PHP Security Changes – Disabling of Features

On March 1st, 2014 we will be disabling and discontinuing support for the PHP mail() function. Disabling this function will help with the security of our systems and servers to help protect against websites being compromised and then used to spread and send spam. This means that websites that use the PHP mail method will need to change the way they send mail. Most applications have a built in way of directly communicating with the SMTP server (such as PHPMailer, SwiftMailer etc.). Applications such as Joomla, WordPress etc. also have their own mechanisms or plug-ins to achieve this. Most applications should already be using SMTP directly and not PHP’s mail function.

The reasons go beyond just spam and security as well. The method is known for not being 100% at delivering mail; emails sent through this mechanism have been reported to be flagged by spam filters, not meeting all RFC specifications amongst other issues.

Check with your application developers to see which method your application is using and how to update it to use the SMTP server directly.

Thank you for your understanding and cooperation!

2 thoughts on “PHP Security Changes – Disabling of Features”

  1. Hi,

    I read about WordPress:

    “WP uses the SMTP settings as configured in PHP’s php.ini.”

    Can this be done for each website?

Comments are closed.