Welcome to the Treehouse Community

Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.

Start your free trial


Matthew Barnes
Matthew Barnes
Courses Plus Student 16,550 Points

PHPMailer to GMAIL - Could Somebody Access my Password?

Hi all,

I have a personal portfolio page and I'm using PHPMailer to allow users to email me if they would like to get in touch. I've used the "Build a Basic PHP website" course to achieve this. I have the following code on my index.php:

$mail = new PHPMailer;

//Enable SMTP debugging
// 0 = off (for production use)
// 1 = client messages
// 2 = client and server messages
$mail->SMTPDebug = 2;
//Ask for HTML-friendly debug output
$mail->Debugoutput = 'html';
//Set the hostname of the mail server
$mail->Host = 'smtp.gmail.com';
// use
// $mail->Host = gethostbyname('smtp.gmail.com');
// if your network does not support SMTP over IPv6
//Set the SMTP port number - 587 for authenticated TLS, a.k.a. RFC4409 SMTP submission
$mail->Port = 587;
//Set the encryption system to use - ssl (deprecated) or tls
$mail->SMTPSecure = 'tls';
//Whether to use SMTP authentication
$mail->SMTPAuth = true;
//Username to use for SMTP authentication - use full email address for gmail
$mail->Username = "my-email@gmail.com";
//Password to use for SMTP authentication
$mail->Password = "mypassword";

This is working perfectly, however I'm concerned about my email password. Is there any way a potential hacker could access this password? And if so what can I do to prevent this?

Thanks in advance!


1 Answer

yes, you should keep your credentials in a separate JSON file. Please take a look at the blog below:

PHPmailer encryption

Matthew Barnes
Matthew Barnes
Courses Plus Student 16,550 Points

Thank you Jacob,

I'm researching this now. Can you just explain what the poster means by setting the file outside my web root.

I assume my web root is the folder that my index.php is on the web hosting server. Is it as simple as placing the .ini or JSON file a folder back from this? If so would I Include this file simple by using ../?

Appreciate it!

you can use the include function, but I would also look at the docs for this:


what outside of the root folder means is that you are importing one file into another.

not a problem. I hope this helps.