Trusted WordPress tutorials, when you need them most.
Beginner’s Guide to WordPress
25 Million+
Websites using our plugins
Years of WordPress experience
WordPress tutorials
by experts

How to Protect Emails from Spammers with WordPress Email Encoder

Editorial Note: We earn a commission from partner links on WPBeginner. Commissions do not affect our editors' opinions or evaluations. Learn more about Editorial Process.

Do you want to share your email address on your WordPress website or WooCommerce store without getting caught by spam bots?

When you add an email link or plain text email address, it will most likely be copied by a spam email harvesting bot.

In this article, we will show you how to easily protect emails from spammers with a WordPress email encoder, step by step.

Protect Emails from Spammers with Email Encoder

Why Is Email Encoding Important?

Most website owners don’t realize that pasting their email addresses into their posts, pages, or on a contact page can put you at risk for a lot of email spam, phishing, and malware.

Spammers use email harvesting bots that automatically browse the web to collect email addresses. These email addresses are then sold to spammers all over the world.

This is why we almost always recommend creating a contact form instead of sharing an email address. That way, people and bots won’t be able to see your email address, but users can still contact you easily.

The problem is that sometimes you may really need to add an email address that users can copy or click to email.

Thankfully, there is a way to do that and protect your email address from spammers. It’s called email encoding, and it’s quite easy.

Let’s take a look at how to do that.

How to Protect Email Addresses From Spammers in WordPress

The first thing you need to do is install and activate the Email Address Encoder plugin. For more details, see our step-by-step guide on how to install a WordPress plugin.

Once you activate the plugin, Email Address Encoder simply starts encoding email addresses in WordPress posts and pages, custom post types, widgets, comments, and excerpts.

What that means is that it converts the plain text email addresses into decimal and hexadecimal entities.

If you see the page source of your page, then you will see the encoded email addresses look like this:

Enoced email address

This way, when an email harvesting bot visits your page source, it will not be able to see the email addresses.

However, real human users will see the plain text email addresses in their browser windows.

Email addresses shown to human users in browser

Email Address Encoder works out of the box, but you can configure some settings by going to Settings » Email Encoder in your WordPress dashboard.

Most of the settings here are only available if you use the premium version of Email Address Encoder. You can choose how you want the plugin to search your WordPress site for emails and the method that it will use to encode your emails.

For example, you can protect emails using HTML entities (the only option for the free plugin), CSS direction, ROT13 encoding, or polymorphous ROT47/CSS. Note that the last two options use JavaScript to work.

Email Encoder settings

You can also easily encode phone numbers on your website by wrapping them in [encode] shortcode. Then, the Email Address Encoder plugin will hide the numbers from bots.

For more details, you can see our guide on how to use shortcodes in WordPress.

We hope this article helped you protect email addresses in WordPress from spammers. You may also want to see our complete WordPress security tutorial and our expert picks of the best WordPress security plugins.

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.

Disclosure: Our content is reader-supported. This means if you click on some of our links, then we may earn a commission. See how WPBeginner is funded, why it matters, and how you can support us. Here's our editorial process.

Editorial Staff

Editorial Staff at WPBeginner is a team of WordPress experts led by Syed Balkhi with over 16 years of experience in WordPress, Web Hosting, eCommerce, SEO, and Marketing. Started in 2009, WPBeginner is now the largest free WordPress resource site in the industry and is often referred to as the Wikipedia for WordPress.

The Ultimate WordPress Toolkit

Get FREE access to our toolkit - a collection of WordPress related products and resources that every professional should have!

Reader Interactions

6 CommentsLeave a Reply

  1. Syed Balkhi says

    Hey WPBeginner readers,
    Did you know you can win exciting prizes by commenting on WPBeginner?
    Every month, our top blog commenters will win HUGE rewards, including premium WordPress plugin licenses and cash prizes.
    You can get more details about the contest from here.
    Start sharing your thoughts below to stand a chance to win!

  2. dave henderson says

    Is there any free WP plugins for this?

    I installed the plugin linked in this post but see their free version does not protect the entire website…

  3. Cos says

    WordPress Email Encoder works well for email addresses in posts, pages, comments, excerpts and text widgets.

    It has no effect on email addresses in a header… are there any plugins that do this?

  4. Nathan says

    Good tutorial on Protect Emails from Spammers with WordPress Email Encoder. Thanks for this tutorial

Leave A Reply

Thanks for choosing to leave a comment. Please keep in mind that all comments are moderated according to our comment policy, and your email address will NOT be published. Please Do NOT use keywords in the name field. Let's have a personal and meaningful conversation.