Hiding email addresses from spammers has a long history. There are some obvious golden goals, like making the process seamless to your visitors, and b …
Hiding email addresses from spammers has a long history. There are some obvious golden goals, like making the process seamless to your visitors, and be practicable to implement. The one that often gets left out is accessibility, but in some areas this is actually a legal requirement.[1]
To my knowledge, this plugin implements the best method so far devised. Credit goes to Roel Van Gils for this technique, which he calls Graceful Email Obfuscation.[2] The basic idea is actually very simple: use PHP and JS to hide the address effectively, and make sure the fallback can be used easily by blind or visually impaired users by using a text-based CAPTCHA.
The PHP code takes passed-in emails and generates simply-encoded string using alphabetic characters. It is therefore very hard to imagine what sort of spammer’s parser could possibly detect it. The only way is to load the whole DOM and jQuery to run the decryption routine. As far as we know, no bots go to those lengths, but it adds essentially no overhead if the theme or any other plugins already load jQuery; otherwise a fraction of a second might be added to page load.
Amazingly, no other WordPress plugins seem to use this method, either offering very little spam protection, or not coping with JavaScript turned off (3-10% of users). Private Daddy comes closest, but falls at the last hurdle by offering an image CAPTCHA with no non-visual alternative. Clunky though my first code bash is, it seems to the best available at the moment if accessibility is really important to you (of course, if I did not think that, I would not have written this). There is a similar Drupal plugin.[3]
The most viable alternative methods are:
display: none;
to remove elements inside the link text. There is still no clickable link, which makes it hard for the blind to use.If there is no JavaScript, the user is taken to a page on the site using an empty content box where they are asked a simple text question to check whether they are a human. Basic sums are asked at the moment, though a wider range of questions could be added using the testCAPTCHA.com service.
Further reading:
Some notes and future details on my site
To use:
geo-spam-prevention
to the /wp-content/plugins/
directory.[email]
in your pages and posts.The link can either be put inside the tag:
[email][email protected][/email]
Or, an alternate link text can be provided by using href
:
[email href="[email protected]"]Contact Anthony[/email]
Further, any style
or class
attributes used on [email]
get passed down to the <a>
element generated, which also has the geo-address
class added to it for styling your email links.
The plugin grabs the frontpage and uses it to to display the CAPTCHA. The actual page layout is highly dependent on the theme, so the plugin applies a fairly standard heuristic, putting its content inside any div with id main or content, or role main. That covers pretty much all themes. If the auto-detection does not work, the whole page is replaced instead. The upshot is that it should function fine, but may mess up the style if various wrappers or complex CSS rules are used in the theme.
The choice of human-accessible questions could be opened up. A page scanner to avoid the use of shortcodes could be offered.
A fairly hefty change to the way the CAPTCHA is placed on the frontpage. I had made a bad assumption about how a WP hook worked, and rectifying it required engineering a vastly more fiddly piece of apparatus requiring parsing and fiddling with the document. It ought to be as close to bullet-proof as can be, much better the regular expressions.
First release