How To Obfuscate Email Addresses in WordPress Without a Plugin
In this tutorial, I will show you how to Protect email Addresses in WordPress, and prevent email spam with the built-in WordPress antispambot() function. You probably did not know that there is a function in WordPress that automatically obfuscate an email address.
Spam bots are regularly scanning the Web to find emails to spam. But what if you want to display your email, or other Authors´ emails on your WordPress blog?
In this case, Obfuscating the code is the deliberate act of making the source code difficult to understand by Spam bots. Emails will display on your Website in such a way that Spam bots scanning your Website are unable to identify those emails; but at the same time these emails will still retain the appearance and functionality of hyperlinks for your users.
The antispambot() function converts an email address characters to URL encoding to block spam bots. The nice thing about the antispambot() function, is that it encodes only portions of an email address, and does so randomly so the encoded letters are different each time the page loads, adding a little more firepower to the email spam protection.
I will show you how to Obfuscate email addresses for your WordPress Website to prevent email harvesting, while at the same time retaining the appearance and functionality of hyperlinks. There are many solutions to obfuscate email addresses including plugins, but why not use this little known built-in WordPress antispambot() function.
Prevent Email Spam With WordPress antispambot() Function
1. Display Blog´s Administrator Email | footer.php
Let´s say you are the blog´s administrator/owner, and you want your email to appear on every page of the blog, for people to contact you. A good place would be in your blog´s footer, at the bottom of every page.
In this case, Open footer.php file located in your theme´s folder, and add (copy and paste) the following CODE-1 where you want your email to appear. Save the file and upload it to the server.
CODE-1:
<!-- Display the Blog's Administartor Email Obfuscated (def: ambiguous, harder to interpret). -->
<a href="mailto:<?php echo antispambot(get_bloginfo('admin_email'), 1); ?>" title="Email Blog's Administrator">Email Administrator</a>
CODE-1 Notes:
CODE-1 can NOT be used in your WordPress editor in the dashboard. The code should be used in your theme´s templates, the footer or wherever you want your email to appear.
You could apply the same code in the header or sidebar of your blog. Add CODE-1 where you want your email to appear.
The get_bloginfo() function returns information about your WordPress Website. By having the admin_email as a parameter, the function returns the Administrator´s email address set in your WordPress dashboard: Settings -> General.
Of course you could hardcode your email address instead of using the admin_email parameter. But that´s not a good/portable approach.
The antispambot() function parses the e-mail address passed by get_bloginfo(). The nice thing about it is that it encodes only portions of the email address, and does so randomly so the letters encoded are different each time the page loads.
CODE-1 works on WordPress 2.8.0 and higher. But I hope that you will upgrade to the latest version.
CODE-1 References:
Result of CODE-1:
The image below show the result of CODE-1 on my Blog.
This is how it appears in the footer of this Blog. The real email appears in the status bar when hovering.
This is how the email appears in the source code the page (View Page Source):
//The code encodes only portions of the email address, and does so randomly so the letters encoded are different each time the page loads. <a title="Email Blog's Administrator" href="mailto:bout%72o%73%61biched%69d%40yah%6fo%2e%63o%6d">Email Administrator</a>
2. Display the Post´s Author Email | single.php
Let´s say you are not the only Author on your blog. You have multiple Authors, and each one of you want to show your email. Of course CODE-1 is for the blog´s Administrator only. Let´s say each author want to display his/her email at the end of the post. In this case, the best place to put the following code would be in your theme´s single.php file.
Open single.php file located in your theme´s folder, and add (copy and paste) the following CODE-2 where you want your email to appear. Save the file and upload it to the server.
CODE-2:
<!-- Show the Post's Author email. Display the Name as a Linked email Address. -->
Email Author: <a href="mailto:<?php echo antispambot(get_the_author_meta('email'), 1); ?>" title="Email Author"><?php the_author_meta('display_name'); ?></a>
CODE-2 Notes:
Add CODE-2 where you want the Post Author´s email to appear.
The get_the_author_meta() function returns the email address for the author of the current post and returns it for further use by the antispambot function.
The function antispambot() parses the e-mail address passed by get_the_author_meta(). The nice thing about the antispambot() function, is that it encodes only portions of the email address, and does so randomly so the encoded letters are different each time the page loads.
CODE-2 works on WordPress 2.8.0 and higher. But I hope that you will upgrade to the latest version.
CODE-2 References:
Result of CODE-2:
The image below show the result of CODE-2 for a Guest Post on this Blog. This is not my Post, thus it is not my email address.
This is how it appears at the bottom of the Post. This is just an example. If I really want to add the email at the end of each post, I will integrate CODE-2 within the Author´s Profile box. As usual, the real email appears in the status bar when hovering.
This is how the Post Author´s email appears in the source code the page (View Page Source):
//I chose a Guest Post's Author. The code encodes only portions of the email address, and does so randomly. Email Author: <a title="Email Author" href="mailto:er%69%63@o%6e%6cine%73tor%61%67e.%6f%72g">Eric Greenwood</a>
Conclusion
In this tutorial, I showed you how to automatically obfuscate email addresses in your WordPress blog and without a plugin.
Nothing can guarantee that email addresses can´t get harvested, unless you don´t display them. By definition, “obfuscate” means “ambiguous or harder to interpret”. This method offers some degree of protection, much better than nothing. A spam bot intelligent enough could have the ability to crack the code. For instance, the spam bot could check for the percent (%) in a suspecting email, and decode the symbol back to a letter. There is always URL Decoders, but this is MUCH safer than just plainly writing the email address.
Your Turn to Talk
How easy did you find this tutorial to implement? Do you have something to add or anything else to say? If so, please share your opinion in the Comment section. Your opinion matters, unless it is a Spam.
Boutros, Once again I find myself back at your website. My question is since I use Google Schema throughout my site, it there a re-usable function that might exist to obfuscate email addresses on the fly? For instance this is how email address are currently coded:
daveATwhatsthebigidea.com. Some less savvy visitors don’t understand “daveATwhatsthebigidea.com” in order to use it.You can see an example in the grey box on this page: http://www.whatsthebigidea.com/contact/about-new-york-web-designer/
Hi, just wanted to say thank you for this post. I discovered your site a couple of weeks ago whilst searching for some ‘get_excerpt’ tricks and am very impressed with your content and the way it presented.
Thanks again
Richard
Thank you Richard. Very much appreciated.
This post is also good for WP theme developers, integrating obscure emails as a built-in feature in the theme.