How to Hide Your Email Address in WordPress with Encryption

Everyone on the web has to deal with email harvesters – the bots that spammers send out to your site in order to collect your email address.

Of course an email form is one way to combat harvesters from collecting your email address. But sometimes that just means you’ll get spam via your mail form. Also, of course, sometimes you might want to put your email address on your site for legitimate users. What if your form isn’t working, for example?

Many people have taken to spelling out their email address in all sorts of odd ways in order to fool the harvesters. But there’s an easier way. In fact, there are several easier ways.

You can encode your email address, so that humans can read it, but the harvesters can’t.

One way is more manual. And the other involves a plugin. You may want to use both.

Encode Your Email Address with the AntiSpamBot Function

We’ll go over the more manual version first. It consists of working with a little-known WordPress function called antispambot.

You can use this solution to place your email address wherever you’d like in your theme: for example, in your footer or sidebar or header.

If you would just like to print your email on your site, you can use the following bit of code. (Note: you will need to replace “[email protected]” with your actual email address.)

<?php echo antispambot('[email protected]') ?>

Let’s take a look at that in action, so we can see what a human sees and what an email harvester sees. (Note: the encoding changes upon each refresh, so there isn’t an easily hacked system.)

You can also automatically grab the email that’s associated with your profile by using the following code:

<?php echo antispambot(get_the_author_email()); ?>

Featured Plugin - WordPress Newsletter Plugin

Now there's no need to pay for a third party service to sign up, manage and send beautiful email newsletters to your subscriber base - this plugin has got the lot.
Find out more

Make It Clickable

You can also make the email clickable by inserting code like the following. (“Contact Us” is the text that will be linked in this case. You can insert whatever you like there.)

<a href="mailto:<?php echo antispambot('[email protected]' ) ?>">Contact Us</a>


Again, as above, you can automatically call in the email associated with your profile with the following code:

<a href="mailto:<?php echo antispambot(get_the_author_email()); ?>">Contact Us</a>


Print a Clickable Email Address

You can also print the email address out and make that clickable. Keep in mind that you have to include your email address twice below.

<a href="mailto:<?php echo antispambot('[email protected]' ) ?>"><?php echo antispambot('[email protected]') ?></a>

To get the email associated with your profile, use the following code:

<a href="mailto:<?php echo antispambot(get_the_author_email()); ?>"><?php echo antispambot(get_the_author_email()); ?></a>

Add Text Inside the Link

You could also add other text to the code above to make it say what you like.

<a href="mailto:<?php echo antispambot('[email protected]' ) ?>">Email Us: <?php echo antispambot('[email protected]') ?></a>

To call in the email address associated with your profile, add the following code:

<a href="mailto: <?php echo antispambot(get_the_author_email()); ?>">Email Us: <?php echo antispambot(get_the_author_email()); ?></a>


Add Text Outside the Link

Or you could add text before the code to preface the email address. In this case, the email address is clickable, but the text is not.

Email Us: <a href="mailto:<?php echo antispambot('[email protected]' ) ?>"> <?php echo antispambot('[email protected]') ?></a>

Once again, to get your profile’s email address here, add the following code:

Email Us: <a href="mailto: <?php echo antispambot(get_the_author_email()); ?>"> <?php echo antispambot(get_the_author_email()); ?></a>

Use Plugins for Posts, Pages, Comments, etc.

So the above code works when you insert it into your theme’s files; however, that doesn’t help you when you want to put your email address in a post or on a page (like your About page).

For that, you can turn to various plugins.

There are a number of plugins out there that will encode your email. I’ll recommend two here.

1. Email Address Encoder (Download Here)

This is a very easy plugin to work with. After installing and activating it, there’s nothing else to do.

Every time you type an email address into a post, a page, a comment, or a text widget, it will automatically be encoded. No shortcodes to mess with. No other configuration needed.

You can also create clickable links, and the address will be encoded. (For more on creating clickable email links, see the final section below.)


2. Email Encoder Bundle (Download Here)

The second plugin is the Email Encoder Bundle. Although you do need to use a shortcode with the  plugin (no big deal, right?), it offers a few more options for those who are into them. It allows you to choose various ways to encode the address. It also allows you to do things such as automatically convert regular email addresses into clickable links (“mailto links”).

Final Notes on Email Address

Just as a general note on email addresses, you can make them clickable by putting mailto: before the address and then hyperlinking it. So similar to using http: in front of a web address, you would use mailto:.

For example, instead of linking [email protected], you would link mailto:[email protected].

The complete HTML for the above would be the following …

<a href="mailto:[email protected]">My Link Text</a>


You can also pre-populate the email with a subject line by appending information after the email address like this:

<a href="mailto:[email protected]?Subject=Hello%20There!">My Link Text</a>

(Note: the characters “%20” above gives you a space between the two words “Hello” and “There!”)

Photo: Binary data under a magnifying lens. Digital illustration from BigStock

Tags ,

Comments (9)

  1. Several major issues with this method:
    1) encryption !== encoding; they’re very different things, different purposes and different mechanisms for implementation. *encoding* is all but useless.
    2) a false sense of security is no security at all.
    3) what these mechanisms actually employ is called obfuscation, which in machine terms is 100% ineffective.

    I discuss these issues in an article I wrote over 4 years ago here:
    The page includes a demonstration of how simple it is to harvest email addresses from any page using the obfuscation methods these plugins utilize. And looking at the code of the two recommended plugins, both are absolutely useless in preventing email harvesting.

    The bottom line is that *encoding* an email address does nothing to prevent harvesting.

  2. Absolutely.

    Using a two-factor encrypt or even a non-standard/custom encoding would be far more effective on both ends, and could use the same frameworks which these plugins utilize. In fact, the Email Encoder Bundle plugin you’ve listed, while not having an effective method natively, is designed to be modular so custom mechanisms can be incorporated into it.

    I don’t have the time right now to generate one, but it’s really not that big of a deal to effect actual security using the mechanisms currently employed in that plugin…and since it’s render-level, it wouldn’t “damage” the content and would be effective on multisite networks, too.

  3. Hi joe:
    Really informative article. I am looking for the same kind of solution with the Hcard generator.I just want the information will be visible to humans and with the search engines(some how into understandable e-mail format) but not for e-mail harvesters.

    Is there any solutions available for the wordpress users

  4. I have been browsing online more than three hours as of late, yet I by no means found any fascinating article like yours. It’s lovely worth enough for me. Personally, if all website owners and bloggers made just right content material as you probably did, the web shall be a lot more useful than ever before.

  5. Hello
    I created a WordPress plugin which is a solution to the problems that Shawn addressed above and to his site.

    The Solution – General Description

    This plugin is based on mcrypt php library. Both the encryption and decryption occurs on the server. JavaScript is used (an AJAX Post Request) to dynamically contact the server, where the e-mail decryption happens and send back the results. Regardless of how many e-mails are on a webpage only ONE AJAX request takes place. It utilizes the load event which means that only when the page is fully loaded the request – response happens (it will not slow down your page rendering). The actual display happens when you hover over the e-mail. Native JavaScript is used (no library dependencies). It is lightning fast and only 4 kb small.

    read more and test it on:

    Please feel free to send me you comments, thoughts and constructive criticism. I always try to get better.
    Thank you