Email Address Encoder by WebEmailProtector


Welcome to the the Web Email Protector plugin for WordPress.

This is the strongest email encoder or obfuscator protection available, plugin or otherwise, and the only one we (and others) believe actually works.

Using Web Email Protector you can safely reference your email addresses on your website with confidence that they will be truly hidden from being scraped and harvested.

Instead of easy to solve Javascript “encoders” we have a non-linear lookup table to your email secured on our server using 32 byte #hashcodes.

Out method stops attacks and ID theft perpetrators at source and keep your address private. Simple to use and fully supported.

As a start why not check how secure your existing pages are using our email finder tool at

So why do we believe that WebEmailProtector is the best? Simple: we use secure server-side authentication with heuristics. Huhh?
In layman’s terms this means that both your email address and the 32 byte #hashcodes are stored on our server and only a coded reference on your website. Because of this we can protect its release by looking at who and what is requesting it, but it does mean that you must register your address with us to use it.
Genuine users are still able to easily contact you via your existing email, seamlessly, but harvesters are stopped in their tracks.

So once the plugin is installed, you’ve register your existing emails at and you complete the simple set-up procedure through the
settings menu of the plugin, you can place your email address reference(s) anywhere on your WordPress site and the rest is taken care of. Each link will then appear to work
exactly like a regular email link. Any visitor can simply click on your email to send you a message using their favourite email tool. However with
our service there is a difference: since your address is no longer contained in the link itself, it is safe from being harvested and misused.
In-fact we believe that it is so secure that you can do away with cumbersome Contact Forms and Captchas completely.

This is the latest version 2.4.0, tested with WordPress version 5.2.2, WP’s most recent TwentyNineteen Themes and SocialIcons menus.

With near 100% satisfaction amongst its 10,000 or so and growing user base we hope you like it too – but please review and leave your comments!


  • This plugin is provided FREE to administrate the WebEmailProtector service on your WordPress pages for your convenience.
  • Access to the associated WebEmailProtector service itself is offered FREE for a trial period of 1 month, and no payment details are required.
  • At the end of the trial, the service remains FREE for non-commercial sites (schools, charities, religious institutions, personal blogs etc).
  • For commercial sites we ask for a very modest annual subscription at the end of the trial.
  • Visit for more details regarding definitions and subscription pricing options.

What does it do?

WebEmailProtector detects who and what is trying to access the email link on your site, and then uses various mechanisms to determine if
this request is being made by a bona-fide user. Once a user tries to access your email, your web site automatically contacts
our server on which a heuristic validation process is run. We then only return your secured email address if certain criteria are met
and others not broken. It all happens in the blink of an eye and does not noticeably slow down the email experience. And just in case you
were wondering, we do not see or track the email itself, we only authorise the release of your address so your privacy is protected.

How do you use it?

After installing the plugin, register your addresses at and just follow the remaining instructions on the
WebEmailProtector settings menu of WordPress.


  • HTML4/5 compliant is compatible with all known browsers/devices including:
  • Browsers: Internet Explorer, Safari, Google Chrome, Mozilla Firefox & Opera
  • Platform: Windows, Linux, Apple iOS & Android
  • Devices: PC, Tablets & Phones including: Blackberry, Apple iPad iPhone


  • This is a screenshot of the WebEmailProtector WordPress plugin administration panel once installed. Note the secured email address appears in RED until the email is verified, when it turns GREEN.
  • This is a screenshot of example html text code showing what a standard or unprotected linked email address looks like on a web page, hence why it is easy to "scrape".
  • This is a screenshot of example html text code showing what a webemailprotector linked email address looks like on a web page (the real code has been replaced with ####-####-####-####), can no longer be scraped.
  • This is a screenshot showing how both the above would appear to a webpage visitor.


  1. Go to Plugins in the Admin menu
  2. Click on the button ‘Add New’
  3. Search for WebEmailProtector and click ‘Install Now’ or click on the upload link to upload
  4. Click on Activate plugin
  5. Click on the Settings->WebEmailProtector menu
  6. Follow the instructions on the settings page to enter the “secured email addresses” and “display text”
  7. Register each email address at
  8. Validate each email addresses on the settings menu
  9. To use the protected email address(es) anywhere on your site either write them on a page using square brackets e.g. []
    or within WordPress Link elements e.g.


What is it?

Email address harvesters operate by using software “scrapers” or “click through” staff to steal email addresses directly from web-site pages.
Using our service prevents this as your email addresses no longer need to be listed directly on your web-site. Instead
they are hidden behind a security firewall on our server. We then only release the address after
we are sure it is not being accessed improperly. Because of this it becomes invisible to harvesters and machines and yet is completely
visible to bona fide users.

How does a WebEmailProtector secured email address appear?

The secured email address appears on a site like this: ” <a href=’JavaScript:emo();’ >Any Text </a >”
(you can change what it says and how it looks)
whereas a non protected email address usually appears like this:” <a href=’’ > </a >”.
Both operate when you “click”, but only the former is safe.

Why is it better than a Contact Form?

Contact Forms are effective in dealing with both human and machine based harvesting, unless you ever want to use email auto responders of course
as this gives your identity away.
However the real problem is that all the form filling can annoy and therefore dissuade real users from getting in touch – effectively putting a
barrier between you and your users in your most important communications channel – email

Why is it better than Captcha codes?

Captcha codes are effective in dealing with machines but not with users who simply click to reveal your address.
And the other main issue is that they are very very annoying to real users and can heavily dissuade communications with you – so are effectively
putting a barrier between you and your wanted users.

Why is it better than ‘free’ address encoder?

Although at first they may appear effective as your ‘mailto:’ text is no longer obvious to the eye within your HTML code. Encoders and encrypters,
‘free’ or otherwise, have to be built so that they can be interpreted by any web-browser using standard HTML. And this is the nature of there
They are more or less complex but involve a Java/JavaScript sequence munger or character set coder. But to cut a long story short if your browser
understands them so can any harvesting software.
So it’s actually quite simple for encoded email addresses to be interpreted and harvested using standard software libraries.

How is the email protected?

We provide protection as the email address is never listed or disclosed on your website. Instead the email address is held in a secure
place on our server and only loaded up when we verify the request is genuine through a heuristic validation process.

What do you get for the FREE trial?

You get the full service free for 1 month, with exactly the same protection as offered with a paid up subscription.
There is no obligation to purchase, but at the end of the trial we are confident that you will see a reduction in volume of new email
spam originating from your web site. At the end of the trial we would also ask you to complete a 10 question survey on how you found
installing and using it.
Please note that as its a trial you only get it once per email/website for you to try unless otherwise agreed with us.

How do you subscribe following the trial?

Once your trial is coming to an end we will send you an email detailing what you have to do to continue the services. You need do nothing if you are
a non commercial site. All payments can be made on-line using PayPal. the more people that use it the more we can keep prices down. More details at

How can you check if you are protected?

Once installed, click on your Email and your installed email tool should open as normal. If you really want to check your email is no longer
listed view your web site in text mode (e.g. pressing the F12 key in your Internet Explorer/Google Chrome/Firefox web browser) and search for
your email address or the mailto: reference. It should no longer be there. And finally check out your site using our email finder tool at


January 9, 2019
I think that this plugin is quite good. Unlike the other choices it does actually securethe email address - whearas I can't see how the others available work, I don't think they do??? And I'm a php/ajax developer. So would recommend. Slightly fussy to set up (but really not that difficult if you read the instructions - like one of the other reviewers said). so I'm pleased with it - D
February 3, 2017
Useful plugin! Plus: the support is very compent and they answer prompt. Thank you!
September 3, 2016
This plugin is just an e-mail thief. They use your user's emails to send you commercial informations, without asking for permission.
Read all 12 reviews

Contributors & Developers

“Email Address Encoder by WebEmailProtector” is open source software. The following people have contributed to this plugin.




  • 9th Jan 2019
  • Upgraded and check to WP v5.0.3
  • New Images Added


  • 29th Nov 2018
  • Upgraded and checedk to WP v5.0.2


  • 14th Aug 2018
  • Upgraded and checked to WP v4.9.8


  • 14th Aug 2018
  • Upgraded and checked to WP v4.9.8


  • 29th Jan 2018
  • Improved site URL detection logic to prevent false assumptions
  • Upgraded and checked to WP v4.9.2


  • 14th Dec 2017
  • Corrected bug with validation over HTTPS


  • 13th Dec 2017
  • Upgraded and checked to WP v4.9.1


  • 15th Aug 2017
  • Upgraded to WP v4.8.1


  • 3rd April 2017
  • Minor update as stable tag was wrong


  • 31st March 2017
  • Upgraded to WP v4.7.3
  • corrected issue of email getting invalidated on copy and paste in email box


  • 25th Feb 2017
  • Upgraded to WP v4.7.2
  • new add_filter method to run on whole post processed content
  • Implmented css icon to WEP email calls


  • 17th Jan 2017
  • Upgraded to WP v4.7.1
  • Remove and _target and subject style field for email calls
  • Added icon to WEP email calls


  • 19th Oct 2016
  • Apply morphing add_filter on whole site


  • 26th Sept 2016
  • Upgraded to WP v4.6.1


  • 6th June 2016
  • Upgraded to WP v4.5.2
  • Added https SSL/TCN support for secure sites


  • 28th April 2016
  • Upgraded to WP v4.5.1
  • Updated registration links making FREE resgitration an option


  • 22nd February 2016
  • Upgraded to WP v4.4.2


  • 27th September 2015
  • Upgraded to WP v4.3.1


  • 16th June 2015
  • Moved headerscript to enque in footer to speed up


  • 17th May 2015
  • Upgraded to WP v4.2.2
  • Added REGISTER as a link


  • 9th April 2015
  • Added register button to admin table to directly access addresses
  • Improved top section layout
  • Made on hover class for buttons


  • 17th March 2015
  • Added new title for plugin to improve searchability
  • Slightly reworded pricing to make clearer


  • 19th Feb 2015
  • Changed install use text to add link replacement instructions
  • Removed validation bug when adding new email


  • 17th Jan 2015
  • Upgraded to work with WP theme TwentyFifteen and the like that do not pass shortcodes from Social Menu
  • Corrected various text and added updated logo on Settings Menu


  • 6th Jan 2015
  • Upgraded to be compatible with WPv4.1
  • Added email response confirmation of version activation & verification


  • 5th Dec 2014
  • Updated assets images


  • 2nd August 2014
  • Added more info on free for Not For Profits
  • Added http search tool link


  • 21st June 2014
  • Sorted header issue due to lingering old release in CSV


  • 13th June 2014
  • Improved description text in the main .php


  • 6th June 2014
  • Improved installation instructions


  • 28th May 2014
  • Updated validation text to make it easier to understand
  • Updated validation process to change validation state and remove old code if fails
  • Updated add_filter(content) command to only change content text to call if valid
  • Updated add_filter(content) to fix issue with unchanged pages not being written out
  • Added add_filter(widget) to also replace text in widgets – special forms, headers, themes etc


  • 9th May 2014
  • Updated description text


  • 6th May 2014
  • First release onto WordPress sites