Hoala Greevy
Last week we covered how to migrate to Paubox SMTP API, our HIPAA compliant transactional email solution.
This week we'll cover how to use it with WordPress, the most popular content management system on in the internet. In fact, W3Techs reports that WordPress powers 43% on all websites.
This post will show you, step by step, how to set up Paubox SMTP API on your WordPress site.
About WordPress
WordPress is both a company and a set of software you can freely download and install on your own. In addition, there are legions of companies that specialize in providing WordPress hosting services.
Let's take it step by step:
- WordPress.com is run by a company called Automattic. Wordpress hosting is provided for you.
- WordPress.org is where you'd go to download and install Wordpress on your own. In this scenario, you host the site yourself.
- Companies like GoDaddy provide WordPress hosting. Like Automattic, WordPress hosting is also provided for you.
WordPress and HIPAA compliance
Next, let's take a look at WordPress and if it's a HIPAA compliant web hosting service.
As we've previously covered, a business associate agreement (BAA) is a written contract between a covered entity and a business associate. It is required for HIPAA compliance. At a minimum, there are 10 provisions that must be covered by a BAA.
If you are a covered entity entrusting protected health information (PHI) to a third party like a web hosting provider, then a BAA is required by law.
Is a BAA therefore required with WordPress?
As you can guess, it depends.
WordPress.com and HIPAA compliance
We searched WordPress.com for mention of their ability to sign a BAA with their customers. We could not find any mention of HIPAA, BAA, nor PHI on their Terms of Service and Privacy Policy pages.
We therefore conclude WordPress.com is not in the business of providing HIPAA compliant web hosting.
WordPress.org and HIPAA compliance
If you are looking to download WordPress on your own via Wordpress.org, it is certainly possible to configure it to be HIPAA compliant.
Here's how you can setup a HIPAA compliant Wordpress server.
WordPress hosting providers and HIPAA compliance
As there are myriad WordPress hosting providers, some will sign a BAA, some will not.
Here's a few examples:- Atlantic.Net. You can get a BAA for your WordPress server with Atlantic.Net.
- WP Engine. On the other hand, WP Engine specifically prohibits customers from storing PHI on their platform. Here's a screenshot from their Acceptable use policy page:
Paubox SMTP API
Now that you have an understanding of how to setup a HIPAA compliant WordPress site, let's setup Paubox SMTP API. It should be noted Paubox SMTP API is a component of Paubox Email API.
First, generate an API key. Keep this 40 character key on hand, you'll need it later in this post.
See related: Quickstart Guide: Paubox Email API
WordPress plugins and HIPAA compliance
Next, we'll install two WordPress plugins. These plugins are required in order to use Paubox SMTP API with WordPress.
When used properly, WordPress plugins can also be configured to be HIPAA compliant.
See also: WordPress plugins and HIPAA compliance
WordPress contact form plugin
First, let's install a contact form plugin, which allows you to build a Contact Us page.
A popular free WordPress plugin for contact forms is Contact Form 7. We'll be using it for this post.
Installing and configuring Contact Form 7
Installing the Contact Form 7 plugin is a straightforward process. You can refer to the plugin's FAQs page if you run into problems.
WordPress mailer plugin
A popular WordPress plugin for sending email is WP Mail SMTP.
WP Mail SMTP is a popular WordPress plugin that helps ensure your website’s emails are delivered successfully by configuring and authenticating your WordPress site to send emails using a proper SMTP (Simple Mail Transfer Protocol) service. We'll be using it for this post.
Installing and configuring WP Mail SMTP
WP Mail SMTP can be configured to connect to Paubox SMTP API to send HIPAA compliant emails from your WordPress site. It's possible to do this even with the free version of WP Mail SMTP.
Installing the WP Mail SMTP plugin is a straightforward process. Once installed, you'll see a screen similar to this in your WordPress Dashboard:
It should again be noted you don't need to purchase a license key for WP Mail SMTP in order to get Paubox SMTP API working.
Scroll down till you see the Mailer section and choose Other SMTP.
Your screen should look like this:
As we covered here, you need four settings to connect to Paubox SMTP API:
- SMTP Host: smtp.paubox.com
- SMTP Port: 587
- SMTP Username: apikey
- SMTP Password: <your API key>
Here's how those settings appear in WP Mail SMTP:
Note that the SMTP Password field is where you enter the 40-character API key you generated earlier.
Scroll to the bottom and click Save Settings.
Pau!
Your contact form submissions will now be sent by Paubox SMTP API.
Send up to 300 emails per month for free with Paubox SMTP API. Business associate agreement (BAA) included.
See also: Paubox SMTP API: Everything you need to know
See related: Paubox SMTP API Developer docs
