[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fTsMZ-gs7AUB17pGDH15Xi5fTGDXq688LQnSApL0dEDk":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":48,"crawl_stats":38,"alternatives":51,"analysis":138,"fingerprints":172},"email-address-obfuscation","Email Address Obfuscation","1.2.0","Neotrendy","https:\u002F\u002Fprofiles.wordpress.org\u002Fneotrendy\u002F","\u003Cp>A lightweight plugin that protects email addresses from email-harvesting bots, by converting email addresses characters to HTML entities. Hide email from Spam Bots using a shortcode \u003Ccode>[obfuscate_email]\u003C\u002Fcode> and built-in WordPress function \u003Ca href=\"https:\u002F\u002Fdeveloper.wordpress.org\u002Freference\u002Ffunctions\u002Fantispambot\u002F\" title=\"antispambot\" rel=\"nofollow ugc\">antispambot()\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Obfuscate plain email address\u003C\u002Fli>\n\u003Cli>Obfuscate href mailto link in HTML anchor element\u003C\u002Fli>\n\u003Cli>Support for custom CSS class\u003C\u002Fli>\n\u003Cli>Support for email subject\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Usage\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Obfuscate plain email address\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[obfuscate_email email=\"your@email.com\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Create clickable email address\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[obfuscate_email email=\"your@email.com\" link=true]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Add CSS class to the HTML anchor element\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[obfuscate_email email=\"your@email.com\" link=true class=\"my-class another-class\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Obfuscate email address with email subject\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[obfuscate_email email='your@email.com?subject=My custom email subject']\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>Shortcode parameter\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ccode>email\u003C\u002Fcode> required – Email address.\u003C\u002Fli>\n\u003Cli>\u003Ccode>link\u003C\u002Fcode> optional – Set true if you want to create clickable email address.\u003C\u002Fli>\n\u003Cli>\u003Ccode>class\u003C\u002Fcode> optional – Add space separated list of classes.\u003C\u002Fli>\n\u003C\u002Ful>\n","Email Address Obfuscation prevents email harvesting by hiding email address appearing in your pages, while remaining visible to your site visitors.",2000,10615,100,4,"2025-11-28T10:30:00.000Z","6.9.4","2.5","5.6",[20,21,22,23,24],"anti-spam","email","obfuscate","obfuscation","protect","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Femail-address-obfuscation.1.2.0.zip",99,1,0,"2024-12-03 23:42:14","2026-03-15T15:16:48.613Z",[33],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":40,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":30,"updated_date":45,"references":46,"days_to_patch":28},"CVE-2024-11935","email-address-obfuscation-authenticated-contributor-stored-cross-site-scripting-via-class-parameter","Email Address Obfuscation \u003C= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via class Parameter","The Email Address Obfuscation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘class’ parameter in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",null,"\u003C=1.0.1","1.1.0","medium",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2024-12-04 12:37:46",[47],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F8b777b19-ca0a-4082-80ee-e18a31ba6308?source=api-prod",{"slug":49,"display_name":7,"profile_url":8,"plugin_count":28,"total_installs":11,"avg_security_score":27,"avg_patch_time_days":28,"trust_score":27,"computed_at":50},"neotrendy","2026-04-04T21:01:41.171Z",[52,72,90,109,123],{"slug":53,"name":54,"version":55,"author":56,"author_profile":57,"description":58,"short_description":59,"active_installs":60,"downloaded":61,"rating":29,"num_ratings":29,"last_updated":62,"tested_up_to":16,"requires_at_least":63,"requires_php":64,"tags":65,"homepage":70,"download_link":71,"security_score":13,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"protect-my-infos","Protect My Infos","1.3.8","Yuga Web","https:\u002F\u002Fprofiles.wordpress.org\u002Fyugaweb\u002F","\u003Cp>\u003Cstrong>Protect My Infos\u003C\u002Fstrong> is a WordPress plugin designed to protect sensitive information, such as phone numbers and email addresses, by obfuscating or hiding them on the frontend of your site.\u003C\u002Fp>\n\u003Cp>Emails and phone numbers are encoded and hidden from bots, while visitors can interact with placeholders to reveal the information.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Obfuscate sensitive information with placeholders, blur effects, or base64 encoding.\u003C\u002Fli>\n\u003Cli>Use the \u003Ccode>[protect_my_infos]\u003C\u002Fcode> shortcode for integration in posts or pages.\u003C\u002Fli>\n\u003Cli>Fully customizable settings for icons, colors, and reveal texts.\u003C\u002Fli>\n\u003Cli>Easy-to-use admin interface.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>This plugin integrates with the PayPal Donate API to facilitate donations via PayPal’s secure platform.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Service Name\u003C\u002Fstrong>: PayPal Donate API\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Purpose\u003C\u002Fstrong>: To provide a “Donate” button for collecting user donations securely via PayPal.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Data Sent\u003C\u002Fstrong>:\n\u003Cul>\n\u003Cli>Donation amount\u003C\u002Fli>\n\u003Cli>Currency\u003C\u002Fli>\n\u003Cli>PayPal Merchant ID\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cstrong>When\u003C\u002Fstrong>: Data is sent to PayPal only when a user interacts with the “Donate” button.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Service Links\u003C\u002Fstrong>:\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.paypal.com\u002Fus\u002Fwebapps\u002Fmpp\u002Fua\u002Flegalhub-full\" rel=\"nofollow ugc\">PayPal Terms of Service\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.paypal.com\u002Fus\u002Fwebapps\u002Fmpp\u002Fua\u002Fprivacy-full\" rel=\"nofollow ugc\">PayPal Privacy Policy\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Note: This plugin does not store or process sensitive personal information. All payment transactions are handled securely by PayPal’s platform.\u003C\u002Fp>\n","Protect sensitive information like emails and phone numbers from bots with advanced obfuscation techniques.",90,914,"2025-12-11T15:33:00.000Z","5.0","7.2",[20,66,67,68,69],"email-obfuscation","phone-number-protection","privacy","security","https:\u002F\u002Fwww.yugaweb.com\u002Fprotect-my-infos\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fprotect-my-infos.1.3.8.zip",{"slug":73,"name":74,"version":75,"author":76,"author_profile":77,"description":78,"short_description":79,"active_installs":80,"downloaded":81,"rating":29,"num_ratings":29,"last_updated":82,"tested_up_to":83,"requires_at_least":84,"requires_php":25,"tags":85,"homepage":25,"download_link":88,"security_score":89,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"tg-email-protection","TG Email Protection","1.0","Ashok Dhamija","https:\u002F\u002Fprofiles.wordpress.org\u002Fashokdhamija\u002F","\u003Cp>Unsolicited email or email spam is a huge problem that netizens have to face on daily basis. It is estimated that about 90% of all emails sent are spam mails. It was estimated that spam cost businesses to the order of $100 billion in the year 2007 [source: Wikipedia]. Spammers use email harvesting spambots or email spider software to automatically collect email addresses displayed on websites. Therefore, displaying email addresses on your websites can be an invitation to the spammers to collect your email addresses and then start sending you spam mail. At the same, it may be necessary to show your contact email addresses to the genuine visitors to your website. So, what is the solution?\u003C\u002Fp>\n\u003Cp>TG Email Protection plugin provides a solution to this issue. Obfuscate or hide the email addresses from the spambots or email spider software, while at the same time displaying the same email addresses to the genuine visitors. Thus, while genuine visitors can see your contact and support email addresses and other email addresses displayed on your websites, the email spider software and spambots cannot automatically harvest your email addresses. For this to happen, obfuscation is used to hide the email addresses included in your WordPress website or blog from spambots and email spider software. This plugin uses different methods to achieve this twin objective in order to fight spam mail and to protect your email addresses. More methods of obfuscating email addresses to conceal them from email spambots may be added to the plugin in future.\u003C\u002Fp>\n\u003Cp>How does the plugin obfuscate an email address? In fact, the plugin uses fast and efficient search of the content being delivered, to search for all email addresses in your content and then to obfuscate them on-the-fly. It happens whenever a page is about to be delivered to your visitor. The contents of your database are NOT changed by the plugin. What the plugin does is something like this: when a visitor requests a post or page to be displayed in the browser (by visiting its URL), WordPress extracts the relevant contents from the database; it is at this time that this plugin steps in and filters these contents in a fast and efficient manner, searching and obfuscating the email addresses found in such contents which have already been extracted or copied from the database. Thus, the contents of your database are not changed at all by this plugin. Only the (copy of the) contents being shown to the visitors are shown in a different (obfuscated) manner. While the visitor will still see the email address as usual, it will be obfuscated or hidden from the email spambots and spider software.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Two options to obfuscate email addresses\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>TG Email Protection plugin offers two different options for obfuscating your email addresses, while at the same time displaying them to the genuine visitors:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Select to automatically obfuscate all email addresses shown on your website. When this option is selected, the plugin will obfuscate all email addresses in your content being delivered to the visitors on-the-fly. When this option is selected, you may still separately and individually disable (or enable) obfuscation of email addresses from specific parts of your contents being delivered, such as the main contents, title, excerpts and comments of the post or page, and also from the blog description \u002F information and widget texts. Email addresses in mailto: format are also supported with this option.\u003C\u002Fli>\n\u003Cli>Use a shortcode to selectively protect or obfuscate each individual email address that you want. Shortcode can be used only when the above setting for automatic obfuscation of email addresses on the website is NOT selected; otherwise, shortcode will NOT do anything. So, please use shortcode only with this understanding. This is for the obvious reason that where you have already selected the option to obfuscate all email addresses on your website, all email addresses are in any case being obfuscated so that there is no need to use shortcode to obfuscate an individual email address.  To use shortcode, use format like this: [tgemail]person@example.com[\u002Ftgemail], where person@example.com is the email being obfuscated. Put this shortcode in any of your posts, pages or widgets, wherever you want to display the email address. Please do NOT use shortcode for email in mailto: format.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Additional options of changing @ and . (DOT) symbols in email addresses:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>TG Email Protection plugin provides you an additional (optional) measure to further obfuscate the email addresses by replacing the @ and . (DOT) symbols in email addresses by something like ‘ (AT) ‘ and ‘ (DOT) ‘ respectively or some other similar text to be chosen by you. While a user can obviously understand what such text stands for, an email spambot may not be able to know that, more so if you use your own custom text which can properly explain its purpose of replacing the @ and . (DOT) symbols in email addresses.\u003C\u002Fp>\n\u003Cp>Once installed, the settings of the TG Email Protection plugin would be available for being changed from the ‘TG Email Protection’ option in the ‘Settings’ menu on the admin screen (back-end) of your WordPress website or blog.\u003C\u002Fp>\n\u003Cp>Detailed instructions have been provided on the settings \u002F options page of TG Email Protection plugin in the admin area. Each setting has been explained in detail.\u003C\u002Fp>\n\u003Cp>You can use this plugin and test the results of obfuscating the email addresses from spambots. In our extensive tests conducted with several email spiders and spambot software, we have found that this plugin is completely successful in hiding the email addresses from the spammers by using innovative and randomized techniques.\u003C\u002Fp>\n\u003Cp>This plugin works on all WordPress websites or blogs. It is a very light-weight plugin.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>About the plugin and our other plugins:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This plugin has been developed by \u003Ca href=\"http:\u002F\u002Ftilakmarg.com\u002Fdr-ashok-dhamija\u002F\" rel=\"nofollow ugc\">Ashok Dhamija\u003C\u002Fa>, who has also developed few other plugins, such as the following:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftg-facebook-comments\u002F\" rel=\"ugc\">TG Facebook Comments\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftg-copy-protection\u002F\" rel=\"ugc\">TG Copy Protection\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftg-customized-tags\u002F\" rel=\"ugc\">TG Customized Tags\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n","Protect email addresses from being harvested by spammers and spambots, obfuscating them. Your visitors can still see email addresses.",50,2276,"2015-08-12T02:33:00.000Z","4.2.39","3.0.1",[21,66,86,22,87],"email-protection","obfuscator","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftg-email-protection.1.0.zip",85,{"slug":91,"name":92,"version":93,"author":94,"author_profile":95,"description":96,"short_description":97,"active_installs":98,"downloaded":99,"rating":13,"num_ratings":28,"last_updated":100,"tested_up_to":16,"requires_at_least":101,"requires_php":102,"tags":103,"homepage":25,"download_link":108,"security_score":13,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"email-no-bot","Email No Bot – Prevent bots from detecting emails","0.0.3","Jose Mortellaro","https:\u002F\u002Fprofiles.wordpress.org\u002Fgiuse\u002F","\u003Cp>With Email No Bot humans will see the emails that you write using the \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FShortcode\" rel=\"nofollow ugc\">shortcode\u003C\u002Fa> [hide_email email=”example@mail.com”], but robots will not.\u003C\u002Fp>\n\u003Cp>The user will not be able to copy the email in the clipboard. If you think this is a problem, this plugin is not for you.\u003C\u002Fp>\n\u003Cp>Looking at the screen you can see the email, but if you inspect elements, instead of the email you will see something strange, and not predictable. That’s what a bot will also see.\u003C\u002Fp>\n\u003Cp>The output is something very random for the bot, and even if the code of this plugin is open source, no bot will be able to decrypt the email.\u003C\u002Fp>\n\u003Cp>There are amazing plugins for contact forms, but sometimes what you really need is just an email that people can use to contact you.\u003Cbr \u002F>\nContact forms are so popular because a bot will not be able to get your email, but if you have a way to prevent bots from getting your email, you can simply add it to your page without the need of a contact form. Your page will be lighter and simple.\u003C\u002Fp>\n\u003Cp>Email No Bot has no settings page, it doesn’t write anything in the database, and it doesn’t load any asset on frontend, it just provides a shortcode, that’s it.\u003C\u002Fp>\n\u003Ch3>How to encrypt an email with Email No Bot\u003C\u002Fh3>\n\u003Cp>To encrypt an email use the shortcode \u003Cstrong>[hide_email email=”example@mail.com”]\u003C\u002Fstrong>.\u003Cbr \u002F>\nOf course, replace example@mail.com with the email that you want to display.\u003Cbr \u002F>\nYou can see an example and see how it works on the blog post \u003Ca href=\"https:\u002F\u002Fjosemortellaro.com\u002Fprevent-bots-from-getting-emails-from-your-website\u002F\" rel=\"nofollow ugc\">Prevent bots from getting emais from your website\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Main features of Email No Bot\u003C\u002Fh3>\n\u003Cp>It obfuscate emails with 52 lines of code! The entire zip is less than 3 kB. No complicated settings, no database queries, no assets, nothing else than a shortcode. You will have no spam at zero cost in terms of performance. The weight of this plugin similar to the weight of \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fhello-dolly\u002F\" rel=\"ugc\">Hello Dolly\u003C\u002Fa>.\u003Cbr \u002F>\nYou can see here the \u003Ca href=\"https:\u002F\u002Fplugintests.com\u002Fplugins\u002Fwporg\u002Femail-no-bot\u002Flatest\" rel=\"nofollow ugc\">consumption of Email No Bot\u003C\u002Fa>. As you will see it’s not measurable.\u003C\u002Fp>\n\u003Ch3>Limitations of Email No Bot\u003C\u002Fh3>\n\u003Cp>The user will not be able to copy the email in the clipboard. But this is also what makes this plugin so powerful against spam bots.\u003C\u002Fp>\n\u003Ch3>Similar plugin to hide links\u003C\u002Fh3>\n\u003Cp>If you need something similar to hide links, you can try \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fhide-link\u002F\" rel=\"ugc\">Hide Link\u003C\u002Fa>\u003C\u002Fp>\n","Humans will see the email address on your page, but robots will not.",200,6485,"2025-12-05T09:20:00.000Z","4.6","7.4",[104,66,105,106,107],"email-encryption","no-bot","spam-email","spam-protection","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Femail-no-bot.0.0.3.zip",{"slug":110,"name":111,"version":75,"author":112,"author_profile":113,"description":114,"short_description":115,"active_installs":116,"downloaded":117,"rating":29,"num_ratings":29,"last_updated":25,"tested_up_to":118,"requires_at_least":6,"requires_php":25,"tags":119,"homepage":120,"download_link":121,"security_score":13,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":122},"makesafe","Make Safe","mattdeclaire","https:\u002F\u002Fprofiles.wordpress.org\u002Fmattdeclaire\u002F","\u003Cp>This plugin finds email addresses in the page (anywhere in the resulting HTML, not just the post content), and munges it into a random combination of encoded characters, and outputs a snippet of JavaScript to write the munged string to the page.\u003C\u002Fp>\n","Obfuscates email addresses.",10,1759,"3.3.2",[21,22,107],"http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fmakesafe","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmakesafe.zip","2026-03-15T10:48:56.248Z",{"slug":124,"name":125,"version":126,"author":127,"author_profile":128,"description":129,"short_description":130,"active_installs":116,"downloaded":131,"rating":13,"num_ratings":28,"last_updated":132,"tested_up_to":16,"requires_at_least":63,"requires_php":133,"tags":134,"homepage":136,"download_link":137,"security_score":13,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"planleft-contact-camo","Contact Camo","1.0.22","Plan Left","https:\u002F\u002Fprofiles.wordpress.org\u002Fplanleft\u002F","\u003Cp>Contact Camo protects email addresses by obfuscating or completely hiding them in both the source code and the DOM.\u003C\u002Fp>\n\u003Ch3>What Is It?\u003C\u002Fh3>\n\u003Cp>Contact Camo is a plugin for WordPress developed by Plan Left that effectively hides or obfuscates email addresses from scammers, web scrapers and internet bots to help minimize spam and other nefarious, automated actors.\u003C\u002Fp>\n\u003Cp>In addition to protecting  email addresses, Contact Camo also provides some granular control over how those protected  email addresses can be displayed and interacted with by users that are very useful to site builders and also help make site maintenance easier.\u003C\u002Fp>\n\u003Ch3>Example Use Cases\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Educational Organization with large faculty directories\u003C\u002Fli>\n\u003Cli>Nonprofits who need to be accessible without displaying in-content email addresses\u003C\u002Fli>\n\u003Cli>Large Organizations who have departmental pages and points of contact but don’t want to maintain multiple contact forms\u003C\u002Fli>\n\u003Cli>Anyone who doesn’t want to expose email addresses to the scammers, scrapers and bots of the internet.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Why Did You Make This Plugin?\u003C\u002Fh3>\n\u003Cp>We work with many non-profits and educational organizations that need to list contact info in directories on their website. Due to the public visibility of these and their large user base, our clients web properties are under constant threat from spammers and bots. We wanted to ensure that their user directories were safe from these threats while still being functional to visitors. In other words, we needed to hide a bunch of email addresses from the outside world while still allowing the outside world to contact those users via their email address. When we got to developing this plugin, we knew we had to provide a solution that was as bulletproof as possible while allowing our clients and customers the most amount of control over things as practical.\u003C\u002Fp>\n\u003Ch4>Ultimately, we needed to create a plugin that would:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Optionally hide or obfuscate email addresses from scrapers and bots securely and confidently. For our use case, email addresses needed to be obfuscated in the source code, the DOM, and in HTTP requests. We took the email address out of the client-side equation completely by just tucking it safely away in the database in a lookup table instead of providing a workaround that simply disguises the email address. We essentially took the email address to a safe house and sent out its representative to interact with the outside world on its behalf. Nobody gets the email, not no way, not no how, see?!?\u003C\u002Fli>\n\u003Cli>Provide users with lots of control over the UX of protected  email addresses, but without the need for cumbersome configuration. We decided a shortcode with some good options and sensible defaults would foot the bill for most users.\u003C\u002Fli>\n\u003Cli>Be performant in capabilities, lightweight in footprint, and opinionated in scope.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The client was very pleased with the end-result and so were we. So, we decided to offer it back to the community. Our development team reviewed and scrutinized the existing plugin, found areas for improvements and further customizations, and baked them right in for everyone to use.\u003C\u002Fp>\n\u003Ch3>Who Is It For?\u003C\u002Fh3>\n\u003Cp>Site administrators and content editors\u002Fmoderators. Anyone with a WordPress site that would like the peace of mind of knowing that their user’s email addresses are safely hidden from spam bots and other unintended consumers with ill intent. Content creators that don’t want to worry about the complications and time expenditure of dealing with and managing their user base getting spammed from their platform. And especially when any of the above mentioned require some level of control over what’s displayed to their users, who may very well be their customers or clients or patients, etc…It’s for site builders that want protection AND customization without being overwhelmed.\u003C\u002Fp>\n\u003Ch3>What Problems Does It Solve?\u003C\u002Fh3>\n\u003Cp>Contact Camo hides or obfuscates email addresses in the source code AND the DOM. Not only this, it ensures the unobfuscated email address is never used in any page or ajax request from its originating context; all handling\u002Fprocessing is done server-side. Once obfuscated, the client-side never sees the original email address again (where obfuscated). The obfuscation (key) is a hash that is stored in a lookup table with the original email address.\u003C\u002Fp>\n\u003Cp>A few of the limitations we found in some existing (but great) plugins:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>email address only obfuscated in DOM, but not in source code\u003C\u002Fli>\n\u003Cli>email address only obfuscated in source code, but not in the DOM\u003C\u002Fli>\n\u003Cli>integrating with a 3rd-party service that scrapes entire pages and performs a search-and-replace of email addresses with obfuscated versions in the source code\u003C\u002Fli>\n\u003Cli>email address obfuscation using only html entities replacement\u003C\u002Fli>\n\u003Cli>few options for control   ling output\u003C\u002Fli>\n\u003Cli>no contact form or fallback options\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>How Does It Work?\u003C\u002Fh3>\n\u003Cp>Contact Camo provides a simple shortcode that can be used to manually obfuscate or hide email addresses and control how those email address are presented back to the end-user.\u003C\u002Fp>\n\u003Cp>This shortcode’s eventual default output is a clickable link with the obfuscated email address’s generated hash stored in a data attribute. On click, this hash is used to lookup the email address (or generate and store a new hash in your database for that email if one doesn’t already exist) and then open the browser’s configured email client with the “To” field pre-populated with the corresponding email address.\u003C\u002Fp>\n\u003Cp>The shortcode accepts several parameters for overriding the default output. Output a button instead of a link, add CSS classes, change the text output, etc… The sky’s the limit for display.\u003C\u002Fp>\n\u003Cp>The shortcode also has parameters for displaying an embedded contact form or an optional modal popup contact form instead of a clickable link that opens the browser’s default email client.\u003C\u002Fp>\n\u003Ch3>What is Hide vs Obfuscate?\u003C\u002Fh3>\n\u003Cp>For our plugin, we wanted to give site administrators the option to either completely hide the email address and never let any end content consumer see any piece of the email, or to hide the email until requested and reveal it in context after a specific action is taken.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Hiding the email address:\u003C\u002Fstrong> The site visitor will never see the email address, and instead only be presented a popup contact form that submits and mails through ajax. This option totally hides the email, and it will never be revealed unless the emailed recipient emails the form submitter back.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Obfuscating the email address:\u003C\u002Fstrong> The site visitor will not see the email address until the contact button (or link) is clicked. On click, the email address will be revealed and the visitor can copy or mail to that address.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>What Can I Do With It?\u003C\u002Fh3>\n\u003Cp>We chose to err on the side of simplicity, balanced with enough options as to be useful. To this, we default to an anchor tag output, or – if overridden – a clickable button. We give the user control over which of these as well as css classes and an id. The text output is configurable. And with one option, you can have a modal contact form popup when users click on your link. All without showing the email address you want to use, but hide. Hide for real for real.  The plugin includes template files if you wish to really change the output, like maybe you want a different wrapper, or need to include some custom data attributes for javascript to use. We thought about adding all that level of configuration to our shortcode, but figured if you were at that point, you’d probably also know how to edit a template file 😉\u003C\u002Fp>\n\u003Ch4>Basic Usage:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ccode>[contactcamo email=\"contact@example.com\"]\u003C\u002Fcode>\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>output: a basic anchor tag with default text\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ccode>[contactcamo email=\"contact@example.com\" label=\"Contact Us\" form=true button=true]\u003C\u002Fcode>\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>output: a clickable button with text that says “Contact Us”.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ccode>[contactcamo email=\"contact@example.com\" label=\"Contact Us\" form=true button=true popup=true]\u003C\u002Fcode>\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>output: a clickable button with text that says “Contact Us” that, when click, pops up a modal contact form\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ccode>[contactcamo email=\"contact@example.com\" subject=\"ContactCamo\" class=\"mail-icon-lg mail-link\"]\u003C\u002Fcode>\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>output: a link with default text typographically styled along with an inline mail icon\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ccode>[contactcamo email=\"contact@example.com\" id=\"one-contactcamo-to-rule-them-all\" label=\"Fly, You Fools!\" button=true class=\"btn btn-lg btn-lt-blue mail-icon-sm\"]\u003C\u002Fcode>\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>output: a large, light blue clickable button with text that says “Fly, You Fools!” along with an inline mail icon\u003C\u002Fp>\n\u003Ch4>Shortcode Parameters\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>email\u003C\u002Fstrong> \u003Cem>required string\u003C\u002Fem>\u003Cbr \u002F>\nthe email address to be obfuscated\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>label\u003C\u002Fstrong> \u003Cem>optional string default=”Email”\u003C\u002Fem>\u003Cbr \u002F>\nthe text output\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>subject\u003C\u002Fstrong> \u003Cem>optional string\u003C\u002Fem>\u003Cbr \u002F>\nthe text to populate mail subject lines\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>class\u003C\u002Fstrong> \u003Cem>optional string\u003C\u002Fem>\u003Cbr \u002F>\nthe css class(es) to add to the anchor\u002Fbutton html output, space delimited\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>id\u003C\u002Fstrong> \u003Cem>optional string\u003C\u002Fem>\u003Cbr \u002F>\nthe css id to add to the anchor\u002Fbutton html output\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>form\u003C\u002Fstrong> \u003Cem>optional boolean default=false\u003C\u002Fem>\u003Cbr \u002F>\nif true, output contact form in place of link\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>popup\u003C\u002Fstrong> \u003Cem>optional boolean default=false\u003C\u002Fem>\u003Cbr \u002F>\nif true, output link that opens modal contact form on click\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>button\u003C\u002Fstrong> \u003Cem>optional boolean default=false\u003C\u002Fem>\u003Cbr \u002F>\nif true, output link as a clickable button instead of an anchor tag\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>There is also an admin page for Contact Camo. From this page, you can configure where the contact form redirects after form submission.\u003C\u002Fp>\n","Contact Camo protects email addresses by obfuscating or completely hiding them in both the source code and the DOM.",2837,"2026-03-06T16:51:00.000Z","8.0",[20,135,21,22,69],"antispam","https:\u002F\u002Fplanleft.com\u002Fcontactcamo","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fplanleft-contact-camo.1.0.22.zip",{"attackSurface":139,"codeSignals":150,"taintFlows":158,"riskAssessment":159,"analyzedAt":171},{"hooks":140,"ajaxHandlers":141,"restRoutes":142,"shortcodes":143,"cronEvents":149,"entryPointCount":28,"unprotectedCount":29},[],[],[],[144],{"tag":145,"callback":146,"file":147,"line":148},"obfuscate_email","neotrendy_email_address_obfuscation_shortcode","email-address-obfuscation.php",57,[],{"dangerousFunctions":151,"sqlUsage":152,"outputEscaping":154,"fileOperations":29,"externalRequests":29,"nonceChecks":29,"capabilityChecks":29,"bundledLibraries":157},[],{"prepared":29,"raw":29,"locations":153},[],{"escaped":155,"rawEcho":29,"locations":156},3,[],[],[],{"summary":160,"deductions":161},"The email-address-obfuscation plugin v1.2.0 exhibits a generally positive security posture based on the static analysis provided. The code adheres to good practices by not utilizing dangerous functions, employing prepared statements for all SQL queries, and properly escaping all identified output.  The absence of file operations and external HTTP requests further reduces the potential attack surface. However, a significant concern arises from the lack of any explicit nonce or capability checks, particularly given the presence of a shortcode. This means that any user, regardless of their logged-in status or role, could potentially interact with the shortcode's functionality. The vulnerability history reveals one known CVE, a medium-severity Cross-site Scripting (XSS) vulnerability, which is noted as currently patched. While this specific vulnerability is addressed, the pattern of past XSS issues, even if resolved, suggests a potential for input sanitization oversight. The overall risk is moderate due to the lack of authorization checks on the shortcode entry point, creating a potential avenue for misuse, despite good coding practices in other areas.",[162,165,168],{"reason":163,"points":164},"Missing capability checks on shortcode",8,{"reason":166,"points":167},"Missing nonce checks on shortcode",7,{"reason":169,"points":170},"One past medium severity XSS vulnerability",5,"2026-03-16T18:40:02.698Z",{"wat":173,"direct":180},{"assetPaths":174,"generatorPatterns":175,"scriptPaths":176,"versionParams":177},[],[],[],[178,179],"email-address-obfuscation\u002Fstyle.css?ver=","email-address-obfuscation\u002Fscript.js?ver=",{"cssClasses":181,"htmlComments":182,"htmlAttributes":183,"restEndpoints":184,"jsGlobals":185,"shortcodeOutput":186},[],[],[],[],[],[187,188,189],"\u003Ca href=\"mailto:","title=\"","\">"]