default straight from my server. It's worth noting that tutanota.de is my secure email provider. 

So I figured I couldn't use my default PHP Mail function and instead installed a Wordpress SMTP plugin in order to route my emails through Gmail's server. I was refraining from installing the plugin since I try to keep my Wordpress installs as light as possible but went ahead and bit the bullet. I filled out the plugin settings but a test email failed. 

Here is the result from my log (some content purposely truncated):
SMTP -> get_lines(): $str is "534-5.7.9 Application-specific password required. Learn more at"
SMTP -> get_lines(): $data is "534-5.7.9 Application-specific password required. Learn more at"
SMTP -> get_lines(): $str is "534 5.7.9 https://support.google.com/mail/?p=InvalidSecondFactor.5 - gsmtp"

Immediately I could tell that I had an issue with the 2-factor authentication that was enabled on my account. So to resolve the issue I did a bit of research and found that you must generate an App Password in order to basically generate a backdoor full access password into your account. This password must be kept very secure as it kind of defeats the purpose of having 2-factor authentication enabled in the first place if it leaks.

I changed my Wordpress SMTP addon password to my new "App Password" I generated. Afterwards, I performed another email test which passed this time with flying colors. I then created a new account for my website using a gmail.com email address which I previous never received any emails. Within seconds, I received the email to click the link and set my Wordpress password. I noticed a few things I need to tweak (sender name, etc.) but at least it is working properly now.

App Passwords

app-passwords
app-passwords2
brandon
brandon
IT Support Engineer III working at Amazon.com in Las Vegas, NV. I enjoy building websites, graphic design and studying technology in my spare time.

Leave a Reply