There are legitimate crawlers out there from google, yahoo, yandex & co trying to update their RAM-held databases of news from your site (a sitemap.xml generated by google-xml-plugin can help there).

But there are also evil mail-address-collecting bots that are trying to build a database of spammable mail addresses that they then can sell on on tor-protected blackmarkets sites.

A CD with 1 Million collected E-Mail Addresses is worth 100$.

So it’s cheap.

A Plugin that could be useful besides highly recommended plugin Anti-Spam-Bee (which protects your comment-form from Spam Links to Viagra selling sites).

“Encode Mail Addresses” encodes all your Mail-Addresses published on your blog so bots can’t collect it for building a spam-database.

Plugin Name: Email Address Encoder
“Description: A lightweight plugin to protect email addresses from email-harvesting robots by encoding them into decimal and hexadecimal entities.”
Version: 1.0.5
Author: Till Krüss
Author URI:



This plugin is super easy – it basically crawls your body tag for the @ sign and javascript encodes your mail-address.


Will be encoded as:


The cool thing about it – you will still be able to click on it and your Outlook/Thunderbird will open a window for a new mail to that address.

If this is a permanent solution – or if Bot-programmers will find ways to decode – time and spam will tell.


crc32 sounds good.

[cc lang=”bash” escaped=”true” width=”600″]

* Encodes each character of the given string as either a decimal
* or hexadecimal entity, in the hopes of foiling most email address
* harvesting bots.
* Based on Michel Fortin’s PHP Markdown:
* Which is based on John Gruber’s original Markdown:
* Whose code is based on a filter by Matthew Wickline, posted to
* the BBEdit-Talk with some optimizations by Milian Wolff.
* @param string $string Text with email addresses to encode
* @return string $string Given text with encoded email addresses
function eae_encode_str( $string ) {

$chars = str_split( $string );
$seed = mt_rand( 0, (int) abs( crc32( $string ) / strlen( $string ) ) );

foreach ( $chars as $key => $char ) {

$ord = ord( $char );

if ( $ord < 128 ) { // ignore non-ascii chars $r = ( $seed * ( 1 + $key ) ) % 100; // pseudo "random function" if ( $r > 60 && $char != ‘@’ ) ; // plain character (not encoded), if not @-sign
else if ( $r < 45 ) $chars[ $key ] = '&#x' . dechex( $ord ) . ';'; // hexadecimal else $chars[ $key ] = '&#' . $ord . ';'; // decimal (ascii) } } return implode( '', $chars ); } [/cc]

Related Links:

liked this article?

  • only together we can create a truly free world
  • plz support dwaves to keep it up & running!
  • (yes the info on the internet is (mostly) free but beer is still not free (still have to work on that))
  • really really hate advertisement
  • contribute: whenever a solution was found, blog about it for others to find!
  • talk about, recommend & link to this blog and articles
  • thanks to all who contribute!