Age of Article Warning:
This article was originally published 19 months ago. The tips and techniques explained may be outdated, or information may longer be applicable. Please consider this when viewing the below content.

Whenever you include your email address online you are asking for spam

An email address is a valuable piece of information. In the right hands it becomes valuable for your business, whether you are networking with other businesses or communicating with customers and clients.

In the wrong hands, your email is soon clogged up with useless spam and rot.

So how do you protect your email address on a WordPress website or blog?

Email spamming is all about grabbing email addresses. Programs known as email harvesters scan the internet for email addresses so they can be added to lists and then targeted with garbage (ie unsolicited email). So if you simply paste your email address on a web page, then you you are just signing up for spam.

So instead you want to make it easy for genuine people to contact you, without any obstacles.

Method 1: Don’t show the email address at all

This one really depends on personal preference. I prefer not to display an email address usually, instead providing a simple and easy contact form on a website. The advantage of this is that you can set required information such as a contact phone number, an email address, perhaps how they found out about you or your business, or other specific information. To prevent spam bots filling in the contact form you can use spam plugins such as Anti-spam or use the honeypot technique (hidden field that only spambots fill in and then the email is rejected).

Another advantage of this is that you can redirect the user to a thank you page, or send a customised auto reply, offer a special, perhaps add them to your email newsletter list (with their permission of course).

The main disadvantage is that they might mis-type their email address, they don’t get to use their preferred email client, they don’t get your email address until/unless you reply email, and also the person might not want to fill in the form.

Method 2: Visual Interpretation

This one works quite well and you are simply showing your email address, but not making it readable to spiderbot harvesters.

Either you show a picture image of your email address, or you add it as text in the form myemail(AT)mywebsite(DOT)com.

This works quite well, though the main problem is that a user has to open up their email client then type the email address in, and this can sometimes be too much effort, or otherwise they could mistype and send the email to the wrong place. Then the client might wonder why you never responded.

Method 3: Encode or obfuscate your email address

If you definitely would prefer to display your email address on your website, so that a client can either copy and paste it into their email client, or even a clickable link that opens up the mail client with the email address ready to go, then you can use the WordPress antispambot() function.

It is really easy to use, and to make it even easier I have created a simple shortcode function below that will either extract the email address from the user profile or allow you to type in the email address to use, encode the email address, then display it as a clickable link for you to use.

//antispam email addresses
function hide_email_addresses_sc($atts, $content = null) {
    $emailaddress_fields = shortcode_atts(array(
        'id' => '',
        'email' => ''
    $userid = $emailaddress_fields['id'];
    $e_mail = $emailaddress_fields['email'];
    if ($userid !=='' && $e_mail =='') {
        $emailaddress = get_the_author_meta('user_email',$userid);
        return '<a href="mailto:'.antispambot($emailaddress).'">'.antispambot($emailaddress).'</a>';
    if ($userid =='' && $e_mail !=='') {
        return '<a href="mailto:'.antispambot($e_mail).'">'.antispambot($e_mail).'</a>';
    else {
        return '';

Simply add the above shortcode function to your childtheme’s functions.php file and then you can use the shortcode in either of the following ways:

[hide_email id="1"] // this will allow you to display the clickable encoded email address for a registered user on your site (uses the email address in the user profile with the id= 1)

[hide_email email=""] // this will allow you to display a clickable encoded email address for the email address you enter

Other options
For alternatives on preventing spam collection of your email address you can review the WordPress Codex.

How do you prevent harvesters grabbing your email address?

3 ways you can protect your email address on WordPress was last modified: September 6th, 2016 by David Tiong
3 ways you can protect your email address on WordPress