Back to blog

E-mail harvesters are programs used by e-mail spammers to scan pages on the Web to collect email addresses and send spam messages. Your e-mail may be vulnerable to these kinds of programs, if it is publicly visible through your WordPress website.

wordpress-security

There is a few pieces of advice to protect yourself from unsolicited mails, while your email address remains available.

Create Throwaway Email

Creating a substitute e-mail address at free services, such as Yahoo Mail or GMail, is a popular solution to e-mail harvesting. Add this e-mail address to your website. By providing the function the_author_meta(‘user_email’), WordPress makes it easy to display the address on your site. Just add the tag within the Loop portion of your templates:

<?php the_author_meta(‘user_email’); ?>

If spam messages come too often, simply create a new account, delete this one and add this new address in your profile. Your site will be updated immediately without changing template files. This method allows you to check messages that were specifically sent from your visitors.

Disguise Your Email Address

Converting the symbols in an e-mail to typically parenthesized words is a simple way to “fool” e-mail harvesters. For instance, john.smith@.com becomes john(dot)smith(at)com. Harvesters tend to ignore it since this is not recognized as a valid email format.

Encoding or transforming characters in an address to their HTML equivalent numeric character reference or character entity is a slightly more complicated method. It means the @ symbol in an address becomes &#64; the letter “a becomes &#97; and so on. While your browser renders them correctly, these should appear as gobbledygook to harvesters. Also, to encode your email address you can use a free online encoder or use the WordPress` antispambot() function:

<?php echo antispambot(get_the_author_meta(‘user_email’)); ?>

The antispambot() function parses the e-mail address passed by get_the_author_meta(‘user_email’). Similarly to the_author_meta(‘user_email’), it returns rather than displays the author’s e-mail address. To display the output of antispambot(), echo command is used. It adds a little more firepower to the spam protection arsenal, since it encodes portions of an address randomly, so the letters encoded are different each time you load the page.

Pay attention: Unfortunately, obfuscating your email address in WordPress will not work, since it does not allow invalidly formatted e-mail addresses to be used in one’s website.

Replace Plain Text Email with Images

Create an image of your email address with the help of the screen capture software. Then, using an image editor, crop it to needed size and insert it wherever you like. It is another easy trick for disguising your email.

Please note that screen reading software will not be able to read your email address either (it is usually used by people with vision impairment). Provide a second form of contact if you use this method.

Using Anti Spam Plugins

There are a number of plugins which do this work automatically in posts and pages. For instance, Captcha plugin will add a captcha form to your web pages. It will protect your blog from spam by means of elementary math logic, easily understandable if you are a human. This captcha can be used for login, comments, password recovery and registration forms. Also, try Google Captcha (reCAPTCHA) plugin which will implement a security captcha form into your website. In addition, using one of the abovementioned plugins with Limit Attempts plugin will ensure really strong protection of your website from spammers.



Popular Posts

Like This Article? Subscribe to Our Monthly Newsletter!

Comments are closed.