Plugin / Graceful Email Obfuscation



Hiding email addresses from spammers has a long history. There are some obvious golden goals, like making the process seamless to your visitors, and be practicable to implement. The one that often gets left out is accessibility, but in some areas this is actually a legal requirement.[1]

The method

To my knowledge, this plugin implements the best method so far devised. Credit goes to Roel Van Gils for this technique, which he calls Graceful Email Obfuscation.[2] The basic idea is actually very simple: use PHP and JS to hide the address effectively, and make sure the fallback can be used easily by blind or visually impaired users by using a text-based CAPTCHA.

The PHP code takes passed-in emails and generates simply-encoded string using alphabetic characters. It is therefore very hard to imagine what sort of spammer’s parser could possibly detect it. The only way is to load the whole DOM and jQuery to run the decryption routine. As far as we know, no bots go to those lengths, but it adds essentially no overhead if the theme or any other plugins already load jQuery; otherwise a fraction of a second might be added to page load.

Comparisons with other plugins

Amazingly, no other WordPress plugins seem to use this method, either offering very little spam protection, or not coping with JavaScript turned off (3-10% of users). Private Daddy comes closest, but falls at the last hurdle by offering an image CAPTCHA with no non-visual alternative. Clunky though my first code bash is, it seems to the best available at the moment if accessibility is really important to you (of course, if I did not think that, I would not have written this). There is a similar Drupal plugin.[3]

Comparisons with other methods

The most viable alternative methods are:

  1. Using images (cf. Visagefolio). This requires typing and is a pain for everyone.
  2. Poor “test [at] example [dot] com” style text replacements provide no protection and annoy users.
  3. Clever things like outputting “moc.elpmaxe@tset” and using CSS unicode rules to reverse it. Unfortunately these cause trouble for the blind and in some browsers make it confusing to copy and paste the link.
  4. Using XML comments or CSS display: none; to remove elements inside the link text. There is still no clickable link, which makes it hard for the blind to use.

JavaScript fallback

If there is no JavaScript, the user is taken to a page on the site using an empty content box where they are asked a simple text question to check whether they are a human. Basic sums are asked at the moment, though a wider range of questions could be added using the service.


  1. See particularly ‘508’ legislation in America.
  2. Original description on A List Apart.
  3. Drupal plugin

Further reading:

  1. GEO review by Ken Carlson
  2. Spam obfuscation comparison recommending use of this method for 508 compliance: .eduGuru article by Michael Fienen

Some notes and future details on my site


1 reviews

Rating breakdown

Details Information



First Released

28 Mar, 2010

Total Downloads


Wordpress Version

2.8 or higher

Tested up to:


Require PHP Version:





The plugin hasn't been transalated in any language other than English.


The information provided in this THEME/PLUGIN DIRECTORY is made available for information purposes only, and intended to serve as a resource to enable visitors to select a relevant theme or plugin. wpSocket gives no warranty of any kind, express or implied with regard to the information, including without limitation any warranty that the particular theme or plugin that you select is qualified on your situation.

The information in the individual theme or plugin displayed in the Directory is provided by the owners and contributors themselves. wpSocket gives no warranty as to the accuracy of the information and will not be liable to you for any loss or damage suffered by you as a consequence of your reliance on the information.

Links to respective sites are offered to assist in accessing additional information. The links may be outdated or broken. Connect to outside sites at your own risk. The Theme/Plugin Directory does not endorse the content or accuracy of any listing or external website.

While information is made available, no guarantee is given that the details provided are correct, complete or up-to-date.

wpSocket is not related to the theme or plugin, and also not responsible and expressly disclaims all liability for, damages of any kind, arising out of the use, reference to, or reliance on, any information or business listed throughout our site.

Keep Leading Your Followers!
Share it for them.