SS
SecureSMTPMail · forms · delivery
Get started
SecureSMTP · Setup guideLatest plugin: v1.21.0

Get started in 60 seconds

Install the WordPress plugin, paste your API key, and pick a template — your first form is live in under a minute. This guide walks through every step with screenshots, plus the things people usually get stuck on.

Start freeDownload plugin (v1.21.0)Watch the 60-sec tour ↓
60-second animated walkthrough of SecureSMTP — settings, editor, designer, frontend form, dashboard submissions, mail log
A 60-second tour: connect → build → style → embed → review

Three things to do, then you’re shipping forms

Sign up for a free SecureSMTP account, install the plugin on your WordPress site, and connect the two with an API key. After that, the rest is the form-builder inside WordPress.

STEP 01

Sign up

Create a free SecureSMTP account at securessmtp.com/signup. No credit card.

Sign up →
STEP 02

Install the plugin

Download v1.21.0 and upload it via Plugins → Add New → Upload Plugin.

Download zip →
STEP 03

Paste your API key

Copy the key from /app/forms/api-keys and paste it in WordPress → QCS Forms → Settings.

Get my key →

Step-by-step setup

~60 seconds end-to-end
  1. 1

    Create your SecureSMTP account

    Head to securessmtp.com/signup and create an account. Email + password, or sign in with Google. The free tier covers 100 form submissions per month, forever — no credit card required.

    Already have a SecureSMTP account? Log in.

  2. 2

    Add your WordPress site in the dashboard

    Open /app/forms/sites → click Add site → enter your site URL (e.g. https://acme-marketing.com). SecureSMTP generates a per-site API key automatically — that’s what the WordPress plugin uses to authenticate.

    Why per-site keys? If a key leaks, you only have to rotate that one site, not your entire account.

  3. 3

    Copy the API key

    Go to /app/forms/api-keys. You’ll see the key for the site you just added (looks like qcs_sk_live_a1b2c3...). Click the copy icon — keep this tab open, you’ll paste in WordPress shortly.

    Keep your key private. It’s a server-side credential — never paste it into a frontend file, never commit it to a public git repository.

  4. 4

    Install the plugin in WordPress

    Download qcs-form.zip (v1.21.0). In WordPress admin:

    1. Go to Plugins → Add New → Upload Plugin
    2. Click Choose File and pick the qcs-form.zip you just downloaded
    3. Click Install Now, then Activate Plugin

    After activation you’ll see a new SecureSMTP item in the WordPress sidebar.

  5. 5

    Paste the API key in WordPress

    In WordPress admin, go to QCS Forms → Settings. Paste your API key into the SecureSMTP API key field and click Save and test connection. You should see a green Connected to SecureSMTP banner with your site name, plan, and usage.

    SecureSMTP Settings page in WordPress admin showing Connected to SecureSMTP status with site name, plan, and usage
    WordPress → QCS Forms → Settings, after pasting your API key

    That’s the whole setup. Everything below is about using the plugin to build and embed forms.

  6. 6

    Create your first form from a template

    In WordPress admin: QCS Forms → Add New. Pick from 13 ready-made templates — Contact, Quote, Newsletter, Demo, Booking, Support, Lead Magnet, Event RSVP, Job Application, Real Estate, Wedding, Restaurant Reservation, Feedback. You can always customise later, so just pick the closest one.

    WordPress form editor with drag-and-drop field cards, one being dragged with a tilt and blue border, one expanded showing label/type/placeholder/required controls
    Drag-and-drop field editor — click any field to expand it, drag the handle to reorder
  7. 7

    Edit fields and style the form

    Each field is a collapsible card. Click to expand the label / placeholder / required toggle. Drag the left-side handle to reorder. Need a different field type? Click + Add field.

    The Design meta-box on the same page lets you pick a brand colour, corner radius, field background tone, button alignment, and an optional card wrapper. Live preview updates as you edit.

    SecureSMTP Designer meta-box showing brand colour swatches, corner radius slider, field background, button alignment, card wrapper toggle, with a live preview of the form on the right
    Design meta-box — change one setting and the live preview updates immediately
  8. 8

    Publish and copy your shortcode

    Click Publish (top-right). The Embed meta-box in the sidebar shows the shortcode for this form — something like:

    > [qcs_form id="42"]

    Paste that shortcode into any page or post — Gutenberg Shortcode block, Classic editor, page-builder shortcode widget, or even inside a theme template via <?php echo do_shortcode('[qcs_form id="42"]'); ?>.

  9. 9

    Submit a test entry on the frontend

    Visit the page where you embedded the shortcode. You should see the form rendered with the styling you picked. Fill it in and submit — within ~1 second the email lands in your notification inbox and the submission shows up in your SecureSMTP dashboard.

    Frontend contact page on acme-marketing.com with the SecureSMTP-rendered form on the right, name and email fields filled in, gradient send-message button, and 'Protected by SecureSMTP' footer
    The rendered form on a customer-facing page — protected by invisible spam checks
  10. 10

    Review submissions in your dashboard

    Open /app/forms/submissions to see every entry across all your sites. Each submission shows:

    • The visitor’s name, email, and message
    • An AI-generated classification (Genuine / Spam / Suspicious / Newsletter)
    • A spam score (0.00 = clearly genuine, 1.00 = clearly spam)
    • Email-delivery status (Delivered / Soft bounce / Held for review / Blocked)
    SecureSMTP dashboard submissions view: 4 stat cards (Last 30 days, Spam blocked, Avg response time, Email delivered) above a table of 7 submissions with avatars, form names, excerpts, classifications, scores, and email status
    SecureSMTP dashboard — every submission, AI-classified, with email delivery status

Shortcode reference

SecureSMTP gives you two shortcode flavours. The one you use depends on whether you want the form definition stored in WordPress or in the SecureSMTP dashboard.

WordPress-native form

Form built inside WordPress via QCS Forms → Add New. Form lives in your WP database; you embed it by post ID.

> [qcs_form id="42"]

The ID comes from the Embed meta-box on the form’s edit screen.

SecureSMTP-hosted form multi-site

Form built in the SecureSMTP dashboard at /app/forms/builder. One definition, embeddable on any number of sites — edit once, propagates everywhere within 5 minutes.

> [qcs_form slug="contact"]

Particularly useful for agencies running the same form across multiple client sites.

Common questions

I clicked “Save and test connection” but I see a red error banner. What now?
Three usual culprits: (1) the API key has a typo or extra whitespace — re-copy from /app/forms/api-keys and re-paste. (2) the site URL you registered in SecureSMTP doesn’t match where you’re running — confirm at /app/forms/sites. (3) your WordPress host can’t reach securessmtp.com — rare, but check with your host or run curl -I https://securessmtp.com/api/v1/health from the WordPress server via SSH.
My submissions show up in the dashboard but the email never arrives.
SecureSMTP sends from noreply@securessmtp.com via Resend, with SPF/DKIM/DMARC set up correctly — delivery is reliable to Gmail, Outlook, etc. Most likely the email is in your spam folder for the first one or two messages (until your inbox learns to trust the sender). The Mail Log inside WordPress (QCS Forms → Mail Log) shows delivery status — look for the Soft bounce / Hard bounce indicators.
Do I need a paid plan to use the plugin?
No. The free plan covers 100 submissions per month forever — no time limit, no nag screen. Paid plans (see pricing) raise the submission quota and add advanced AI features. The plugin itself is GPL-licensed and free.
Can I add the plugin to multiple WordPress sites under one SecureSMTP account?
Yes. Add each site at /app/forms/sites to get a per-site API key. Drop the appropriate key into each site’s WP plugin settings. Submissions and analytics are tracked per site.
What does the plugin actually send to securessmtp.com?
For each form submission: the field values the visitor entered, their IP address (rate-limit + spam classification), User-Agent, the HTTP Referer, the page URL the form was on, and your site’s API key. Nothing else. No tracking, no third-party analytics, no advertising integrations. Full data inventory is in the plugin’s readme.txt under Privacy & Data Handling, and the SecureSMTP-side privacy policy is at /privacy.
How do I uninstall cleanly?
Deactivate the plugin in Plugins → Installed Plugins. To remove all plugin data (forms, settings, mail-log table), delete the plugin via WordPress — uninstall.php cleans up. Submissions in your SecureSMTP dashboard are unaffected by the plugin removal; delete them individually from /app/forms/submissions if you want.

Ready to ship your first form?

Sign up free — no credit card, 100 submissions a month forever. The whole flow above takes about a minute.

Start freeDownload plugin v1.21.0Back to /forms