WebEmailProtector | email address spam protection


Welcome to the WebEmailProtector plugin for WordPress. This is the latest version, improved for more seemless integration for standard (http) and secured (https) sites. Tested with WordPress version 4.7.2, WP’s most recent TwentySeventeen Theme and SocialIcons menus. With 100% satisfaction amongst its 10,000 or so and growing user base we hope you like it too – but please review and leave your comments!

Using WebEmailProtector you can list your email addresses on your website and hide them from being scraped and harvested with confidence. This is the strongest email obfuscator available, plugin or otherwise,
and likely the only one that actually works. All others use Javascript “encoders” to try to hide your email. But both emails and encoder methods are given away by the web page. Ours works a different way. So stop spammers, virus attacks and ID theft perpetrators at source and keep your address private. Simple to use and fully supported.

As a start why not check how secure your existing pages are using our email finder tool at https://www.webemailprotector.com/website-email-security-check.html?

So why do we believe that WebEmailProtector is the best? Simple: we use secure server-side authentication with heuristics.
In layman’s terms this means that both your email address and the decoder is stored on our server not on your website. Because of this we can protect its release by looking at who and what is requesting it, but it does mean that you must register your address with us to use it.
Genuine users are still able to easily contact you via your existing email, seamlessly, but harvesters are stopped in their tracks.

So once the plugin is installed, you’ve register your existing emails at WebEmailProtector.com and you complete the simple set-up procedure through the
settings menu of the plugin, you can place your email address(es) anywhere on your WordPress site and the rest is taken care of. Each link will then appear to work
exactly like a regular email link. Any visitor can simply click on your email to send you a message using their favourite email tool. However with
our service there is a difference: since your address is no longer contained in the link itself, it is safe from being harvested and misused.
In-fact we believe that it is so secure that you can do away with cumbersome Contact Forms and Captchas completely.


  • This plugin is provided FREE to administrate the WebEmailProtector service on your WordPress pages for your convenience.
  • Access to the associated WebEmailProtector service itself is offered FREE for a trial period of 1 month, and no payment details are required.
  • At the end of the trial, the service remains FREE for non-commercial sites (schools, charities, religious institutions, personal blogs etc).
  • For commercial sites we ask for a modest annual subscription at the end of the trial.
  • Visit https://www.webemailprotector.com/subscribe.html for more details regarding definitions and subscription pricing options.

What does it do?

WebEmailProtector detects who and what is trying to access the email link on your site, and then uses various mechanisms to determine if
this request is being made by a bona-fide user. Once a user tries to access your email, your web site automatically contacts
our server on which a heuristic validation process is run. We then only return your secured email address if certain criteria are met
and others not broken. It all happens in the blink of an eye and does not noticeably slow down the email experience. And just in case you
were wondering, we do not see or track the email itself, we only authorise the release of your address so your privacy is protected.

How do you use it?

After installing the plugin, register your addresses at https://www.webemailprotector.com/cgi-bin/reg.py?cms=wp and just follow the remaining instructions on the
WebEmailProtector settings menu of WordPress.


  • HTML4/5 compliant is compatible with all known browsers/devices including:
  • Browsers: Internet Explorer, Safari, Google Chrome, Mozilla Firefox & Opera
  • Platform: Windows, Linux, Apple iOS & Android
  • Devices: PC, Tablets & Phones including: Blackberry, Apple iPad iPhone


  • This is a screenshot of the WebEmailProtector WordPress plugin administration panel once installed. Note the secured email address appears in RED until the email is verified, when it turns GREEN.
  • This is a screenshot of example html text code showing what a standard or unprotected linked email address looks like on a web page, hence why it is easy to "scrape".
  • This is a screenshot of example html text code showing what a webemailprotector linked email address looks like on a web page (the real code has been replaced with ####-####-####-####), can no longer be scraped.
  • This is a screenshot showing how both the above would appear to a webpage visitor.


  1. Go to Plugins in the Admin menu
  2. Click on the button ‘Add New’
  3. Search for WebEmailProtector and click ‘Install Now’ or click on the upload link to upload webemailprotector.zip
  4. Click on Activate plugin
  5. Click on the Settings->WebEmailProtector menu
  6. Follow the instructions on the settings page to enter the “secured email addresses” and “display text”
  7. Register each email address at https://www.webemailprotector.com/cgi-bin/reg.py?cms=wp
  8. Validate each email addresses on the settings menu
  9. To use the protected email address(es) anywhere on your site either write them on a page using square brackets e.g. [youremail@yourdomain.com]
    or within WordPress Link elements e.g. mailto:youremail@yourdomains.com


What is it?

Email address harvesters operate by using software “scrapers” or “click through” staff to steal email addresses directly from web-site pages.
Using our service prevents this as your email addresses no longer need to be listed directly on your web-site. Instead
they are hidden behind a security firewall on our server. We then only release the address after
we are sure it is not being accessed improperly. Because of this it becomes invisible to harvesters and machines and yet is completely
visible to bona fide users.

How does a WebEmailProtector secured email address appear?

The secured email address appears on a site like this: ” <a href=’JavaScript:emo();’ >Any Text </a >”
(you can change what it says and how it looks)
whereas a non protected email address usually appears like this:” <a href=’mailto:nobody@webemailprotector.com’ >nobody@webemailprotector.com </a >”.
Both operate when you “click”, but only the former is safe.

Why is it better than a Contact Form?

Contact Forms are effective in dealing with both human and machine based harvesting, unless you ever want to use email auto responders of course
as this gives your identity away.
However the real problem is that all the form filling can annoy and therefore dissuade real users from getting in touch – effectively putting a
barrier between you and your users in your most important communications channel – email

Why is it better than Captcha codes?

Captcha codes are effective in dealing with machines but not with users who simply click to reveal your address.
And the other main issue is that they are very very annoying to real users and can heavily dissuade communications with you – so are effectively
putting a barrier between you and your wanted users.

Why is it better than ‘free’ address encoder?

Although at first they may appear effective as your ‘mailto:’ text is no longer obvious to the eye within your HTML code. Encoders and encrypters,
‘free’ or otherwise, have to be built so that they can be interpreted by any web-browser using standard HTML. And this is the nature of there
They are more or less complex but involve a Java/JavaScript sequence munger or character set coder. But to cut a long story short if your browser
understands them so can any harvesting software.
So it’s actually quite simple for encoded email addresses to be interpreted and harvested using standard software libraries.

How is the email protected?

We provide protection as the email address is never listed or disclosed on your website. Instead the email address is held in a secure
place on our server and only loaded up when we verify the request is genuine through a heuristic validation process.

What do you get for the FREE trial?

You get the full service free for 1 month, with exactly the same protection as offered with a paid up subscription.
There is no obligation to purchase, but at the end of the trial we are confident that you will see a reduction in volume of new email
spam originating from your web site. At the end of the trial we would also ask you to complete a 10 question survey on how you found
installing and using it.
Please note that as its a trial you only get it once per email/website for you to try unless otherwise agreed with us.

How do you subscribe following the trial?

Once your trial is coming to an end we will send you an email detailing what you have to do to continue the services. You need do nothing if you are
a non commercial site. All payments can be made on-line using PayPal. the more people that use it the more we can keep prices down. More details at

How can you check if you are protected?

Once installed, click on your Email and your installed email tool should open as normal. If you really want to check your email is no longer
listed view your web site in text mode (e.g. pressing the F12 key in your Internet Explorer/Google Chrome/Firefox web browser) and search for
your email address or the mailto: reference. It should no longer be there. And finally check out your site using our email finder tool at https://www.webemailprotector.com/website-email-security-check.html.


Email Thief

This plugin is just an e-mail thief. They use your user’s emails to send you commercial informations, without asking for permission.

Web email Protector Plug-in

We are new to email obfuscation techniques and were fortunate to find a plug-in that is easy to use. With 20+ email addresses to protect it was not practical to use the included registration function since my users are cautious about validating anything that comes in an email. I contacted webemailprotector.com for assistance in simplifying the registration process.
The administrator of their website was extremely helpful in solving my problem and getting our website protected. If there was a higher rating to be given, they would get it!
I would recommend this plug-in to anyone needing email protection.
Walter Andreas

Read all 9 reviews

Contributors & Developers

“WebEmailProtector | email address spam protection” is open source software. The following people have contributed to this plugin.




  • 6th May 2014
  • First release onto WordPress sites


  • 9th May 2014
  • Updated description text


  • 28th May 2014
  • Updated validation text to make it easier to understand
  • Updated validation process to change validation state and remove old code if fails
  • Updated add_filter(content) command to only change content text to call if valid
  • Updated add_filter(content) to fix issue with unchanged pages not being written out
  • Added add_filter(widget) to also replace text in widgets – special forms, headers, themes etc


  • 6th June 2014
  • Improved installation instructions


  • 13th June 2014
  • Improved description text in the main .php


  • 21st June 2014
  • Sorted header issue due to lingering old release in CSV


  • 2nd August 2014
  • Added more info on free for Not For Profits
  • Added http search tool link


  • 5th Dec 2014
  • Updated assets images


  • 6th Jan 2015
  • Upgraded to be compatible with WPv4.1
  • Added email response confirmation of version activation & verification


  • 17th Jan 2015
  • Upgraded to work with WP theme TwentyFifteen and the like that do not pass shortcodes from Social Menu
  • Corrected various text and added updated logo on Settings Menu


  • 19th Feb 2015
  • Changed install use text to add link replacement instructions
  • Removed validation bug when adding new email


  • 17th March 2015
  • Added new title for plugin to improve searchability
  • Slightly reworded pricing to make clearer


  • 9th April 2015
  • Added register button to admin table to directly access addresses
  • Improved top section layout
  • Made on hover class for buttons


  • 17th May 2015
  • Upgraded to WP v4.2.2
  • Added REGISTER as a link


  • 16th June 2015
  • Moved headerscript to enque in footer to speed up


  • 27th September 2015
  • Upgraded to WP v4.3.1


  • 22nd February 2016
  • Upgraded to WP v4.4.2


  • 28th April 2016
  • Upgraded to WP v4.5.1
  • Updated registration links making FREE resgitration an option


  • 6th June 2016
  • Upgraded to WP v4.5.2
  • Added https SSL/TCN support for secure sites


  • 26th Sept 2016
  • Upgraded to WP v4.6.1


  • 19th Oct 2016
  • Apply morphing add_filter on whole site


  • 17th Jan 2017
  • Upgraded to WP v4.7.1
  • Remove and _target and subject style field for email calls
  • Added icon to WEP email calls


  • 25th Feb 2017
  • Upgraded to WP v4.7.2
  • new add_filter method to run on whole post processed content
  • Implmented css icon to WEP email calls


  • 31st March 2017
  • Upgraded to WP v4.7.3
  • corrected issue of email getting invalidated on copy and paste in email box


  • 3rd April 2017
  • Minor update as stable tag was wrong