Posting to WordPress via Email

WordPress has one feature that’s pretty old-school, and often overlooked by most bloggers. I’m talking about the possibility of posting via email. Nowadays, the WP interface itself is pretty easy to use and very functional. If we add software like Microsoft Live Writer to the equation then there’s hard to see a reason for posting anything via email.

Only there is one.

No matter what people say, there’s still no quicker way of posting an important entry (like a highly newsworthy information or something) from whatever computer you have access to, and without the need of logging into your WP account.

For people who run news-styled blogs in their niches, the amount of time between an event happening and the blogger posting an entry about it is essential. If someone is consistently posting news quicker than you then there’s no point for any visitor to keep reading your site.

Of course, when you’re in a less time sensitive field then this is not that important for you, but still, it’s worth to be aware of all the different features WP has to offer.

Risks of posting via email

Let’s start with the risks. Cause there are some. Actually, there’s one big risk. The feature is rather simple in construction. What WordPress actually does is it logs into a given email account, checks for new mail, and posts every email it finds.

In plain English, if someone discovers this secret email they will be able to post anything to your blog by simply sending a message to it (no account needed, nothing).

Of course, you need to set up that email account first, and it has to be account that’s going to be used only for this one purpose and nothing else, but still, it is a public address. Now, at first this disqualifies the whole purpose of using email posting, but there’s a really simple way of getting around this risk, and I’m going to share it in just a moment.

WordPress has its own piece of advice on how to deal with this, but it’s neither helpful nor safe. What they tell you to do is create an email account with a random string as the login name – something along the lines of “,” but of course, this doesn’t make the email undiscoverable.

So, here’s what to do:

Using Gmail

Yes, Gmail will help us big time here.

Start by creating a new Gmail account with whatever username you wish. You can even go with “” … it truly doesn’t matter. What matters is what we’re going to do later on.

Go to your Gmail settings. Then “Forwarding and POP/IMAP” and enable the “Enable POP for all mail (even mail that’s already been downloaded)” feature. From now on your Gmail is supporting the possibility of downloading messages via POP protocol (which WordPress uses for email postings).

This next step is the crucial one. What we’re going to do here is choose an email address which will be the only one allowed to send anything to your new Gmail account, and therefore to post something to your blog.

Go to “Filters” and “Create a new filter.” In the “from” field input your primary email address and add a hyphen just before it. Example: – Then press “Create filter with this search.” Tick the “Delete it” checkbox, and press “create filter.” That’s it.

From now on every email that hasn’t been sent from your own email address will be immediately deleted.

Setting this up in WordPress

Now let’s go back to WP for some final settings.

Go to Settings > Writing and scroll down to the “Post via e-mail” section.

Input ssl:// as the mail server. Set port to 995. Finally, input your email, password and hit “Save Changes.”

From this point forward everything is set and you can post blog entries by simply sending an email from your main email account to your new Gmail account.

How to craft posts in email

Unfortunately, this feature doesn’t have much possibilities. It’s good for posting simple, text-only posts, but nothing more. You can’t add any pictures, videos, or even apply any custom styling to the text (like bold or italics).

Now the how-to. What you do is simple. The subject of the email becomes the title of the post, and everything inside the email gets published as the post’s content.

And I mean anything… so be careful with things like signature lines, custom styling tags, and ads (if you’re using a free email provider for your main email address). One more thing, also all HTML code gets stripped out.

After you send the email you have to visit the wp-mail.php file of your blog through a web browser. This is usually located at:

You have to do it every time you send an email with a new post. This is actually what triggers WP to check for new email posts.

Is it worth it?

There are some major limitations, I agree. Text-only… no images, and so on. At first this doesn’t seem like a valuable feature, but still, nothing is faster for posting time-sensitive entries if you’re not near your primary computer.

Tell me what you think. Have you experienced with this feature? What do you think about the point of having it these days, since there are apps like Windows Live Writer or various iPhone apps available?

there are 9 comments added

  1. KPM 29th December 2011

    Even with this filter, it still is not secure. You'd just have to pretend sending the mail from the one authorized address to pass the control.

  2. Karol K 2nd January 2012

    I agree that faking the "from" field is a way around in theory, but nowadays it's recognized by spam filters, and I honestly believe that the filter at Google is a good one... hopefully. :)

  3. Pedro Nave 5th January 2012

    Sumary: Posting via email = Posterous. :P

  4. Paolo 6th September 2012

    That's nice. Does it's possible to add multiple addresses on filter? something like: –,–,–,etc...

  5. nathans 17th February 2013

    ok - great example i think this could be used is to move a product ( which might be an order for say a custom design or t-shirt ) Well obviously there will be more to the order than paying and receiving so in order to create a work flow and put order inside workflow this could be a great feature to add to say woo commerce + gravity forms = email notification after order is placed sends email to post and post is custom post type which will have a default status based on order details i.e., new art request or new t-shirt design... Once the post is created the customer not only receives confirmation via email along with a receipt for deposit or order but now there is a page where all communication to complete the design can take place and the client has ability in future to always reorder and that my friend to me sounds like in theory " AWESOMENESS! "

  6. TBN 15th April 2013

    I tried the above. But i have a problem. The imported messages are appearing in WP posts but not in published status. They are in the status " Pending Review " Why? Any idea ??

    • Pierre 17th September 2013

      TBN, you must have your post-by-email address in the list of authorized authors to have it sent directly "Published" and not "Pending". Good idea using the filter. Indeed spam filters are good and that is now two addresses to guess.

  7. search engine marketing 15th January 2014

    Good day! Do you know if they make any plugins to protect against hackers? I'm kinda paranoid about losing everything I've worked hard on. Any suggestions?

  8. Beau Hindman 2nd June 2015

    Hello! Thanks for this post. A question. What does this mean exactly? "After you send the email you have to visit the wp-mail.php file of your blog through a web browser. This is usually located at:" --- does this mean it is not automated then? I went to that file and it had an error, but setup was normal. Any ideas?

Reset fields

back to top