Secure your email address in WordPress

One thing that I have noticed so often on websites, is that owners will just leave their email address posted on their site in plain text. This is a big no no! Displaying an email address is never a good idea. When spam bots read the site, they’re looking at the source code, not what you may physically see from the browser. So when a spam bot finds your email address in broad daylight, it’s game over.

The number 1 way to prevent this is to use a contact form, such as JotForm, Contact Form 7, Gravity Forms or any other plugin or service. All of these provide a way to include anti-spam fields to help prevent spammed messages. However, if you must display your email address visually on your WordPress website, at least encode the HTML source of the address so they they would have NO idea what it actually is.

WordPress already provides a handy solution to this called antispambot(). And to use this function, it’s really simple:

echo antispambot('');

Visually, in the browser, the user will see “”, but in the source code, the spam bot would see something like the following:

Who can tell what that is? A spam bot definitely cannot, and that’s what we want! So let’s make it easy for the non-programming user and turn it into a shortcode for easy use.

function bne_secure_email_shortcode( $atts ) {
	extract( shortcode_atts( array(
		"mailto" => '',
		"txt" 	 => ''
	), $atts ) );

	$mailto = antispambot( $mailto );
	$txt    = antispambot( $txt );

	return '<a href="mailto:' . $mailto . '">' . $txt . '</a>';
add_shortcode('email', 'bne_secure_email_shortcode');

The shortcode function above, allows for two settings. The [code_block]mailto[/code_block] for the email address and the [code_block]txt[/code_block] for the link label.  Simply paste that code into your theme’s functions.php file and you’re good to go. The actual shortcode that you would use in your page/post would look like this:

[[email mailto="" txt="click here"]]


[[email mailto="" txt=""]]