This is a feature request.
I would like wordfence alerts to be sent via the wp_mail function.
The current function wordfence uses to send mail $mail->send() sends unauthenticated php mail.
The problem with this is that if the server is using suphp or similar then the webhosting username is written to the email headers.
I use a smtp plugin that filters the wp_mail function so that all email sent by the site is authenticated smtp email, except wordfence email.
The wordfence code that bypasses wp_mail is on line 154 in the lib/wfIssues.php file
try {
$mail->send();
} catch (phpmailerException $e) {
// use wp_mail if there's a problem (which uses PHPMailer anyways :P)
wp_mail(implode(',', $emails), $subject, strip_tags($content));
}I would prefer this to be
try {
wp_mail(implode(',', $emails), $subject, strip_tags($content));
}If there is a logical reason for most users to bypass wp_mail then I would like an option in Wordfence Options to use it.