Title: PHISHING plugin? Last modified: August 21, 2016 --- # PHISHING plugin? * Resolved [Erik](https://wordpress.org/support/users/erikalm/) * (@erikalm) * [12 years, 7 months ago](https://wordpress.org/support/topic/phishing-plugin/) * Ten seconds after I configured this plugin and sent a test message I got a message from Gmail that someone from China tried to access my Gmail account. * I use Dreamhost and they seem to be in California. I am not 100% sure about the exact server I ran this script on, but I have a hard time thinking this was in China. * Anyway… Google stopped the login attempt and I’ve changed my password (it was time anyway)… * Just a little security heads up about putting in login and password info in a WordPress plugin… Don’t do it… * [http://wordpress.org/plugins/wp-smtp/](http://wordpress.org/plugins/wp-smtp/) Viewing 4 replies - 1 through 4 (of 4 total) * [acalbert](https://wordpress.org/support/users/acalbert/) * (@acalbert) * [12 years, 7 months ago](https://wordpress.org/support/topic/phishing-plugin/#post-4213553) * **It is absolutely impossible! This is an open source software, You can see the source code!!!** * [acalbert](https://wordpress.org/support/users/acalbert/) * (@acalbert) * [12 years, 7 months ago](https://wordpress.org/support/topic/phishing-plugin/#post-4213554) * **There is no server or connection information in any of the files. Meaning that it can only connect to whatever servers you put in !!!!!** * Moderator [Jan Dembowski](https://wordpress.org/support/users/jdembowski/) * (@jdembowski) * Forum Moderator and Brute Squad * [12 years, 7 months ago](https://wordpress.org/support/topic/phishing-plugin/#post-4213555) * acalbert? Thanks for the plugin (I use it myself on one of my installations) but you may want to calm down. For your own health. 😉 * **[@erik](https://wordpress.org/support/users/erik/)** As acalbert indicated this plugin is GPL’ed opensource (like all plugins in the repository) and you can view the source code yourself on your own installation or on trac. * [http://plugins.trac.wordpress.org/browser/wp-smtp/trunk](http://plugins.trac.wordpress.org/browser/wp-smtp/trunk) * There’s no server defined in the 2 PHP files. If you’re routing e-mail through China (and you’re not in China) then my guess is that your server has either been misconfigured or hacked. * Either way you want to speak with your web host. * Thread Starter [Erik](https://wordpress.org/support/users/erikalm/) * (@erikalm) * [12 years, 7 months ago](https://wordpress.org/support/topic/phishing-plugin/#post-4213556) * This incident made me realize I was putting my Google login information in a database on the web … which isn’t actually _my_ style. * On the other hand, my server has been hacked before, and I’ve had things happening with my Google account before (unsure if it was a Google glitch or me being careless with my login info). * So, this was probably just a coincidence! * And, it was a _question_ of whether this plug-in was phishing or not… * The question has been answered to my satisfaction, and that’s good enough for me. * Thanks for your replies guys! Viewing 4 replies - 1 through 4 (of 4 total) The topic ‘PHISHING plugin?’ is closed to new replies. * ![](https://ps.w.org/wp-smtp/assets/icon.svg?rev=3529344) * [Solid Mail – SMTP email and logging made by SolidWP](https://wordpress.org/plugins/wp-smtp/) * [Frequently Asked Questions](https://wordpress.org/plugins/wp-smtp/#faq) * [Support Threads](https://wordpress.org/support/plugin/wp-smtp/) * [Active Topics](https://wordpress.org/support/plugin/wp-smtp/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/wp-smtp/unresolved/) * [Reviews](https://wordpress.org/support/plugin/wp-smtp/reviews/) * 4 replies * 3 participants * Last reply from: [Erik](https://wordpress.org/support/users/erikalm/) * Last activity: [12 years, 7 months ago](https://wordpress.org/support/topic/phishing-plugin/#post-4213556) * Status: resolved