Pinny's Simple SMTP – The Lightest SMTP Plugin (4KB) & Dead Easy Setup

Pinny’s Simple SMTP is the lightest SMTP plugin in the entire WordPress repository, weighing in at just 4.5KB. It’s simple to use, highly secure, and includes all the basic features you need to send emails reliably.

🚀 Super Easy 30-Second Configuration

Tired of bloated setup wizards, “Connect Account” popups, and endless menus?

Pinny’s Simple SMTP is designed to be invisible. We removed the fluff so you can get back to work. 1. Enter your Host & Port. 2. Enter your Login. 3. Click Save.

That’s it. You are done. There is no complex UI to learn. No dashboards to manage. It is a true “Set and Forget” solution that just works.

Unlike most SMTP plugins (which are typically 2MB+ in size), Pinny’s Simple SMTP is ultra-lightweight, easy to set up, and never compromises on security. We ensure your sensitive credentials are always protected with automatic encryption—no more storing passwords in plain text.

This plugin is different. It’s smaller than a favicon, works with any mail provider, and takes just seconds to set up.

Features:

• World’s Lightest (4.5KB): This is the most lightweight SMTP plugin currently available on the repository. It has zero impact on your site speed.
• Encrypted Security: We take security seriously. Your SMTP password is encrypted in the database using native WordPress salts. We never store credentials in plain text.
• Dead Easy Setup: No confusing wizards or tutorials needed. Just enter your Host, Port, and Login, then click Save.
• All Basic Features: Supports TLS/SSL, custom ports, “From” email/name overrides, and includes a 1-Click Test Email tool.
• Zero Bloat: No ads, no dashboard widgets, no usage tracking, and no upsells.

🛡️ The “Zero-Retention” Security Promise

Pinny’s Simple SMTP is built on a strict security philosophy: WordPress is a CMS, not an Email Archive.

Most SMTP plugins log every email sent from your site into your WordPress database. While this seems convenient, it introduces massive security risks, database bloat, and privacy violations.

We feature a Zero-Retention Architecture. We connect, deliver, and vanish. Here is why this is safer for you:

1. The Security Risk (Why we don’t log)

Storing email logs in your database creates a high-value target for hackers. * The “Big Hack” Reality: In 2024 and 2025, major SMTP plugins (such as Post SMTP) suffered critical vulnerabilities (CVE-2023-6875 and CVE-2025-11833). Hackers were able to bypass authentication, trigger password reset emails, read the plugin’s email logs to capture the reset link, and take over the entire website. * Our Fix: You cannot steal what isn’t there. By not logging emails, Pinny’s Simple SMTP renders this entire class of “Account Takeover” attacks impossible.

2. The Database & Privacy Problem

• Bloat: Transactional logs grow indefinitely. A busy store sends thousands of emails a month. Storing these in wp_options or custom tables slows down your site and bloats your backups.
• GDPR & Privacy: Your database should not permanently store customer PII (Personally Identifiable Information) like password reset links, purchase receipts, or private contact form messages. If your site is compromised, those logs are a leak waiting to happen.

3. The Right Way to Log

If you need to track email delivery, do it where it belongs: At your Email Provider. * Gmail / Google Workspace: Has a “Sent” folder and comprehensive audit logs. * SendGrid / Mailgun / SES: These services are built to archive millions of emails securely, with proper rotation policies and access controls. * Microsoft / Outlook: Native “Sent Items” retention.

Pinny’s Simple SMTP keeps your WordPress database clean, fast, and secure by letting your email provider do its job.

🚫 The “Anti-Bloat” Architecture: Why We Rejected OAuth

Pinny’s Simple SMTP is built on a strict performance philosophy: Do not load code you do not use.

The industry standard is to force users into OAuth (Log in with Google/Microsoft). While this looks fancy, for a WordPress plugin, it is technically inferior to standard SMTP. Here is why we deliberately stripped OAuth out of Pinny’s:

1. The “Universal Adapter” Trap (Bloat) Most users connect to one provider (e.g., just Gmail). However, to support OAuth, other plugins must bundle massive SDK libraries for 10–15 different services (Google, Microsoft, Amazon, Yahoo, Zoho, etc.).

• The Result: You install megabytes of vendor code just to send a simple email.
• Our Fix: Pinny’s uses standard SMTP. We don’t force you to host 14 unused API libraries on your server just to use the 15th. This keeps our codebase at ~4.5KB and auditable in minutes.

2. The Complexity Risk (Security) In security, Complexity is the Enemy. OAuth flows require redirects, token storage, refresh tokens, and constant API updates. Every external library added to a plugin increases the “Attack Surface”—more code means more places for bugs to hide.

• The Reality: If a plugin’s bundled “Google API Client” has a vulnerability, your site is at risk—even if you are using Outlook.
• Our Fix: We use native WordPress functions. No external dependencies. No third-party SDKs. No supply-chain vulnerabilities.

3. App Passwords: The Superior Choice We use App Passwords (Standard SMTP Authentication). This is the secure, recommended method for server-side mailing (Gmail/Workspace & Microsoft 365).

• Strictly Scoped: An App Password usually only has permission to send mail. Unlike an OAuth token (which can sometimes be scoped too broadly), an App Password cannot be used to change your account settings or read your Drive files.
• Instantly Revocable: If you suspect a breach, you can revoke that specific App Password instantly from your Google/Microsoft dashboard without changing your main login credentials.
• Zero Downtime: OAuth tokens expire or disconnect if the API changes. App Passwords work until you say stop.

Pinny’s Simple SMTP chooses stability over shiny buttons. Enter your Host, Port, and App Password → Save. Done.

The Lightweight Champion (Comparison)

Why slow down your site with megabytes of code just to send an email? See how Pinny’s compares to the other plugins.

• 🏆 Pinny’s Simple SMTP: Size: ~4.5 KB | Ads: None | Security: Encrypted 🔒 | Logs: None (Secure) | Tables: 0 (Clean)
• 🐢 WP Mail SMTP: Size: ~2.6 MB | Ads: Yes (Dashboard) | Security: Plain Text | Logs: Locked (Pro) | Tables: Custom Tables
• 🐢 Post SMTP: Size: ~14.8 MB | Ads: Yes | Security: Base64 ⚠️ | Logs: High Risk (See CVE-2025-11833) | Tables: Custom Tables
• 🐢 FluentSMTP: Size: ~2.2 MB | Ads: None | Security: Encrypted 🔒 | Logs: Yes (Adds Bloat) | Tables: Custom Tables