elegant themes

Preventing email spam with the built-in WordPress email obfuscator

| July 10, 2008 | 9 Comments

If you want to give people the option to contact you by email, you need to display your email address on your site. But by doing so, you are putting yourself at the mercy of the low-lives out there harvesting email addresses so they can spam you with products that will enlarge certain parts of your body.

There are solutions out there that use javascript and other stuff to “obfuscate” your email address, but why use something external when you can use the handy, shiny, built-in WordPress email obfuscating template tag?

To use this template tag, you need to do the following:

  1. Make sure your email address is in your user profile.
  2. Put the following template tag wherever you want the address to appear:

The WordPress codex says that this tag works as follows:

The function antispambot() above parses the e-mail address passed by get_the_author_email() (this is the same as the_author_email(), except it returns rather than displays the author’s e-mail address). Use of the echo command displays the output of antispambot(). An interesting feature is it encodes only portions of an address, and does so randomly so the letters encoded are different each time the page loads, adding a little more firepower to the spam protection arsenal.

My questions are:

  1. Since this pulls an author related parameter, will the email address change according to the author? (Probably.)
  2. Can this even be displayed in the sidebar?

It seems that if it is author related, it is not a good solution for displaying a website email address that does not belong to a specific person, like info@whatever.com. But if you do have a multi-author site and you want to display the authors’ email addresses, this seems like a great way to do that without feeding the spam wolves.

Tags: ,

Category: Good Blogging Practice

About Miriam Schwab: Miriam is the friendly CEO of illuminea, a WordPress design and development agency. Miriam is a huge fan of WordPress and has been using it for over five years now. In addition, Miriam and her team have been organizing the local Israeli WordCamp conferences for the past few years. View author profile.


Comments (9)

Trackback URL | Comments RSS Feed

  1. [...] didn’t know this until WordPress Garage pointed it out, but it seems that WordPress has a built-in obfuscation function. It’s called antispambot(). [...]

  2. [...] Dave’s slightly helpful pick: WordPress’s built-in email obfuscator [...]

  3. tekkie says:

    Mac OS X users can also manually use a Dashboard widget called obfuscatr. It provides JS or just plain encoding of your email. See the details article at flash tekkie. obfuscatr was also featured in MacWorld Italy of March 2008.

  4. [...] Dave’s slightly helpful pick: WordPress’s built-in email obfuscator [...]

  5. csleh says:

    unfortunately the tag doesn’t show anything in wp 2.8.1. Use an obfuscator to hide, but a contact form is a better idea.

  6. @csleh: WP 2.8.4 seems to work just fine with the antispambot tag. I was using get_the_author_meta('user_email') for grabbing the address. You might try that…
    Contact forms are nice, but a lot of people want to be able to click on a link to email (in part for their own concerns about privacy), and this is pretty much the best solution for that situation.
    To grab an author’s email outside of the loop, you need to specify which author, like so:
    get_the_author_meta('user_email',2)
    …where ‘2’ is the author’s ID.

  7. ND says:

    I used to have Private daddy on my web site. Now there’s also a WordPress plug-in for the rest of us. It does this automatically: http://www.privatedaddy.com/wordpress

  8. @ND thanks for telling us about Private Daddy! I’m going to check that out. Seems like an interesting service.

  9. Hans says:

    Hi Miriam,
    Thanks for the info, just what I was looking for. You mention that you cannot use this method to obfuscate a generic, non-specific user related email address. But you can: if you enter
    <?php echo antispambot(<emailaddress>); ?>
    (such as <?php echo antispambot(“info@whatever.com”); ?>, it will just take that specific email address and obfuscate it.
    Cheers,
    Hans.

Leave a Reply




If you want a picture to show with your comment, go get a Gravatar.

More in Good Blogging Practice (5 of 14 articles)