Email Address Encoder

by Till Krüss

Description

A lightweight plugin that protects plain email addresses and mailto links from email-harvesting robots, by encoding them into decimal and hexadecimal entities. Has an effect on the posts, pages, comments, excerpts, text widgets and other filtered content. Works without JavaScript — just simple spam protection.

To see whether all your email addresses are properly protected, use the free page scanner tool.

Other content (like phone numbers) can be protected using [encode] shortcode:

[encode]+1 (555) 123-4567[/encode]
[encode link="tel:+15551234567"]+1 (555) 123-4567[/encode]

Premium Features

Full-page protection that catches all email addresses
Hardened protection using JavaScript and CSS techniques
Improved phone number protection
Built-in plugin support for ACF, Jetpack, WooCommerce and many others

Check out the Premium version of Email Address Encoder.

Installation

For detailed installation instructions, please read the standard installation procedure for WordPress plugins.

Upload the /email-address-encoder/ directory and its contents to /wp-content/plugins/.
Login to your WordPress installation and activate the plugin through the Plugins menu.
Use the “Page Scanner” under Settings -> Email Encoder to test if your email addresses are protected.

Screenshots

Settings: Configure the plugin to your needs.
Protection: This is how email addresses will look like under the hood.
[Premium] Hardened protection: A preview of JavaScript and CSS based techniques
[Premium] Phone number protection using polymorphous ROT47/CSS

Faq

What does this plugin do?

This plugin searches for email addresses using WordPress filters like the_content, widget_text and others. Found email addresses are encoded using decimal and hexadecimal HTML entities, which obfuscates the email addresses to protect it from being read by most email-harvesting robots.

Alternatively, you can use the [encode] shortcode: [encode]+1 (555) 123-4567[/encode]

How can I make sure the plugin works?

You can use the “Page Scanner” found under Settings -> Email Encoder to see whether all your email addresses are protected. Alternatively, you can manually look at the “page source” of your site.

Please note: Chrome’s Developer Tools, Safari’s Web Inspector and others automatically decode decimal and hexadecimal entities. You need to look at the “plain HTML source code”.

How can I filter other parts of my site?

This guide will help you encode all email addresses that aren’t caught.

Reviews

Do not understand the naming convention between pro and free

By ianstudio on June 23, 2025

I do not understand the naming convention between pro and free
Hard to understand if it is being maintained with as much vigor as the free version.. why is pro/paid at v 0.3.11.

Why would't the developper keep some sort of parity between the pro and free in naming convention ?

Eigentlich eine Frechheit!

By treierp on January 3, 2025

Habe das Plugin in der Pro Version gekauft. Nach einiger Zeit läuft nur noch die gratis Version. Grund: Meine Lizenz wird offenbar irgendwo sonst verwendet!?
Nachfrage beim Support: KEINE ANTWORT!

Frechheit oder Betrug, ich mag es nicht beurteilen.
Aber mein Rat: Finger weg von diesem Hersteller.

pro but no support, no refund

By Patrice Grometto (patgromy2) on December 2, 2024

works correctly with simple websites ; may stop other plugins from functioning (such as plausible stats), and then, absolutely no replies, and no support would be provided, even with pro version...

plugin wont work, no support, no refund

By anonymous765562 on October 29, 2024

Bought the plugin, it did not work. Couldn't reach the support. Did not get any refund.

Seems to be scam. I've escalated the issue to the bank and they will contact the authorities.

pro version but no support

By wehpeh on August 10, 2024

sad to say, bought the pro version and had a question - no support no feedback 🙁

Important plugin in times of spam

By Wasilij (wasilij) on February 2, 2024

Thank you for developing this useful plugin!

didn't work, no support, but debits continue despite termination

By bea (beatefuchs) on January 31, 2024

Did not work on my homepage. Although I bought the premium version and sent several requests by mail, no feedback came. Canceled by e-mail, but charges are still being made. Attention: Do not enter a credit card number!

No support, no updates

By mediengewerk on January 26, 2024

Not what it was once... Awful support, no updates and no help.

Awful unresponsive support, bugs (paid version)

By Adam Liberman (adam5532) on January 19, 2024

Paid version was last updated almost two years ago. Has unfixed bugs. Awful support -- often doesn't answer support emails. Has no ticket tracking system for support. Got automatically charged for renewal so I issued chargebacks with my credit card. Seems that other paid users are having the same problems.

Not working with widgets

By dichternebel on November 2, 2023

This might work with page or post content, but does not with widgets. I can't recommend using this and suggest to use the plugin "Email Encoder" by Jannis Thuemming instead, since that does the job out of the box.

Changelog

1.0.24

Added class attribute to [encode] shortcode
Prevent CSRF to flush page caches

1.0.23

Fixed potential XSS vulnerability when using link shortcode attribute

1.0.22

Added link attribute to [encode] shortcode

1.0.21

Changed page slug to avoid issues with the encode keyword
Only search for unprotected emails on public pages
Show warning when page couldn’t be fetched

1.0.20

Encode emails in navigation menus

1.0.19

Defer loading of email detector script
Use plugin version as cache buster
Add “Polymorphous ROT47/CSS” to techniques

1.0.18

Show warning when incompatible plugins are installed
Fixed saving of dismissed notices

1.0.17

Offload email detection to web worker
Flush WP Super Cache and Cachify when saving settings
Ignore emails in admin bar, debug bar and query monitor

1.0.16

Avoid fatal error when using PHP 5.5 or lesser

1.0.15

Added EAE_REGEXP constant
Added eae_email_callback filter
Added unprotected email detector to admin bar
Respect eae_method filter in shortcode
Fixed issue with notices not hiding in some cases
Flush page cache when saving settings (W3 Total Cache; WP Rocket; LiteSpeed Cache; JCH Optimize)

1.0.14

Fixed Dashboard JavaScript issue
Blocked signup for more non-production domains

1.0.13

Resolved issue with WordPress 4.7 and older
Blocked signup for local domains and IP addresses

1.0.12

Avoid fatal error when using PHP 5.3 or lesser

1.0.11

Added the ability to get notified when your site contains unprotected email addresses
Made EAE_DISABLE_NOTICES check stricter
Removed cross-promotion

1.0.10

Added option to disable notices and promotions
Added activation and uninstall callbacks
Added $hex parameter to eae_encode_str() method
Added ability to turn off email encoding
Various code and UI improvements

1.0.9

Made page scanner notice dismissable
Only show page scanner notice on Dashboard
Added setting for filter priority
Added EAE_DISABLE_NOTICES constant to disable all notices and promotions
Pass site URL along to page scanner
Moved cross-promotion to plugin screen

1.0.8

Added user interface
Added links to page scanner

1.0.7

Prevent potential compatibility issue with other plugins or themes

1.0.6

Added [encode] shortcode
Require PHP 5.3 to fix deprecation warning

1.0.5

Prevented error when eae_encode_emails() doesn’t receive a string

1.0.4

Added EAE_FILTER_PRIORITY constant to adjust default filter priority

1.0.3

Added filter to override the encoding function
Improved randomness of encode-function
Improved speed by doing fast @-sign existence check

1.0.2

Added filter to override the regular expression.

1.0.1

Effects now also page, post and comment excerpts

1.0

Initial release