How To Protect Email Addresses On Your WordPress Site

It may be old and and it’s definitely uncool but email is still a significant communication channel and that means it still garners the attention of the spammers.

The first step in email anti-spam is not to handover the email address but often there’s a requirement, especially for organizations, to publish an email address on their WordPress site.

In this Weekend WordPress Project, we’ll look at how to make the scraping of email addresses from your site as difficult as possible.

Email encoding is quick, easy and effective
Email encoding is quick, easy and effective

Before we start, it’s important to appreciate that there is no failsafe method of protecting an email address or indeed any content. What we are trying to do here is raise the degree of difficulty just enough to foil the majority of bots.

The other key consideration is that the horse has probably already bolted for any email addresses that have been on your site for any length of time. That said, adding the protecting to your website will not do any harm.

So, how do you deter the majority of bots?

The bots work by scanning the source code of your site, looking for email addresses and following links to other pages. Email addresses are fairly easy to pick out due to their formatting and their use of the “mailto” URL scheme.

There are various techniques for making harvesting of these links difficult but the most successful and the most usability-friendly approach is to encode the email address.

Whilst browsers will decode the address and it will display and behave exactly as normal, most bots don’t decode nor do search for an encoded @ – they don’t have to as there are enough websites that publish email addresses in plain text.

Installing The Email Address Encoder Plugin

Email Address Encoder promo image
Simple email address obfuscation that won’t impact on usability

All that’s required to encode the email addresses is to install the Email Address Encoder plugin, one of the best documented plugins, incidentally, in the WordPress plugin repository.

The plugin uses a variety of filters to encode email addresses on the fly as WordPress puts a page together including those found in posts, pages, widgets, comments and excerpts.

So, for example, whilst the browser shows this:

Screenshot of two email address that appear normal despite being encoded
For humans, everything looks like normal

What the bot sees is very different:

Notice also how the email address in the content itself has also been encoded.

This technique won’t guarantee that email addresses on your site won’t get scraped but it will certainly prevent most of the scraper bots from plying their trade whilst maintaining usability.

Well worth the five minutes to install the plugin.