There are legitimate crawlers out there from google, yahoo, yandex & co trying to update their RAM-held databases of news from your site (a sitemap.xml generated by google-xml-plugin can help there).

But there are also evil mail-address-collecting bots that are trying to build a database of spammable mail addresses that they then can sell on on tor-protected blackmarkets sites.

A CD with 1 Million collected E-Mail Addresses is worth 100$.

So it’s cheap.

A Plugin that could be useful besides highly recommended plugin Anti-Spam-Bee (which protects your comment-form from Spam Links to Viagra selling sites).

„Encode Mail Addresses“ encodes all your Mail-Addresses published on your blog so bots can’t collect it for building a spam-database.

Plugin Name: Email Address Encoder
„Description: A lightweight plugin to protect email addresses from email-harvesting robots by encoding them into decimal and hexadecimal entities.“
Version: 1.0.5
Author: Till Krüss
Author URI:



This plugin is super easy – it basically crawls your body tag for the @ sign and javascript encodes your mail-address.


Will be encoded as:


The cool thing about it – you will still be able to click on it and your Outlook/Thunderbird will open a window for a new mail to that address.

If this is a permanent solution – or if Bot-programmers will find ways to decode – time and spam will tell.


crc32 sounds good.

 * Encodes each character of the given string as either a decimal
 * or hexadecimal entity, in the hopes of foiling most email address
 * harvesting bots.
 * Based on Michel Fortin's PHP Markdown:
 * Which is based on John Gruber'
s original Markdown:
 * Whose code is based on a filter by Matthew Wickline, posted to
 * the BBEdit-Talk with some optimizations by Milian Wolff.
 * @param string $string Text with email addresses to encode
 * @return string $string Given text with encoded email addresses
function eae_encode_str( $string ) {

    $chars = str_split( $string );
    $seed = mt_rand( 0, (int) abs( crc32( $string ) / strlen( $string ) ) );

    foreach ( $chars as $key => $char ) {

        $ord = ord( $char );

        if ( $ord < 128 ) { // ignore non-ascii chars

            $r = ( $seed * ( 1 + $key ) ) % 100; // pseudo "random function"

            if ( $r > 60 && $char != '@' ) ; // plain character (not encoded), if not @-sign
            else if ( $r < 45 ) $chars[ $key ] = '&#x' . dechex( $ord ) . ';'; // hexadecimal
            else $chars[ $key ] = '&#' . $ord . ';'; // decimal (ascii)



    return implode( '', $chars );


Related Links: