WordPress.org

Author: Kim Kirkpatrick

This plugin effectively and automatically makes it very difficult for spambots to harvest email addresses from your WordPress-powered blog. Email addresses may be placed in posts, comments, and pages, plain, as html links, or in a special "easy email" form, and they are automatically protected by emObA. All email addresses appearing on your blog will appear on the screen (if JavaScript is enabled) as active links to normal, valid, and correct email addresses (the actual email appears in the status bar when hovering), but to spambots they will have no recognizable features.

It recognizes, and produces obfuscated active (click-to-send) email links for,

• standard email links (<a href="mailto:you@example.com">Name</a>), allowing (but ignoring) additional attributes both before and after the href attribute, and allowing the extended mailto: syntax (eg, ?subject=...)

• the special "easy to write" form [EMAIL Name | A@B.C] (changed from the earlier versions' much more fragile [Name] you@example.com, which remains available via the LEGACY flag)

• a bare email address you@example.com (with or without "mailto:" in front of it)

These will appear as standard email links displaying "Name". A bare email link, since it has no Name, will appear as the email address itself, punctuated with graphic icons in place of @ and .

This is accomplished with a combination of WordPress filter hooks and JavaScript. If the browser is JavaScript-enabled, visitors to the site will see active email address links. If JavaScript is not enabled, the email is displayed in human-readable form, eg you [@] example [.] com, where the [@] and [.] are graphic images, not text. This separates the parts of the address by lengthy runs of html (<img ... />) to hide them from 'bots.

The email addresses occur in the HTML source only in a well-hidden encoding. The email address is converted to hexadecimal and appears only as the value of a JavaScript variable. That encoded email is separated in the JavaScript from the telltale mailto: to further confuse spambots. The no-JavaScript address is encoded in the html with graphics representing @ and ., so even a fairly smart spambot will not be led easily to the address.