Master SMTP Developer Guide

Developer guide for Master SMTP covering plugin architecture, mailer providers, wp_mail handling, routing, logs, notifications, security, APIs, cron jobs, and extension workflows.

Table of Contents

Plugin Structure

Master SMTP is organized into separate modules under `src/`.

Important folders:

master-smtp.php
src/
views/
assets/
languages/

Main responsibilities:

				
					src/Core/              Plugin boot, activation, capabilities, requirements
src/Admin/             Admin pages, actions, UI assets
src/Connections/       Connection storage, sanitization, validation
src/Mail/              wp_mail handling and PHPMailer integration
src/Mailers/           Mailer provider classes
src/Log/               Email log storage, cleanup, viewing
src/Stats/             Dashboard and email statistics
src/Notifications/     Error notification delivery
src/Cron/              Scheduled cleanup and summary emails
src/Security/          Secret encryption/decryption
src/Rest/              REST API routes

Secret Handling

Secrets are handled by:

				
					src/Security/Secrets.php

Credentials should be encrypted before storage.

Sensitive examples:

				
					SMTP passwords
API keys
OAuth client secrets
Access tokens
Webhook URLs
Telegram site secret

When importing settings from another site, encrypted secrets may not be reusable if the WordPress secret keys differ. In that case, the plugin should clear unsafe imported secrets and ask the admin to re-enter them.

Security Checklist

For any new feature, confirm:

  • User capability checks are present.
  • Nonces are used for admin actions.
  • REST/AJAX endpoints validate permissions.
  • Inputs are sanitized.
  • Outputs are escaped.
  • Secrets are encrypted.
  • Secrets are not logged.
  • Secrets are not sent to notification channels.
  • External requests use WordPress HTTP APIs where possible.

Release Checks

Before releasing a new version:

  1. Run PHP syntax checks.
  2. Run JavaScript syntax checks.
  3. Activate the plugin on a test WordPress site.
  4. Send a successful test email.
  5. Force a failed email and confirm logging.
  6. Test import/export with saved secrets.
  7. Test routing if routing changed.
  8. Test summary email if notification code changed.
  9. Test Telegram token generation, verification, and test message if Telegram changed.
  10. Confirm version numbers match in master-smtp.phpreadme.txt, and translation metadata.
  11. Confirm no backend-only files, test files, logs, database dumps, or credentials are included in the plugin package.

Leave a Reply

Your email address will not be published. Required fields are marked *

Contact
Contact
Scroll to Top