If you want to show your email address on your WordPress website, then you might feel tempted to simply add the link or plain text email address to your page. Unfortunately, it will most likely be copied by a spam email harvesting bot.
We’ve dealt with a lot of WordPress spam over the years, and there’s nothing more frustrating than receiving a bunch of spammy emails. That’s why we went looking for ways to show your email address in WordPress without being targeted by spambots.
In this article, we will show you how to easily protect emails from spammers with a WordPress email encoder, step by step.
Why Is Email Encoding Important?
Most website owners don’t realize that pasting their email addresses into their posts, pages, or on a contact page can put them at risk for email spam, phishing, and malware.
Spammers use email harvesting bots that automatically browse the web to collect email addresses. These email addresses are then sold to spammers all over the world.
This is why we almost always recommend creating a contact form instead of sharing an email address. That way, people and bots won’t be able to see your email address, but users can still contact you easily.
The problem is that sometimes you may really need to add an email address that users can copy or click to email.
Thankfully, there is a way to do that and protect your email address from spammers. It’s called email encoding, and it’s quite easy.
Let’s take a look at how to do that.
How to Protect Email Addresses From Spammers in WordPress
The first thing you need to do is install and activate the free Email Address Encoder plugin. For more details, see our step-by-step guide on how to install a WordPress plugin.
Once you activate the plugin, Email Address Encoder automatically starts encoding email addresses in WordPress posts and pages, custom post types, widgets, comments, and excerpts.
What that means is that it converts the plain text email addresses into decimal and hexadecimal entities.
If you see the page source of your page, then you will see the encoded email addresses look like this:
This way, when an email harvesting bot visits your page source, it will not be able to see the email addresses.
However, real human users will see the plain text email addresses in their browser windows.
Email Address Encoder works out of the box, but you can configure some settings by going to Settings » Email Encoder in your WordPress dashboard.
Most of the settings here are only available if you use the premium version of Email Address Encoder. You can choose how you want the plugin to search your WordPress site for emails and the method that it will use to encode your emails.
For example, you can protect emails using HTML entities (the only option for the free plugin), CSS direction, ROT13 encoding, or polymorphous ROT47/CSS. Note that the last two options use JavaScript to work.
You can also easily encode phone numbers on your website by wrapping them in [encode] shortcode. Then, the Email Address Encoder plugin will hide the numbers from bots.
For more details, you can see our guide on how to use shortcodes in WordPress.
More Tips for Stopping Spam in WordPress
Encoding your phone number and email address on your WordPress website is just one way to prevent spam. You may also want to find ways to prevent spammy entries in your comments section and WordPress forms.
There are several things you can do, such as:
- Using a CAPTCHA on your comment forms.
- Installing an anti-spam plugin like Akismet.
- Blocking spam IP addresses.
For more details, you can see our guide on how to block contact form spam in WordPress and how to combat comment spam in WordPress.
We hope this article helped you protect email addresses in WordPress from spammers. You may also want to see our guides on how to prevent newsletter signup spam in WordPress or how to block WordPress referrer spam in Google Analytics.
If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.
Dennis Muthomi
As someone who manages multiple client websites, I’ve seen how awful those email harvesting bots can be.
One trick that works greatfor me is that I use JavaScript to create email addresses when the page loads. It’s pretty simple to do, and when you combine it with the encoding methods from the article, it really helps keep those spam bots away. Works like a charm for also protecting my clients’ contact info!
Jiří Vaněk
I’ve always practiced various methods of hiding email addresses from bots, such as address(at)domainname.tld, and so on. It didn’t look very nice, but I hoped it would serve its purpose and avoid bots. This is a much more elegant method, where I can insert the full email without having to distort it to deceive spam bots. So, I assume that bots only crawl through the source code? Is it not possible that they use some OCR technique to still obtain the email?
WPBeginner Support
While possible, most bulk bots would only look at the source code. If someone wanted to send spam to an email when it is publicly visible they could copy and paste the email that way which is why we normally recommend using a contact form
Admin
dave henderson
Is there any free WP plugins for this?
I installed the plugin linked in this post but see their free version does not protect the entire website…
WPBeginner Support
Instead of having the email address public on your WordPress site, we would recommend using a contact form as those do not display your email for spammers to collect and would still give your visitors the option to reach out to you.
We have a list of contact forms below that you may find helpful!
https://www.wpbeginner.com/plugins/5-best-contact-form-plugins-for-wordpress-compared/
Admin
Cos
WordPress Email Encoder works well for email addresses in posts, pages, comments, excerpts and text widgets.
It has no effect on email addresses in a header… are there any plugins that do this?
Nathan
Good tutorial on Protect Emails from Spammers with WordPress Email Encoder. Thanks for this tutorial
Nathan
Good tutoral for email spammer on wordpress worth to read and implement on our websites