If you want to improve the security of your WordPress website, removing unneeded plugins is a good idea. Every additional plugin you have is more code that could be insecure. One place that a lot of websites could do that is with their usage of a plugin to have email sent through SMTP instead of directly through the server the website is hosted on. There are millions of websites using plugins to do that. That includes hundreds of thousands using a plugin that is known to be vulnerable. Many of those websites could replace the plugin being used with a few lines of code added to the WordPress configuration file. That file is named wp-config.php and is usually in the root directory of the website (it could also be in the directory above that).
The lines to add to the file are as follows:
define( ‘SMTP_username’, ” );
define( ‘SMTP_password’, ” );
define( ‘SMTP_server’, ” );
define( ‘SMTP_PORT’, ” );
define( ‘SMTP_SECURE’, ‘tls’ );
You need to fill in the details for username and other credentials on the lines that have a ” in them. If you already have a plugin set up to handle that, you simply need to copy those values. Otherwise, the email provider should list those details for the email account.
Are you sure about this? I don’t see any code in core WordPress that would actually use those values. I think you would have to add a ‘phpmailer_init’ hook to make this work.