Anti-Email Spam (email bot obsfucator)


Version: 1.3

This is a very simple plugin that attempts to hide email addresses from ‘bots (computer email harvesting programs). Why would you want to do this? Because these nasty little harvesting programs are used by equally nasty little spammers. They scour websites looking for email addresses, which are then added to their spam list.

All the plugin does is replace any email addresses in your posts and pages with an obfuscated version. Two types of obfuscation are available:

  • Entity encoding – this encodes the email address as HTML entities, making it invisible to most harvesting software
  • JavaScript encoding – the email is encoded as a short piece of inline JavaScript code

So which is best for you? Well, it depends. I’ve seen reports of smart spammers decoding entities and successfully extracting email addresses. However, this method will work on all browsers, regardless of JavaScript. On the other hand, spammers have not yet, as far as I’m aware, implemented JavaScript in their programs, so the JavaScript version should be ‘untouchable’. This is at the expense of emails being invisible to non-JavaScript enabled browsers.

The choice is yours.

After obsfucation the email address is wrapped in a mailto:, allowing viewers easy email access (while still stopping the ‘bots).


  • Download
  • Unzip
  • Change obfuscation, if necessary (see below)
  • Upload antiemailspam.php to /wp-content/plugins
  • Enable plugin from Plugin administration

You can find full details of installing a plugin on the plugin installation page.


Configuration is extremely simple. You can change the type of email obfuscation by editing the antiemailspam.php file and commenting/uncommenting the appropriate line:

//$anti_callback = "anti_callback_entity";
$anti_callback = "anti_callback_js";

JavaScript obfuscation is enabled by default. To swap to entity encoding the code should look like this:

$anti_callback = "anti_callback_entity";
//$anti_callback = "anti_callback_js";

NOTE: email addresses already inside a mailto: are ignored.

57 thoughts on “Anti-Email Spam (email bot obsfucator)”

  1. Nice one!
    I’ve never heard ’bout your plugins before. It was a coincidence to get here through a link on some page.
    I just want to say: all of your plugins are very usefull!
    Keep on the good work … I’ve added you to

  2. Mmm iv tryed used this plugin for my custom form, iv added this line to script
    add_filter (‘the_content’, ‘anti_email_spam’);
    add_filter (‘c2c_get_custom’, ‘anti_email_spam’);
    but strange plugin not work for any, without my line and with my line
    my wp 2.2.3 and all emails posted without any link and mailto, only like text – example –
    plugin doe’t not work for text only? need added mailto?

  3. You can find full details of installing a plugin on the plugin installation page. [How to install a WordPress plugin] gets a 404.

  4. This plugin was breaking for me with wordpress 2.3.4 because it was running before the default wordpress auto-formatting filters. Then the wordpress filters would alter the javascript code making it generate javascript errors.

    Changing the anti_email_spam filter to run last fixed it for me

    Just add the 99 in the filter code to get it to run after all other filters.

    add_filter ('the_content', 'anti_email_spam',99);

  5. Nice plugin. Are you taking feature requests? 🙂
    I noticed that the plugin does not look at the href attribute. It seems that links such as
    [a href=""]user name[/a]
    would be just as important to consider when trying to prevent harvesters.

  6. John, would you mind explaining how I have to code my e-mail so your plugin will recognize it? I’ve only been working with WordPress since December and haven’t launched my private blog yet (want to get it safe first). Maybe there’s something I’m missing?

    I understand that I’m not supposed to write my e-mail like this:
    write me

    But when I leave out the mailto-part, my e-mail address gets attached to the path of the specific post that contains the e-mail address. Like this:

    Any help would be greatly appreciated! Thanks!

  7. John, never mind, I just figured it out: the e-mail address needs to be written in clear text, not as a link. In other words: just type your e-mail address in the visual panel of the WP editor and don’t freak out. Once your posting/page is published, go and check the source code of the page – you can just search for the @-sign. It won’t be there.

    I mention this here in detail for other newbies like me — maybe you could add this piece of info to your description/instructions, John? Not everybody who simply USES blogs knows all the intricate workings of all the used programming languages. I looked around online and found quite a few people who things a plugin doesn’t work if you don’t see the result immediately inside the WP editor!

    Oh, one last thing: you have above this comment box a list of XHTML tags which I’m supposed to be able to use in here, when writing a comment. However, it doesn’t work! Nothing get’s formatted correctly. And, as some other folks before me mentioned: the code-tags don’t turn the text into code; they highlight it, but that’s all, the code entered is still interpreted. Maybe you’d like to look into that? Hope I could help!

  8. Hi John,
    Thanks for the great plugin.

    Is it possible to add a decision to the code such that depending on the browser javascript status, either javascript or entity encoding is used.

    Seems this would be the ideal way to address the problem, giving the maximum solution most of the time (javascript) and still providing for non-javascript browsers.

  9. Hi,

    I am trying to download version 1.3 (like it says by the download icon) But instead get version 1.2. (this is mentioned in the downloaded php file)

    Anyway I need the version suitable for wp 2.7.1.

    What now ?

  10. It seems to be adding the period at the end of sentences to the email address. Is there a way to fix this? It looks very awkward to have a space before the period at the end of a sentence.

      1. Hi John-
        I’m also seeing this issue (periods at ends of sentences are included in the constructed mailto:). As far as I can tell, it has to do with the last period in your regexp: ('/([> ])[A-Z0-9._-]+@[A-Z0-9][A-Z0-9.-]{0,61}[A-Z0-9]\.[A-Z.]{2,6}/i. If you remove the dot after the Z, the period doesn’t get matched into the email address that is encoded. I’m not entirely sure why that dot is in the character class in the first place. Was there a specific case I’m missing? Thanks!

  11. Thank you, I am a marketing professional with a new marketing consulting business. We have built our site with WP and I have added this in as I do not want to be sibject to countless spammers!

    I added this in in less than 2 minutes edit the options in under 30 seconds and now it is live.


    Love WordPress!

    Kind regards, Clinton.

  12. Hi,

    I wanted to use this plugin on WP 3.2.1.
    I installed it and wanted to try, but it seems not to convert text from a page to an mailto : :/
    What I did was- install plugin, edit page (removing mailto), update page, check for result…

    Is this a compatibility issue with newest WP or am I doing something wrong ? :/

    1. I found it – everything is working. the case I tested before did not work because it was between shortcodes >> [xxx] [/xxx]

      sorry for the alert.. 🙂

      NIce plugin!

Leave a Reply

Your email address will not be published. Required fields are marked *