Everyone on the web has to deal with email harvesters – the bots that spammers send out to your site in order to collect your email address.
Of course an email form is one way to combat harvesters from collecting your email address. But sometimes that just means you’ll get spam via your mail form. Also, of course, sometimes you might want to put your email address on your site for legitimate users. What if your form isn’t working, for example?
Many people have taken to spelling out their email address in all sorts of odd ways in order to fool the harvesters. But there’s an easier way. In fact, there are several easier ways.
You can encode your email address, so that humans can read it, but the harvesters can’t.
One way is more manual. And the other involves a plugin. You may want to use both.
Encode Your Email Address with the AntiSpamBot Function
We’ll go over the more manual version first. It consists of working with a little-known WordPress function called antispambot.
You can use this solution to place your email address wherever you’d like in your theme: for example, in your footer or sidebar or header.
If you would just like to print your email on your site, you can use the following bit of code. (Note: you will need to replace “email@myemail.com” with your actual email address.)
<?php echo antispambot('email@myemail.com') ?>
Let’s take a look at that in action, so we can see what a human sees and what an email harvester sees. (Note: the encoding changes upon each refresh, so there isn’t an easily hacked system.)
You can also automatically grab the email that’s associated with your profile by using the following code:
<?php echo antispambot(get_the_author_email()); ?>
Featured Plugin - WordPress Google Maps Plugin
Make It Clickable
You can also make the email clickable by inserting code like the following. (“Contact Us” is the text that will be linked in this case. You can insert whatever you like there.)
<a href="mailto:<?php echo antispambot('email@myemail.com' ) ?>">Contact Us</a>
Again, as above, you can automatically call in the email associated with your profile with the following code:
<a href="mailto:<?php echo antispambot(get_the_author_email()); ?>">Contact Us</a>
Print a Clickable Email Address
You can also print the email address out and make that clickable. Keep in mind that you have to include your email address twice below.
<a href="mailto:<?php echo antispambot('email@myemail.com' ) ?>"><?php echo antispambot('email@myemail.com') ?></a>
To get the email associated with your profile, use the following code:
<a href="mailto:<?php echo antispambot(get_the_author_email()); ?>"><?php echo antispambot(get_the_author_email()); ?></a>
Featured Plugin - WordPress Q&A Site Plugin
Add Text Inside the Link
You could also add other text to the code above to make it say what you like.
<a href="mailto:<?php echo antispambot('email@myemail.com' ) ?>">Email Us: <?php echo antispambot('email@myemail.com') ?></a>
To call in the email address associated with your profile, add the following code:
<a href="mailto: <?php echo antispambot(get_the_author_email()); ?>">Email Us: <?php echo antispambot(get_the_author_email()); ?></a>
Add Text Outside the Link
Or you could add text before the code to preface the email address. In this case, the email address is clickable, but the text is not.
Email Us: <a href="mailto:<?php echo antispambot('email@myemail.com' ) ?>"> <?php echo antispambot('email@myemail.com') ?></a>
Once again, to get your profile’s email address here, add the following code:
Email Us: <a href="mailto: <?php echo antispambot(get_the_author_email()); ?>"> <?php echo antispambot(get_the_author_email()); ?></a>
Featured Plugin - WordPress Infinite SEO Plugin
Use Plugins for Posts, Pages, Comments, etc.
So the above code works when you insert it into your theme’s files; however, that doesn’t help you when you want to put your email address in a post or on a page (like your About page).
For that, you can turn to various plugins.
There are a number of plugins out there that will encode your email. I’ll recommend two here.
1. Email Address Encoder (Download Here)
This is a very easy plugin to work with. After installing and activating it, there’s nothing else to do.
Every time you type an email address into a post, a page, a comment, or a text widget, it will automatically be encoded. No shortcodes to mess with. No other configuration needed.
You can also create clickable links, and the address will be encoded. (For more on creating clickable email links, see the final section below.)
2. Email Encoder Bundle (Download Here)
The second plugin is the Email Encoder Bundle. Although you do need to use a shortcode with the plugin (no big deal, right?), it offers a few more options for those who are into them. It allows you to choose various ways to encode the address. It also allows you to do things such as automatically convert regular email addresses into clickable links (“mailto links”).
Final Notes on Email Address
Just as a general note on email addresses, you can make them clickable by putting mailto: before the address and then hyperlinking it. So similar to using http: in front of a web address, you would use mailto:.
For example, instead of linking email@myemail.com, you would link mailto:email@myemail.com.
The complete HTML for the above would be the following …
<a href="mailto:email@myemail.com">My Link Text</a>
You can also pre-populate the email with a subject line by appending information after the email address like this:
<a href="mailto:email@myemail.com?Subject=Hello%20There!">My Link Text</a>
(Note: the characters “%20” above gives you a space between the two words “Hello” and “There!”)
Featured Plugin - WordPress Facebook Plugin
Photo: Binary data under a magnifying lens. Digital illustration from BigStock
Several major issues with this method:
1) encryption !== encoding; they’re very different things, different purposes and different mechanisms for implementation. *encoding* is all but useless.
2) a false sense of security is no security at all.
3) what these mechanisms actually employ is called obfuscation, which in machine terms is 100% ineffective.
I discuss these issues in an article I wrote over 4 years ago here:
http://reliableanswers.com/js/mailme.asp
The page includes a demonstration of how simple it is to harvest email addresses from any page using the obfuscation methods these plugins utilize. And looking at the code of the two recommended plugins, both are absolutely useless in preventing email harvesting.
The bottom line is that *encoding* an email address does nothing to prevent harvesting.
Thanks, shawn. Since these methods use a function that’s built into WordPress, do you think anything can be done about the function itself?
Absolutely.
Using a two-factor encrypt or even a non-standard/custom encoding would be far more effective on both ends, and could use the same frameworks which these plugins utilize. In fact, the Email Encoder Bundle plugin you’ve listed, while not having an effective method natively, is designed to be modular so custom mechanisms can be incorporated into it.
I don’t have the time right now to generate one, but it’s really not that big of a deal to effect actual security using the mechanisms currently employed in that plugin…and since it’s render-level, it wouldn’t “damage” the content and would be effective on multisite networks, too.
Thanks for the post about the options for hiding email addresses. Have you looked at Andrew Norcross’s plugin: http://wordpress.org/extend/plugins/safer-email-link/
Hi joe:
Really informative article. I am looking for the same kind of solution with the Hcard generator.I just want the information will be visible to humans and with the search engines(some how into understandable e-mail format) but not for e-mail harvesters.
Is there any solutions available for the wordpress users
Hi Sakthi – not sure about that. Sorry. Wish I could be more help.
Thanks for the post and comments — some great information here.
Does anyone have opinions on these two email spam plugins?
SpamShiv Lite
http://www.think-press.com/plugins/spamshiv
Simple Mail Address Encoder
http://www.bannerweb.ch/unsere-leistungen/wordpress-dev/simple-mail-address-encoder/
—–
Or even ‘Bad Behavior’ or ‘Project HoneyPot’ (as can be used with GravityForms)
I have been browsing online more than three hours as of late, yet I by no means found any fascinating article like yours. It’s lovely worth enough for me. Personally, if all website owners and bloggers made just right content material as you probably did, the web shall be a lot more useful than ever before.