Hikari Email & URL Obfuscator

Email and normal links are obfuscated, hiding them from spambots. It automatically encodes each link, then uses JavaScript to decode and show them.

Author:	Hikari (profile at wordpress.org)
WordPress version required:	2.8.0
WordPress version tested:	3.0.5
Plugin version:	0.08.10
Added to WordPress repository:	29-01-2010
Last updated:	14-10-2010 Warning! This plugin has not been updated in over 2 years. It may no longer be maintained or supported and may have compatibility issues when used with more recent versions of WordPress.
Rating, %:	0
Rated by:	0
Plugin URI:	http://Hikari.ws/email-url-obfuscator/
Total downloads:	15 914
Active installs:	80+
Click to start download

Spam is website publishers #1 concern, we wanna share our and our visitors' emails to those who should have access to them, but don't want spam harvesters stealing them and sending garbage to us. A lot of techniques had been developed to hide our emails from these delinquents, while having them shown to real people.

And together with spam harvesting, on 15 June 2009, Matt Cutts, a well known software engineer of Google, announced that Google Bot will no longer ignore nofollowed links for PageRank, and now we lose PR/link juice for every link we add to our pages, even if we use rel="nofollow" on them. So, now we must hide links from Search Engines too!

I've been searching for an ultimate obfuscation solution for both emails and URLs, that would be user-friendly for me the content publisher, and for my visitors. I've seen a lot of solutions, some that inspired me, but none that would fit my needs. It was time to start coding 🙂

Hikari Email & URL Obfuscator plugin obfuscates emails and URL links, to hide them from spam harvesters and Search Endigne crawlers. It uses ROT13 or cc8b to encode each link while PHP is building the page, then uses JavaScript to decode it and show it to the user. If JavaScript is not available, it uses CSS to hide them.

It doesn't use shortcodes, it works directly over HTML links, parsing and obfuscating them. By default it filters all texts in posts, comments, comments authors and text widgets, but you can manually use it anywhere you want.

Basically, Hikari Email & URL Obfuscator plugin searches for links that contain URLs and emails on their href atrribute. For each found link, it is replaced by an obfuscated string, and a JavaScript function is called, having in its parameters the required data for JavaScript to decode and recreate the original link.

The obfuscated string is then merged back by CSS to a readable URL/email text, so that human visitors can read it while spam harvesters and searchbots will not be able to detect it as a valid email/URL.

And, for JavaScript-enabled visitors, this string is replaced by a link with the exact same behavior and attributes of your original link, so that they can interact with it as if there was no obfuscation in place! (Really, there is no way to diferenciate an obfuscated link generated by JavaScript from the original link, unless the HTML document' source is verified or a development tool as FireBug is used!)

It uses 4 obfuscation techniques, 2 JavaScript solutions and 2 CSS alternatives for JavaScript-disabled browsers.

For CSS, it may revert the link string while PHP is building the page and then CSS reverts it back. Or it may add garbage text between the link, and CSS prevents this extra text from being rendered, so any user-agent that doesn't use CSS can't find the link but browsers show it clearly.

Now, when JavaScript is available, it is delivered with the original link, encoded using ROT13 or cc8b by PHP. The link is then decoded back by JavaScript and added to the page, so that real users don't even notice the original link was replaced.

And, disregarding the used technique, we content publishers must do nothing different while building our content, just activate the plugin and it does everything else for us 🙂

I dedicate Hikari Email & URL Obfuscator to Ju, my beloved frient ^-^

Features

Works instantly, no need to edit your posts to have your links obfuscated: Hikari Email & URL Obfuscator plugin automatically detects them and starts obfuscating as soon as it is activated.
Unobstructive JavaScript: links are obfuscated and shown for visitors with and without JavaScript, forget those "you must enabled javascript to see this email" messages!
They are real links!: any attribute you can use in an <a> tag you also can use in obfuscated links (JavaScript version only).
Customization: CSS doesn't let we have real links, but we can at least choose if our obfuscated text will have email only, text only, or both!
XHTML 1.1 valid: obfuscated links and JavaScript code are valid even in XHTML 1.1 standard. It makes the plugin valid inclusive in HTML 4.0, XHTML 1.0 Strict, XHTML 1.0 Transitional and HTML5!

Advantages over other obfuscation solutions

Your visitors will see your emails and URLs even if they keep JavaScript disabled.
Automatic: you don't need to take special actions to start obfuscating, as using shortcodes in place of links or an external tool to get your obfuscation code. Just normally use your links in your posts and let the plugin do the rest!
Sitewide: instantly works in your existing posts, pages, comments and text widgets, just after you activate it.
Diversity: for each link, it randomly chooses between 2 CSS and 2 JavaScript obfuscation methods, making it harder for spammers to crack it.
Extensible: you can call it manually, and add it to other plugins and themes filters.
Customizable: use custom parameters to force or avoid specific links from being obfuscated, and to define how non-JavaScript obfuscation will behave.

FAQ

Don’t I really need to change anything in my links for them to be obfuscated?

No, you don’t. Hikari Email & URL Obfuscator plugin uses WordPress hooks to filter links on the fly, it automatically finds all your links and obfuscate them for you, directly in your posts / comments / text widgets.

Does your plugin change ANYTHING in my content stored in database?

This is a dilemma I always have with plugins that I install and I feel in need to explicitly explaining it.

No, Hikari Email & URL Obfuscator plugin does NOT touch your content database! Its filter runs in read time, AFTER your content is queried from database and before it is sent to your visitor. Your original content and your original links will remain untouched, and as soon as you deactivate the plugin your site will go back to what it was before it ever knew the plugin existed.

Can I have a usage exemple?

You can go to my sites at Hikari WebSite or Consciência Planetária and take a look, they use it. Verify its page source and how links look like with JavaScript disabled and then enabled.

Is there any way to customize the plugin default behavior?

Yes, it has custom parameters that are used as CSS classes, in the same way some microformats do. You can see a list of them, with description and exemples at Hikari Email & URL Obfuscator – Advanced Usage.

Is there any way to block it from obfuscating one of my links?

Yes, in the previous question I mensioned custom parameters.

One of them is hkmuob_no_obfuscate, and when used the link won’t be obfuscated.

Are my internal links obfuscated too?

No, links with your website URL and relative links (without http:// ) are not obfuscated.

How can I obfuscate stuff out of post / comment / text widget areas?

If you wanna obfuscate emails and URLs that are our of these areas (in the theme templates or in another plugin for exemple), it’s pretty easy.If you wanna obfuscate emails and URLs that are out of these areas (in the theme templates or in another plugin for exemple), it’s pretty easy.

First you prepare the content and store it in a string variable normally, let’s say it is in $footerContent. Once you have the string, you verify if the plugin is activated by testing if its class HkMuob exists, and if so you grab it’s object $hkMuob and call the method $hkMuob->filter($footerContent). It will return a string variable with your content already obfuscated and ready to be echoed. Attention! You must use the global object the plugin creates, because it has internal variabled that will be used in the page footer to interact with JavaScript, if you create another object it will not work! Here’s a full exemple:

<?php

// first we repare our content with anything we want, and store it in a variable
$footerContent = "I'm a neat content with links inside." .
    ' <a href="mailto:no.spam@spam.com" title="c\'mon mail me!" target="_blank" class="stylish-class">mail me</a>';

// if the class exists, then the plugin is availabe and we can use it to obfuscate any content
// if not, then we just echo the original content without obfuscating
if(class_exists('HkMuob')){

    // class is available, let's get its global variable
    global $hkMuob;

    // now we ask the plugin to filter our content and add any found link to plugin's internal queue
    $footerContent = $hkMuob->filter($footerContent);

    // now $footerContent has the same content as before, but with obfuscated links
}

// whether or not we were able to obfuscate our links, let's print our neat content
echo $footerContent;

?>

You can see a more detailed explanation at Manually filtering other links

Help! My link has a small text and large URL, and now it is breaking my layout!

Oh man, it can happen for links with small texts in small places.

Fortunately, there are a bunch of custom parameters that can help you tune up your links when JavaScript is disabled. Just take a look on the link referenced in previous questions and read about these custom parameters, you’ll be able to do some interesting stuff with them 🙂

Hide FAQ

ChangeLog

Choose right WordPress plugin from thousands others in a moment