A little-known feature in WordPress is antispambot() from the wp-includes/formatting.php. It is a kind obfuscator of the email address. It doesn’t create a clickable mailto link. Our e-mail with antispambot in the source code looks like this:
You cannot use this function in a post or page unless you installed the EXEC-PHP Pluging. Kai had the cool idea to use shortcodes for this. This function belongs in the function.php of your theme folder:
'',
"txt" => ''
), $atts));
$mailto = antispambot($mailto);
$txt = antispambot($txt);
return '' . $txt . '';
}
if ( function_exists('add_shortcode') )
add_shortcode('sm', 'wpe_secure_mail');
?>
This shortcode will be used to write in your post/page:
[sm mailto="foo@bar.com" txt="here is my mail"]
//or
[sm mailto="foo@bar.com" txt="foo@bar.com"]
Here an example, look at the source code of this page:
[sm mailto=”info@wpengineer.com” txt=”info@wpengineer.com”]
Comments
14 responses to “Secure Your Mail With WordPress Antispambot Function”
There is a plugin called Obfuscate email that makes the same job for all email addresses printed in the blog.
It’s a bit old, but works fine with WP 2.7.1
I fear that sometimes people underestimates what email harvesting scripts can do :(.
The above might be slightly more obfuscated than plain text, but it wont help anything in the end.
It’s pretty easy to find “mailto:” links on a page and when you have that, then you “know” the following should be an email address. If using PHP, then just run html_entity_decode() on that antispambot’ed string and you have an email address in plain text.
I haven’t try the following, but using html_entity_decode() on the entire page first and then search for “mailto:”s would most likely also work.
The best way IMHO is to either use images or to use javascript that “generates” the real email address, since harvesting scripts often can’t interprete javascript.
Is it possible to extend this function so it adds a quicktag “mail” to the editor?
@Danilo: i think its better, when you copy this function in your Theme and add your quicktag with the Plugin AddQuicktag, thats easy.
Obfuscate Email WordPress Plugin continues to work, at least for my blogs.
Also, what isn’t clear in your post is that people can use the character entities as you have posted in the first example without having any special Plugins installed. It kind of implies you have to, but I use this all the time. I have it saved in my text editor to paste in when I need it.
A Plugin makes it site wide, converting all emails in posts into anti-harvesting versions, but what I haven’t found and wish was built into the code is one that will obfuscate within comments. Too many ignorant folks put in their emails without thinking of the risk they are taking and then it becomes the responsibility of the blogger to edit and remove them.
Shortcodes look icky in your feed. I avoid them at all costs.
@Jan Olsen, you are right, We just wanted to show how you can use this function, but there are certainly better solutions.
@Lorelle, it would be possible to create a filter function, which searches, while saving, through the comment if it has an email address included and converts them via antispambot.
[…] gibt eine WordPress-eigene Funktion zum Verschlüsseln der E-Mail-Adresse: Secure Your Mail With WordPress Antispambot Function. Cool! Bau ich mir gleich in meine functions.php […]
[…] Secure Your Mail With WordPress Antispambot Function – antispambot … […]
[…] WordPress bietet von Haus aus auch eine Möglichkeit an, die E-Mail vor Spam zu schützen, die antispambot Funktion, welches schon seit WordPress 0.7.1 mitgeliefert wird. Hierbei wird das unter anderem das @-Zeichen in HTML Entities umgewandelt. Wie man diese Funktion nutzen kann, hat Michael auf wpengineer.com demonstriert. […]
[…] WordPress bietet von Haus aus auch eine Möglichkeit an, die E-Mail vor Spam zu schützen, die antispambot Funktion, welches schon seit WordPress 0.7.1 mitgeliefert wird. Hierbei wird das unter anderem das @-Zeichen in HTML Entities umgewandelt. Wie man diese Funktion nutzen kann, hat Michael auf wpengineer.com demonstriert. […]
[…] So kann man die E-Mail in einem Bild darstellen, wie es beispielsweise der Service eMailLink erlaubt. Eine weitere beliebte Variante ist es, die Adresse mit [at]s und [dot]s oder ähnlichem aufzufüllen. Jeder verwendet hier seine eigenen Zeichen, was das entziffern manchmal sehr erschwert. WordPress bietet von Haus aus auch eine Möglichkeit an, die E-Mail vor Spam zu schützen, die antispambot Funktion, welches schon seit WordPress 0.7.1 mitgeliefert wird. Hierbei wird das unter anderem das @-Zeichen in HTML Entities umgewandelt. Wie man diese Funktion nutzen kann, hat Michael auf wpengineer.com demonstriert. […]
@Jan / Alex,
You can include ‘mailto:’ in the antispambot filter, which makes it a lot less visible to harvesters.
-Jeremy
That wouldn’t make any difference Jeremy.
When you run the html_entity_decode() on the entire page, then the “obfuscated” mailto would become clear text again. Either way you end up with a complete page in clear text and then it’s just a matter of copying the right word (email addresses).
Best regards,
Jan