Title: Hikari Email & URL Obfuscator
Author: shidouhikari
Published: <strong>January 29, 2010</strong>
Last modified: October 14, 2010

---

Search plugins

This plugin **hasn’t been tested with the latest 3 major releases of WordPress**.
It may no longer be maintained or supported and may have compatibility issues when
used with more recent versions of WordPress.

![](https://s.w.org/plugins/geopattern-icon/hikari-email-url-obfuscator.svg)

# Hikari Email & URL Obfuscator

 By [shidouhikari](https://profiles.wordpress.org/shidouhikari/)

[Download](https://downloads.wordpress.org/plugin/hikari-email-url-obfuscator.zip)

 * [Details](https://wordpress.org/plugins/hikari-email-url-obfuscator/#description)
 * [Reviews](https://wordpress.org/plugins/hikari-email-url-obfuscator/#reviews)
 *  [Installation](https://wordpress.org/plugins/hikari-email-url-obfuscator/#installation)
 * [Development](https://wordpress.org/plugins/hikari-email-url-obfuscator/#developers)

 [Support](https://wordpress.org/support/plugin/hikari-email-url-obfuscator/)

## Description

Spam is website publishers #1 concern, we wanna share our and our visitors’ emails
to those who should have access to them, but don’t want spam harvesters stealing
them and sending garbage to us. A lot of techniques had been developed to hide our
emails from these delinquents, while having them shown to real people.

And together with spam harvesting, on 15 June 2009, Matt Cutts, a well known software
engineer of Google, announced that Google Bot will no longer ignore nofollowed links
for PageRank, and now we lose PR/link juice for every link we add to our pages, 
even if we use rel=”nofollow” on them. So, now we must hide links from Search Engines
too!

I’ve been searching for an ultimate obfuscation solution for both emails and URLs,
that would be user-friendly for me the content publisher, and for my visitors. I’ve
seen a lot of solutions, some that inspired me, but none that would fit my needs.
It was time to start coding 🙂

[Hikari Email & URL Obfuscator](http://Hikari.ws/email-url-obfuscator/) plugin obfuscates
emails and URL links, to hide them from spam harvesters and Search Endigne crawlers.
It uses ROT13 or cc8b to encode each link while PHP is building the page, then uses
JavaScript to decode it and show it to the user. If JavaScript is not available,
it uses CSS to hide them.

It doesn’t use shortcodes, it works directly over HTML links, parsing and obfuscating
them. By default it filters all texts in posts, comments, comments authors and text
widgets, but you can manually use it anywhere you want.

Basically, Hikari Email & URL Obfuscator plugin searches for links that contain 
URLs and emails on their `href` atrribute. For each found link, it is replaced by
an obfuscated string, and a JavaScript function is called, having in its parameters
the required data for JavaScript to decode and recreate the original link.

The obfuscated string is then merged back by CSS to a readable URL/email text, so
that human visitors can read it while spam harvesters and searchbots will not be
able to detect it as a valid email/URL.

And, for JavaScript-enabled visitors, this string is replaced by a link with the
exact same behavior and attributes of your original link, so that they can interact
with it as if there was no obfuscation in place!
 (Really, there is no way to diferenciate
an obfuscated link generated by JavaScript from the original link, unless the HTML
document’ source is verified or a development tool as FireBug is used!)

It uses 4 obfuscation techniques, 2 JavaScript solutions and 2 CSS alternatives 
for JavaScript-disabled browsers.

For CSS, it may _revert_ the link string while PHP is building the page and then
CSS reverts it back. Or it may add garbage text between the link, and CSS prevents
this extra text from being rendered, so any user-agent that doesn’t use CSS can’t
find the link but browsers show it clearly.

Now, when JavaScript is available, it is delivered with the original link, encoded
using **ROT13** or **cc8b** by PHP. The link is then decoded back by JavaScript 
and added to the page, so that real users don’t even notice the original link was
replaced.

And, disregarding the used technique, we content publishers must do nothing different
while building our content, just activate the plugin and it does everything else
for us 🙂

I dedicate Hikari Email & URL Obfuscator to **Ju**, my beloved frient ^-^

#### Features

 * _Works instantly, no need to edit your posts to have your links obfuscated_: 
   Hikari Email & URL Obfuscator plugin automatically detects them and starts obfuscating
   as soon as it is activated.
 * **Unobstructive JavaScript**: links are obfuscated and shown for visitors with
   and without JavaScript, forget those “you must enabled javascript to see this
   email” messages!
 * _They are real links!_: any attribute you can use in an `<a>` tag you also can
   use in obfuscated links (JavaScript version only).
 * _Customization_: CSS doesn’t let we have real links, but we can at least choose
   if our obfuscated text will have email only, text only, or both!
 * _XHTML 1.1 valid_: obfuscated links and JavaScript code are valid even in XHTML
   1.1 standard. It makes the plugin valid inclusive in HTML 4.0, XHTML 1.0 Strict,
   XHTML 1.0 Transitional and HTML5!

#### Advantages over other obfuscation solutions

 * Your visitors will see your emails and URLs _even if they keep JavaScript disabled_.
 * _Automatic_: you don’t need to take special actions to start obfuscating, as 
   using shortcodes in place of links or an external tool to get your obfuscation
   code. Just normally use your links in your posts and let the plugin do the rest!
 * _Sitewide_: instantly works in your existing posts, pages, comments and text 
   widgets, just after you activate it.
 * _Diversity_: for each link, it randomly chooses between 2 CSS and 2 JavaScript
   obfuscation methods, making it harder for spammers to crack it.
 * _Extensible_: you can call it manually, and add it to other plugins and themes
   filters.
 * _Customizable_: use custom parameters to force or avoid specific links from being
   obfuscated, and to define how non-JavaScript obfuscation will behave.

## Installation

**Hikari Email & URL Obfuscator** requires at least _WordPress 2.8_ and _PHP5_ to
work.

You can use the built in installer and upgrader, or you can install the plugin manually.

 1. Download the zip file, upload it to your server and extract all its content to 
    your `/wp-content/plugins` folder. Make sure the plugin has its own folder (for
    exemple `/wp-content/plugins/hikari-email-url-obfuscator/`).
 2. Activate the plugin through the ‘Plugins’ menu in WordPress admin page.
 3. That’s it! Go back to your home page and see how your old links are with JavaScript
    enabled and disabled 🙂
 4. Go to options page if you wanna add whitelist and blacklist and do some deeper 
    configs.

#### Upgrading

If you have to upgrade manually, simply delete `hikari-email-url-obfuscator` folder
and follow installation steps again.

#### Uninstalling

If you go to plugins list page and deactivate the plugin, it’s data stored in database(
configs, whitelist, blacklist) will remain stored and won’t be deleted.

If you want to fully uninstall the plugin and clean up database, go to its options
page and use its uninstall feature. This feature deletes all stored options, restoring
them to default (which can also be used if you want defaults restored back), and
then gives you direct link to securely deactive the plugin so that no database data
remains stored.

## FAQ

  Don’t I really need to change anything in my links for them to be obfuscated?

No, you don’t. **Hikari Email & URL Obfuscator** plugin uses WordPress hooks to 
filter links on the fly, it automatically finds all your links and obfuscate them
for you, directly in your posts / comments / text widgets.

  Does your plugin change ANYTHING in my content stored in database?

This is a dilemma I always have with plugins that I install and I feel in need to
explicitly explaining it.

No, Hikari Email & URL Obfuscator plugin does NOT touch your content database! Its
filter runs in read time, AFTER your content is queried from database and before
it is sent to your visitor. Your original content and your original links will remain
untouched, and as soon as you deactivate the plugin your site will go back to what
it was before it ever knew the plugin existed.

  Can I have a usage exemple?

You can go to my sites at [Hikari WebSite](http://Hikari.ws) or [Consciência Planetária](http://ConscienciaPlanetaria.com)
and take a look, they use it. Verify its page source and how links look like with
JavaScript disabled and then enabled.

  Is there any way to customize the plugin default behavior?

Yes, it has **custom parameters** that are used as CSS classes, in the same way 
some microformats do. You can see a list of them, with description and exemples 
at [Hikari Email & URL Obfuscator – Advanced Usage](http://hikari.ws/dev/wordpress/plugin/hikari-email-url-obfuscator/748/advanced-usage/).

  Is there any way to block it from obfuscating one of my links?

Yes, in the previous question I mensioned custom parameters.

One of them is [hkmuob_no_obfuscate](http://hikari.ws/dev/wordpress/plugin/hikari-email-url-obfuscator/748/advanced-usage/#hkmuob_no_obfuscate),
and when used the link won’t be obfuscated.

  Are my internal links obfuscated too?

No, links with your website URL and relative links (without http:// ) are not obfuscated.

  How can I obfuscate stuff out of post / comment / text widget areas?

If you wanna obfuscate emails and URLs that are our of these areas (in the theme
templates or in another plugin for exemple), it’s pretty easy.If you wanna obfuscate
emails and URLs that are out of these areas (in the theme templates or in another
plugin for exemple), it’s pretty easy.

First you prepare the content and store it in a string variable normally, let’s 
say it is in `$footerContent`. Once you have the string, you verify if the plugin
is activated by testing if its class `HkMuob` exists, and if so you grab it’s object`
$hkMuob` and call the method `$hkMuob->filter($footerContent)`. It will return a
string variable with your content already obfuscated and ready to be echoed. **Attention!**
You must use the global object the plugin creates, because it has internal variabled
that will be used in the page footer to interact with JavaScript, if you create 
another object it will not work! Here’s a full exemple:

    ```
    <?php

    // first we repare our content with anything we want, and store it in a variable
    $footerContent = "I'm a neat content with links inside." .
        ' <a href="mailto:no.spam@spam.com" title="c\'mon mail me!" target="_blank" class="stylish-class">mail me</a>';

    // if the class exists, then the plugin is availabe and we can use it to obfuscate any content
    // if not, then we just echo the original content without obfuscating
    if(class_exists('HkMuob')){

        // class is available, let's get its global variable
        global $hkMuob;

        // now we ask the plugin to filter our content and add any found link to plugin's internal queue
        $footerContent = $hkMuob->filter($footerContent);

        // now $footerContent has the same content as before, but with obfuscated links
    }

    // whether or not we were able to obfuscate our links, let's print our neat content
    echo $footerContent;

    ?>
    ```

You can see a more detailed explanation at [Manually filtering other links](http://hikari.ws/dev/wordpress/plugin/hikari-email-url-obfuscator/748/advanced-usage/#manual)

  Help! My link has a small text and large URL, and now it is breaking my layout!

Oh man, it can happen for links with small texts in small places.

Fortunately, there are a bunch of custom parameters that can help you tune up your
links when JavaScript is disabled. Just take a look on the link referenced in previous
questions and read about these custom parameters, you’ll be able to do some interesting
stuff with them 🙂

## Reviews

There are no reviews for this plugin.

## Contributors & Developers

“Hikari Email & URL Obfuscator” is open source software. The following people have
contributed to this plugin.

Contributors

 *   [ shidouhikari ](https://profiles.wordpress.org/shidouhikari/)

[Translate “Hikari Email & URL Obfuscator” into your language.](https://translate.wordpress.org/projects/wp-plugins/hikari-email-url-obfuscator)

### Interested in development?

[Browse the code](https://plugins.trac.wordpress.org/browser/hikari-email-url-obfuscator/),
check out the [SVN repository](https://plugins.svn.wordpress.org/hikari-email-url-obfuscator/),
or subscribe to the [development log](https://plugins.trac.wordpress.org/log/hikari-email-url-obfuscator/)
by [RSS](https://plugins.trac.wordpress.org/log/hikari-email-url-obfuscator/?limit=100&mode=stop_on_copy&format=rss).

## Changelog

#### 0.08

 * Fixed styling incompatibility with Sociable plugin
 * Fixed `wp_enqueue_style()` not providing media parameter
 * Fixed adding JS code to wp_footer, now properly using `wp_print_scripts`
 * addes support for _PHP Code Widget_ plugin’s filter

#### 0.07

 * New: Finally an options page!
 * Options page made the plugin incompatible with WordPress 2.7, now it requires
   2.8 to work.
 * New: Whitelist and Blacklist, to list URLs and emails to not be obfuscated (Whitelist)
   and to be forced to (Blacklist).
 * New: Also added options related to the position of JavaScript calls for de-obfuscation,
   and how these calls should be marked up.
 * New: Options page also has a proper uninstall feature, which deletes all data
   the plugin had added to database and also can be used to reset options to default.
 * New: If you want a whole block of content (a post, a comment, a text widget, 
   etc) to be skipped from having its links obfuscated, just add to it a comment`
   <!-- HkMuob NO OBFUSCATE -->`.
 * Further tests for XHTML valid code, now I hope I can assure it 🙂

#### 0.06

 * Fix: plugin CSS is no longer being added to Admin Pages.
 * JavaScript decoding code is back to header, instead of footer.
 * Added option for JavaScript call be done just after the link it decodes, I belive
   having those calls spreaded across the page is harder for spam bots to crack 
   than having all of them inside a unique `<script></script>` at the footer… but
   WordPress breaks XHTML validation, gg.
 * Increased filter’s priority to surpass raw-html plugin filter.

#### 0.05

 * Fix: now plugin’s js is added only when there are links to be obfuscated.
 * Fix: now plugin folder name is not hardcoded anymore, we can use any folder name
   we want.

#### 0.04

 * First public release.

## Meta

 *  Version **0.08.10**
 *  Last updated **16 years ago**
 *  Active installations **50+**
 *  WordPress version ** 2.8.0 or higher **
 *  Tested up to **3.0.5**
 * Tags
 * [email](https://wordpress.org/plugins/tags/email/)[javascript](https://wordpress.org/plugins/tags/javascript/)
   [obfuscate](https://wordpress.org/plugins/tags/obfuscate/)[page rank](https://wordpress.org/plugins/tags/page-rank/)
   [spam](https://wordpress.org/plugins/tags/spam/)
 *  [Advanced View](https://wordpress.org/plugins/hikari-email-url-obfuscator/advanced/)

## Ratings

No reviews have been submitted yet.

[Your review](https://wordpress.org/support/plugin/hikari-email-url-obfuscator/reviews/#new-post)

[See all reviews](https://wordpress.org/support/plugin/hikari-email-url-obfuscator/reviews/)

## Contributors

 *   [ shidouhikari ](https://profiles.wordpress.org/shidouhikari/)

## Support

Got something to say? Need help?

 [View support forum](https://wordpress.org/support/plugin/hikari-email-url-obfuscator/)

## Donate

Would you like to support the advancement of this plugin?

 [ Donate to this plugin ](http://Hikari.ws/wordpress/#donate)