Email Address Obfuscation

How it works?

The Email Address Obfuscation plugin operates by intercepting the HTML output generated by your Publii site before it’s sent to the user’s browser. The plugin scans code for email addresses and then applies one of three obfuscation techniques: Reverse, ROT18 or Text Replacement. These techniques allow you to choose between usability and stronger bot protection.

The plugin also handles email addresses in mailto links and removes them from the <head> section, preventing their accidental exposure in areas like meta descriptions or post excerpts. In cases where JavaScript is required (for Reverse or ROT18 obfuscation), the plugin inserts the necessary client-side scripts to reconstruct the original email addresses, which allows human users to see functional email addresses.

Important Note: It is essential to understand that no obfuscation method provides 100% guaranteed protection against all email harvesting techniques. However, by combining various obfuscation strategies and requiring bot coders to use increasingly more complex methods, this plugin significantly increases the barrier to automated harvesting, which helps prevent unwanted email address collection.

Key features:

• Global or Specific Email Obfuscation: You can choose whether to apply obfuscation to all email addresses on your website or only to a specific list of email addresses you provide. This allows for targeted application based on your specific needs.
• Multiple Obfuscation Methods: The plugin offers a choice of three methods for obscuring email addresses, each with different tradeoffs between security and usability:
  • Reverse (JavaScript Required): This method reverses the character order of an email address, making it unreadable to bots. It then requires JavaScript on the user’s browser to reassemble the original email address and display it correctly for human users. This works best when you need the email address to appear and function as expected, but want to obscure the address in the source code.
  • ROT18 (JavaScript Required): This approach encodes the email address using a ROT18 cipher that shifts alphanumeric characters (by 18 places) and numbers (by 5 places). It similarly relies on client side JavaScript to decode the address on the fly.
  • Text Replacement: This method replaces the “@” and “.” symbols with user-defined text (e.g., ” AT ” and ” DOT “), changing the visual appearance of the email address and making it less recognizable to simple bots. This approach is the simplest as it does not require JavaScript and has the best browser compatibility.
• Mailto Link and Raw Email Handling: The plugin automatically obfuscates email addresses found both within “mailto:” links and as raw text on the page. These instances are modified to make email extraction by bots more difficult, while still ensuring they function as intended for site visitors. Importantly, the plugin preserves any existing CSS classes applied to these elements, maintaining the original look and feel of your website.
• Custom Text Replacements: When using the “Text Replacement” method, you can customize the text strings that replace the “@” and “.” symbols. This gives you control over how the obfuscated address appears on the front end of your site.
• Head Section Handling: The plugin automatically removes email addresses found inside the <head> section of your site. This is crucial because content within the <head> section, such as meta descriptions, is often extracted by search engines and other bots.
• Lightweight Implementation: The plugin is designed to be lightweight with minimal overhead. It only applies the necessary transformations and includes required JavaScript where it needs to be, ensuring a fast and efficient performance.

Why consider this plugin?

• Increased Protection: It provides an important layer of protection against email-harvesting bots by obscuring addresses and making their detection more difficult for automated tools.
• Ease of Use: It’s designed to be user-friendly with a straightforward configuration interface that is easy to set up and understand.
• Reduced Spam: By making it harder for automated bots to find email addresses, you can significantly reduce the amount of unsolicited spam that ends up in your inbox.
• Performance Conscious: The plugin is lightweight and has been designed to not add unnecessary overhead to your website.