How wp_mail() is more secure than mail()

Question

I have a plugin in WP which I am going to modify. At some point I have to send an email and I have the option to choose between wp_mail and mail. I decided for the first one, at least it seems plugged in the WordPress environment. Even if I read the documentation, I can't understand how it could protect me more than mail. But a reason has to be there.

In general, may i consider the script safe if I am sending email by using wp_mail within a plugin with the parameters to, subject, body, header, "-f info@mdomain.com" ? Are there best practices to make this function safer? My concern is that for whatever reason the WP installation could be hacked and this script used to send unsolicited emails.

Regards Fabio

Answer 1

who told you that wp_mail is more secure than mail ?

mail is an internal php function

while wp_mail is often use mail function with more options to make it easier to send an emails using wordpress instead of re-implement new implementation to a mail object.

wp_mail uses PHPMailer class, which is using by default mail function.

/**
 * Which method to use to send mail.
 * Options: "mail", "sendmail", or "smtp".
 * @var string
 */
public $Mailer = 'mail';

however, if you took a quick look in the implementation of wordpress wp_mail function , you will notice a poor implementation , they still using global variables which is considered as a poor practice .