Secure Your Mail With WordPress Antispambot Function

A little-known feature in WordPress is antispambot() from the wp-includes/formatting.php. It is a kind obfuscator of the email address. It doesn't create a clickable mailto link. Our e-mail with antispambot in the source code looks like this:

Screenshot WordPress antispambot email

You cannot use this function in a post or page unless you installed the EXEC-PHP Pluging. Kai had the cool idea to use shortcodes for this. This function belongs in the function.php of your theme folder:

<?php
function wpe_secure_mail($atts) {
	extract(shortcode_atts(array(
		"mailto" => '',
		"txt" => ''
	), $atts));
	$mailto = antispambot($mailto);
	$txt = antispambot($txt);
	return '<a href="mailto:' . $mailto . '">' . $txt . '</a>';
}

if ( function_exists('add_shortcode') )
	add_shortcode('sm', 'wpe_secure_mail');
?>

This shortcode will be used to write in your post/page:

[sm mailto="foo@bar.com" txt="here is my mail"]
//or
[sm mailto="foo@bar.com" txt="foo@bar.com"]

Here an example, look at the source code of this page:
[sm mailto="info@wpengineer.com" txt="info@wpengineer.com"]

Comments are closed.

14 comments

  1. Samuel

    There is a plugin called Obfuscate email that makes the same job for all email addresses printed in the blog.

    It's a bit old, but works fine with WP 2.7.1

  2. Jan Olsen

    I fear that sometimes people underestimates what email harvesting scripts can do :(.

    The above might be slightly more obfuscated than plain text, but it wont help anything in the end.

    It's pretty easy to find "mailto:" links on a page and when you have that, then you "know" the following should be an email address. If using PHP, then just run html_entity_decode() on that antispambot'ed string and you have an email address in plain text.

    I haven't try the following, but using html_entity_decode() on the entire page first and then search for "mailto:"s would most likely also work.

    The best way IMHO is to either use images or to use javascript that "generates" the real email address, since harvesting scripts often can't interprete javascript.

  3. Danilo

    Is it possible to extend this function so it adds a quicktag "mail" to the editor?

  4. Frank

    @Danilo: i think its better, when you copy this function in your Theme and add your quicktag with the Plugin AddQuicktag, thats easy.

  5. Lorelle

    Obfuscate Email WordPress Plugin continues to work, at least for my blogs.

    Also, what isn't clear in your post is that people can use the character entities as you have posted in the first example without having any special Plugins installed. It kind of implies you have to, but I use this all the time. I have it saved in my text editor to paste in when I need it.

    A Plugin makes it site wide, converting all emails in posts into anti-harvesting versions, but what I haven't found and wish was built into the code is one that will obfuscate within comments. Too many ignorant folks put in their emails without thinking of the risk they are taking and then it becomes the responsibility of the blogger to edit and remove them.

  6. John P

    Shortcodes look icky in your feed. I avoid them at all costs.

  7. Alex

    @Jan Olsen, you are right, We just wanted to show how you can use this function, but there are certainly better solutions.

    @Lorelle, it would be possible to create a filter function, which searches, while saving, through the comment if it has an email address included and converts them via antispambot.

  8. Jeremy Carlson

    @Jan / Alex,

    You can include 'mailto:' in the antispambot filter, which makes it a lot less visible to harvesters.

    -Jeremy

  9. Jan Olsen

    That wouldn't make any difference Jeremy.

    When you run the html_entity_decode() on the entire page, then the "obfuscated" mailto would become clear text again. Either way you end up with a complete page in clear text and then it's just a matter of copying the right word (email addresses).

    Best regards,
    Jan

5 pingbacks

  1. Mail-Verschlüsselung « Wer ist eigentlich Paul?
  2. Темплейт Colorpaper - get_popular() баг | Моя доска
  3. E-Mail Schutz für WordPress (mit Plugin) - codeschnipsel, CSS, E-Mail, PHP, Plugin, Schutz, Spam, Wordpress - ocean90s weblog
  4. E-Mail Schutz für WordPress (mit Plugin) » codeschnipsel, CSS, E-Mail, PHP, Plugin, Schutz, Spam, Wordpress » ocean90s weblog
  5. E-Mail Schutz für WordPress (mit Plugin) » codeschnipsel, CSS, E-Mail, PHP, Plugin, Schutz, Spam, Wordpress » ocean90s weblog