[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fDRslgfWJvUXm4HuAv48aVoyzPuMJF9rWBtNnNQOjgyc":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":17,"download_link":24,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":36,"analysis":134,"fingerprints":225},"tg-email-protection","TG Email Protection","1.0","Ashok Dhamija","https:\u002F\u002Fprofiles.wordpress.org\u002Fashokdhamija\u002F","\u003Cp>Unsolicited email or email spam is a huge problem that netizens have to face on daily basis. It is estimated that about 90% of all emails sent are spam mails. It was estimated that spam cost businesses to the order of $100 billion in the year 2007 [source: Wikipedia]. Spammers use email harvesting spambots or email spider software to automatically collect email addresses displayed on websites. Therefore, displaying email addresses on your websites can be an invitation to the spammers to collect your email addresses and then start sending you spam mail. At the same, it may be necessary to show your contact email addresses to the genuine visitors to your website. So, what is the solution?\u003C\u002Fp>\n\u003Cp>TG Email Protection plugin provides a solution to this issue. Obfuscate or hide the email addresses from the spambots or email spider software, while at the same time displaying the same email addresses to the genuine visitors. Thus, while genuine visitors can see your contact and support email addresses and other email addresses displayed on your websites, the email spider software and spambots cannot automatically harvest your email addresses. For this to happen, obfuscation is used to hide the email addresses included in your WordPress website or blog from spambots and email spider software. This plugin uses different methods to achieve this twin objective in order to fight spam mail and to protect your email addresses. More methods of obfuscating email addresses to conceal them from email spambots may be added to the plugin in future.\u003C\u002Fp>\n\u003Cp>How does the plugin obfuscate an email address? In fact, the plugin uses fast and efficient search of the content being delivered, to search for all email addresses in your content and then to obfuscate them on-the-fly. It happens whenever a page is about to be delivered to your visitor. The contents of your database are NOT changed by the plugin. What the plugin does is something like this: when a visitor requests a post or page to be displayed in the browser (by visiting its URL), WordPress extracts the relevant contents from the database; it is at this time that this plugin steps in and filters these contents in a fast and efficient manner, searching and obfuscating the email addresses found in such contents which have already been extracted or copied from the database. Thus, the contents of your database are not changed at all by this plugin. Only the (copy of the) contents being shown to the visitors are shown in a different (obfuscated) manner. While the visitor will still see the email address as usual, it will be obfuscated or hidden from the email spambots and spider software.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Two options to obfuscate email addresses\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>TG Email Protection plugin offers two different options for obfuscating your email addresses, while at the same time displaying them to the genuine visitors:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Select to automatically obfuscate all email addresses shown on your website. When this option is selected, the plugin will obfuscate all email addresses in your content being delivered to the visitors on-the-fly. When this option is selected, you may still separately and individually disable (or enable) obfuscation of email addresses from specific parts of your contents being delivered, such as the main contents, title, excerpts and comments of the post or page, and also from the blog description \u002F information and widget texts. Email addresses in mailto: format are also supported with this option.\u003C\u002Fli>\n\u003Cli>Use a shortcode to selectively protect or obfuscate each individual email address that you want. Shortcode can be used only when the above setting for automatic obfuscation of email addresses on the website is NOT selected; otherwise, shortcode will NOT do anything. So, please use shortcode only with this understanding. This is for the obvious reason that where you have already selected the option to obfuscate all email addresses on your website, all email addresses are in any case being obfuscated so that there is no need to use shortcode to obfuscate an individual email address.  To use shortcode, use format like this: [tgemail]person@example.com[\u002Ftgemail], where person@example.com is the email being obfuscated. Put this shortcode in any of your posts, pages or widgets, wherever you want to display the email address. Please do NOT use shortcode for email in mailto: format.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Additional options of changing @ and . (DOT) symbols in email addresses:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>TG Email Protection plugin provides you an additional (optional) measure to further obfuscate the email addresses by replacing the @ and . (DOT) symbols in email addresses by something like ‘ (AT) ‘ and ‘ (DOT) ‘ respectively or some other similar text to be chosen by you. While a user can obviously understand what such text stands for, an email spambot may not be able to know that, more so if you use your own custom text which can properly explain its purpose of replacing the @ and . (DOT) symbols in email addresses.\u003C\u002Fp>\n\u003Cp>Once installed, the settings of the TG Email Protection plugin would be available for being changed from the ‘TG Email Protection’ option in the ‘Settings’ menu on the admin screen (back-end) of your WordPress website or blog.\u003C\u002Fp>\n\u003Cp>Detailed instructions have been provided on the settings \u002F options page of TG Email Protection plugin in the admin area. Each setting has been explained in detail.\u003C\u002Fp>\n\u003Cp>You can use this plugin and test the results of obfuscating the email addresses from spambots. In our extensive tests conducted with several email spiders and spambot software, we have found that this plugin is completely successful in hiding the email addresses from the spammers by using innovative and randomized techniques.\u003C\u002Fp>\n\u003Cp>This plugin works on all WordPress websites or blogs. It is a very light-weight plugin.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>About the plugin and our other plugins:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This plugin has been developed by \u003Ca href=\"http:\u002F\u002Ftilakmarg.com\u002Fdr-ashok-dhamija\u002F\" rel=\"nofollow ugc\">Ashok Dhamija\u003C\u002Fa>, who has also developed few other plugins, such as the following:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftg-facebook-comments\u002F\" rel=\"ugc\">TG Facebook Comments\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftg-copy-protection\u002F\" rel=\"ugc\">TG Copy Protection\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftg-customized-tags\u002F\" rel=\"ugc\">TG Customized Tags\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n","Protect email addresses from being harvested by spammers and spambots, obfuscating them. Your visitors can still see email addresses.",50,2276,0,"2015-08-12T02:33:00.000Z","4.2.39","3.0.1","",[19,20,21,22,23],"email","email-obfuscation","email-protection","obfuscate","obfuscator","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftg-email-protection.1.0.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":25,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},"ashokdhamija",3,340,30,84,"2026-04-04T05:36:30.023Z",[37,57,75,97,118],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":47,"num_ratings":48,"last_updated":49,"tested_up_to":50,"requires_at_least":16,"requires_php":17,"tags":51,"homepage":55,"download_link":56,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"humansnotbots","HumansNotBots – Easy, Accessible Email Cloaker","3.2","zingming","https:\u002F\u002Fprofiles.wordpress.org\u002Fzingming\u002F","\u003Cp>This email cloaking method:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>is accessible for people browsing with screen readers (e.g., blind people); \u003C\u002Fli>\n\u003Cli>degrades gracefully for browsers without JavaScript; \u003C\u002Fli>\n\u003Cli>works just like a normal, clickable email address for browsers with JavaScript enabled; and\u003C\u002Fli>\n\u003Cli>requires no shortcodes.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Email addresses in the form \u003Ccode>email AT address DOT com\u003C\u002Fcode> are converted to a clickable version, \u003Ca href=\"mailto:email@address.com\" rel=\"nofollow ugc\">email@address.com\u003C\u002Fa>, if JavaScript is enabled. If JavaScript is not enabled (such as for screen readers), then the email address in the form \u003Ccode>email AT address DOT com\u003C\u002Fcode> is still readable to humans.\u003C\u002Fp>\n","\"email AT address DOT com\" (without quotes) is converted to a clickable version of email@address.com if JavaScript is enabled.",200,8687,100,2,"2013-12-28T06:34:00.000Z","3.7.41",[19,52,20,53,54],"email-munger","email-obfuscator","spam","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fhumansnotbots\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhumansnotbots.3.2.zip",{"slug":58,"name":59,"version":60,"author":61,"author_profile":62,"description":63,"short_description":64,"active_installs":13,"downloaded":65,"rating":13,"num_ratings":13,"last_updated":66,"tested_up_to":67,"requires_at_least":68,"requires_php":69,"tags":70,"homepage":17,"download_link":74,"security_score":47,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"whoknew-shield","WhoKnew Shield — Contact Obfuscation & Bot Protection","2.0.0","WhoKnew.io","https:\u002F\u002Fprofiles.wordpress.org\u002Fwhoknewio\u002F","\u003Cp>\u003Cstrong>WordPress spam protection plugin\u003C\u002Fstrong> — Stop bots from harvesting your email addresses, phone numbers, and physical addresses.\u003C\u002Fp>\n\u003Ch3>Why stores and businesses need contact security:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Privacy Risk:\u003C\u002Fstrong> Scrapers harvest emails for spam databases\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Security Threat:\u003C\u002Fstrong> Phone scrapers collect numbers for robocalls, SMS spam, and phishing\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Fraud Prevention:\u003C\u002Fstrong> Address scrapers use your location for junk mail and identity theft\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Passive Exposure:\u003C\u002Fstrong> Contacts in posts, widgets, and footers are often left unprotected\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Bot Evolution:\u003C\u002Fstrong> Modern bots can parse basic HTML encoding\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Comprehensive Coverage:\u003C\u002Fstrong> Every unprotected contact is a potential harvest point\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>WhoKnew Shield uses dual-layer protection to help keep your contact information private.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch4>Free Features (Instant Setup)\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Dual-layer obfuscation\u003C\u002Fstrong> — HTML entities + CSS reversal + JavaScript protection\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Email auto-detection\u003C\u002Fstrong> — Write naturally, automatic protection everywhere\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Click-to-reveal buttons\u003C\u002Fstrong> — One click for visitors; blocks automated scrapers\u003C\u002Fli>\n\u003Cli>\u003Cstrong>JavaScript-protected links\u003C\u002Fstrong> — Emails never appear in HTML source code\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multiple contact types\u003C\u002Fstrong> — Protect emails, phone numbers, and physical addresses\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Shortcodes\u003C\u002Fstrong> — \u003Ccode>[whoknew_shield]\u003C\u002Fcode> for precise control when needed\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Strictness controls\u003C\u002Fstrong> — 3 detection levels to balance protection vs false positives\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Modern admin UI\u003C\u002Fstrong> — Clean, intuitive dashboard\u003C\u002Fli>\n\u003Cli>\u003Cstrong>No locked features\u003C\u002Fstrong> — Everything in free plugin is fully functional\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Works with any theme\u003C\u002Fstrong> — Page builders, Gutenberg, Classic Editor, WooCommerce\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Cache-compatible\u003C\u002Fstrong> — Works with WP Rocket, LiteSpeed, W3 Total Cache, SG Optimizer\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Pro Features ($48\u002Fyear)\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Phone protection & address protection\u003C\u002Fstrong> — Auto-detect ALL contact types automatically\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Web Application Firewall (WAF)\u003C\u002Fstrong> — Scraper Trap™ honeypot defense catches bots in action\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WhoKnew Intelligence™ Network\u003C\u002Fstrong> — Community-powered blacklist with daily-updated threat intelligence from Shield Pro users worldwide\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Bot blocker with automatic IP blocking\u003C\u002Fstrong> — Block caught scrapers site-wide (1hr to permanent)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Analytics Dashboard\u003C\u002Fstrong> — Visual charts, geographic heat maps, threat intelligence\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Competitor shortcode support\u003C\u002Fstrong> — Supports Email Address Encoder, Neotrendy, Email Encoder Bundle, Antispambot shortcodes\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Advanced encryption\u003C\u002Fstrong> — Domain-specific rotating keys (changes every 15 minutes)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom obfuscation engine\u003C\u002Fstrong> — Create your own scraper protection patterns\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Geographic tracking\u003C\u002Fstrong> — See where attacks originate with country-level data\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom block pages\u003C\u002Fstrong> — Show your message to blocked bots\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Email alerts\u003C\u002Fstrong> — Get notified when threats are detected\u003C\u002Fli>\n\u003Cli>\u003Cstrong>IP whitelist\u002Fblacklist\u003C\u002Fstrong> — Complete control over access\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Priority support\u003C\u002Fstrong> — Direct access to our team\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>No coding. Works with any WordPress theme. Set it once, protect everything.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwhoknew.io\u002Fplugin\u002Fwhoknew-shield\u002F\" rel=\"nofollow ugc\">Upgrade to Pro \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan>\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fwhoknew.io\u002Fwhoknew-shield\u002F\" rel=\"nofollow ugc\">View Features\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Why Auto-Detection Matters\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Manual shortcode plugins require wrapping every contact individually:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Easy to forget contacts in old posts, footer widgets, page builder sections\u003C\u002Fli>\n\u003Cli>Manually wrapping every contact in shortcodes is time-consuming and error-prone\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Shield’s auto-detection ensures nothing slips through\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Write naturally. Shield finds and protects contacts automatically. No gaps. No missed emails.\u003C\u002Fp>\n\u003Ch3>Plugin Switching\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Switch from other email protection plugins with no broken pages:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Email Address Encoder\u003C\u002Fstrong> — \u003Ccode>[encode]\u003C\u002Fcode> shortcodes work immediately\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Email Obfuscation by Neotrendy\u003C\u002Fstrong> — \u003Ccode>[obfuscate_email]\u003C\u002Fcode> supported\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Email Encoder Bundle\u003C\u002Fstrong> — \u003Ccode>[eeb_protect_emails]\u003C\u002Fcode>, \u003Ccode>[eeb_mailto]\u003C\u002Fcode> compatible\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Antispambot\u003C\u002Fstrong> — All shortcodes work with stronger dual-layer protection\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Just activate Shield Pro and deactivate the old plugin. All existing shortcodes continue working. No find-and-replace needed across your posts.\u003C\u002Fp>\n\u003Ch3>Web Application Firewall (WAF) — Pro Feature\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Active scraper defense beyond passive hiding:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>The Pro version includes WAF capabilities through Scraper Trap™ honeypots:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Hidden honeypot traps\u003C\u002Fstrong> invisible to real users but attractive to bots\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Automatic blocking\u003C\u002Fstrong> — Caught bots are banned site-wide\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Threat intelligence\u003C\u002Fstrong> — See attack patterns, geographic origins, bot signatures\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Real-time analytics\u003C\u002Fstrong> — Visual charts showing when and where attacks happen\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Privacy protection\u003C\u002Fstrong> — Stop bots before they harvest any contact information\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Security monitoring\u003C\u002Fstrong> — Know exactly who tried to scrape your site\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This turns passive protection into active security. You’re not just hiding contacts — you’re catching and blocking malicious bots.\u003C\u002Fp>\n\u003Ch3>WhoKnew Intelligence™ — Community Blacklist Network (Pro)\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Collaborative threat protection:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Shield Pro users can join the WhoKnew Intelligence™ network to share threat data and download a community-powered blacklist:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Daily-updated blocklist\u003C\u002Fstrong> — Block known scrapers before they reach your site\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Anonymous contribution\u003C\u002Fstrong> — Optionally share caught IPs to help protect the community\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Live threat intelligence\u003C\u002Fstrong> — Benefit from detections across Shield Pro sites\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Pre-emptive blocking\u003C\u002Fstrong> — Stop bots that attacked other sites before they find yours\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Community-powered security\u003C\u002Fstrong> — The more sites that join, the stronger the protection\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>When you catch a bot with Scraper Trap™ honeypots, you can anonymously share that IP to protect other Shield users. In return, you get access to a constantly-updated blocklist of confirmed threats.\u003C\u002Fp>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>This plugin displays links in the WordPress admin area that point to whoknew.io, the author’s website. These links are used to provide upgrade information, pricing, and documentation for the optional Pro add-on.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>WhoKnew.io (Plugin Author Website)\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>What it is: whoknew.io is the website of the plugin author (WhoKnew). It hosts the Pro upgrade page, documentation, and support resources for this plugin.\u003C\u002Fp>\n\u003Cp>What data is sent and when: The free plugin does not automatically transmit any data to whoknew.io or any other external server. The admin UI contains standard upgrade and documentation links; clicking those links takes you to the whoknew.io website in your browser, subject to normal browser behaviour. No data is collected, tracked, or sent without user action.\u003C\u002Fp>\n\u003Cp>Note on the optional Pro add-on: If you separately purchase and activate WhoKnew Shield Pro, that add-on may connect to whoknew.io for licence validation and to download the WhoKnew Intelligence™ community blocklist (an opt-in feature). Those connections are documented in the Pro add-on itself.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Terms of Service: https:\u002F\u002Fwhoknew.io\u002Fterms\u002F\u003C\u002Fli>\n\u003Cli>Privacy Policy: https:\u002F\u002Fwhoknew.io\u002Fprivacy\u002F\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Third-Party Libraries\u003C\u002Fh3>\n\u003Cp>WhoKnew Shield Free does not use any third-party libraries or external services. All code is self-contained within the plugin. No CDN dependencies, no external API calls, no data transmission to third-party servers.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Bundled Data: IANA Root Zone Database\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>The plugin bundles a static copy of the Internet Assigned Numbers Authority (IANA) Root Zone Database (\u003Ccode>data\u002Fiana-tlds.txt\u003C\u002Fcode>). This file is used exclusively for offline TLD validation when email detection is set to Strict mode — it is never loaded, transmitted, or used outside of that context.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Source:\u003C\u002Fstrong> https:\u002F\u002Fdata.iana.org\u002FTLD\u002Ftlds-alpha-by-domain.txt\u003C\u002Fli>\n\u003Cli>\u003Cstrong>License:\u003C\u002Fstrong> Public domain \u002F IANA (no restrictions on use)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Usage:\u003C\u002Fstrong> Bundled locally; no runtime HTTP request is made to IANA\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Updates:\u003C\u002Fstrong> The file is updated with each plugin release to reflect newly delegated TLDs\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Privacy by Design:\u003C\u002Fstrong>\u003Cbr \u002F>\n– All protection runs locally on your WordPress server\u003Cbr \u002F>\n– No external scripts loaded from CDNs\u003Cbr \u002F>\n– No tracking or analytics sent to external services\u003Cbr \u002F>\n– Complete data sovereignty — everything stays in your database\u003Cbr \u002F>\n– GDPR-friendly architecture with zero external dependencies\u003C\u002Fp>\n","Stop spam bots from harvesting emails, phones & addresses. Dual-layer protection with auto-detection.",198,"2026-03-04T09:15:00.000Z","6.9.4","5.8","7.4",[71,72,20,21,73],"bot-blocker","email-encoder","spam-protection","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwhoknew-shield.2.0.0.zip",{"slug":76,"name":77,"version":78,"author":79,"author_profile":80,"description":81,"short_description":82,"active_installs":83,"downloaded":84,"rating":47,"num_ratings":85,"last_updated":86,"tested_up_to":67,"requires_at_least":87,"requires_php":88,"tags":89,"homepage":17,"download_link":93,"security_score":94,"vuln_count":95,"unpatched_count":13,"last_vuln_date":96,"fetched_at":27},"email-address-obfuscation","Email Address Obfuscation","1.2.0","Neotrendy","https:\u002F\u002Fprofiles.wordpress.org\u002Fneotrendy\u002F","\u003Cp>A lightweight plugin that protects email addresses from email-harvesting bots, by converting email addresses characters to HTML entities. Hide email from Spam Bots using a shortcode \u003Ccode>[obfuscate_email]\u003C\u002Fcode> and built-in WordPress function \u003Ca href=\"https:\u002F\u002Fdeveloper.wordpress.org\u002Freference\u002Ffunctions\u002Fantispambot\u002F\" title=\"antispambot\" rel=\"nofollow ugc\">antispambot()\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Obfuscate plain email address\u003C\u002Fli>\n\u003Cli>Obfuscate href mailto link in HTML anchor element\u003C\u002Fli>\n\u003Cli>Support for custom CSS class\u003C\u002Fli>\n\u003Cli>Support for email subject\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Usage\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Obfuscate plain email address\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[obfuscate_email email=\"your@email.com\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Create clickable email address\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[obfuscate_email email=\"your@email.com\" link=true]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Add CSS class to the HTML anchor element\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[obfuscate_email email=\"your@email.com\" link=true class=\"my-class another-class\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Obfuscate email address with email subject\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[obfuscate_email email='your@email.com?subject=My custom email subject']\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>Shortcode parameter\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ccode>email\u003C\u002Fcode> required – Email address.\u003C\u002Fli>\n\u003Cli>\u003Ccode>link\u003C\u002Fcode> optional – Set true if you want to create clickable email address.\u003C\u002Fli>\n\u003Cli>\u003Ccode>class\u003C\u002Fcode> optional – Add space separated list of classes.\u003C\u002Fli>\n\u003C\u002Ful>\n","Email Address Obfuscation prevents email harvesting by hiding email address appearing in your pages, while remaining visible to your site visitors.",2000,10615,4,"2025-11-28T10:30:00.000Z","2.5","5.6",[90,19,22,91,92],"anti-spam","obfuscation","protect","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Femail-address-obfuscation.1.2.0.zip",99,1,"2024-12-03 23:42:14",{"slug":98,"name":99,"version":100,"author":101,"author_profile":102,"description":103,"short_description":104,"active_installs":105,"downloaded":106,"rating":107,"num_ratings":108,"last_updated":109,"tested_up_to":110,"requires_at_least":111,"requires_php":17,"tags":112,"homepage":115,"download_link":116,"security_score":94,"vuln_count":95,"unpatched_count":13,"last_vuln_date":117,"fetched_at":27},"pixelines-email-protector","Pixeline's Email Protector","1.4.0","pixeline","https:\u002F\u002Fprofiles.wordpress.org\u002Fpixeline\u002F","\u003Cp>This plugin provides an unobtrusive yet efficient protection against email harvesters \u002F spambots. Here is a \u003Ca href=\"https:\u002F\u002Fpixeline.be\u002Fblog\u002Femail-protector-demo-4258.html\" rel=\"nofollow ugc\">demo\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Post\u002Fpage authors may write email addresses in their article in the usual format (“john@doe.com”) without exposing them to spam email harvesters. The plugin takes care of the obfuscation, implementing a graceful degradation technique focusing on usability so as to protect your email addresses from harvesters while keeping them usable to your human visitors.\u003C\u002Fp>\n\u003Cp>The plugin replaces any email address found in posts, pages, comments and excerpts, and replace them by a bit of html markup that should deceive most email harvesters: \u003Ccode>\u003Cspan class=\"email\">john(replace the parenthesis by @)doe.com\u003C\u002Fspan>\u003C\u002Fcode>.\u003Cbr \u002F>\nIf javascript is available, it will display a clickable link and display the original email to the human user. Maximum usability, maximum protection.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Please \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fpixelines-email-protector\u002F\" rel=\"ugc\">rate the plugin\u003C\u002Fa> if you like it.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Cp>Write your email addresses inside your posts and pages as usual. When the plugin is activated, it will replace them by a human-readable html string that explains how to deduce the email address, and if javascript is available (99.9% of the time), the original email address will be displayed as a clickable mailto: link. For example:\u003Cbr \u002F>\n    Hello john@doe.com. How are you today?\u003Cbr \u002F>\nwill become\u003Cbr \u002F>\n    John( replace these parenthesis by @ )doe.com.\u003C\u002Fp>\n\u003Cp>Additionally, you can specify what the mailto: link should look like by sticking a parenthesis inside of which you put the visible link text, like this:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>Hello john@doe.com(John Doe). How are you today?\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>will become\u003Cbr \u002F>\n    John( replace these parenthesis by @ )doe.com.\u003C\u002Fp>\n\u003Ch4>inside a theme\u003C\u002Fh4>\n\u003Cp>If you need to protect emails inside your Theme’s files (like the footer.php for example), you can use the function safe_email() like this:\u003C\u002Fp>\n\u003Cpre>\u003Ccode> echo safe_email('you@domain.com'); \u003Ch3>Contribute\u003C\u002Fh3>\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Github repo: https:\u002F\u002Fgithub.com\u002Fpixeline\u002Fpixeline-email-protector\u003C\u002Fp>\n","Write email addresses without worrying about spambots and email harvesters.",900,21465,86,8,"2025-09-06T20:47:00.000Z","6.8.5","2.7",[113,19,114,22,54],"address","harvest","https:\u002F\u002Fpixeline.be","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpixelines-email-protector.1.4.0.zip","2025-09-09 00:00:00",{"slug":119,"name":120,"version":121,"author":122,"author_profile":123,"description":124,"short_description":125,"active_installs":45,"downloaded":126,"rating":47,"num_ratings":95,"last_updated":127,"tested_up_to":67,"requires_at_least":128,"requires_php":69,"tags":129,"homepage":17,"download_link":133,"security_score":47,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"email-no-bot","Email No Bot – Prevent bots from detecting emails","0.0.3","Jose Mortellaro","https:\u002F\u002Fprofiles.wordpress.org\u002Fgiuse\u002F","\u003Cp>With Email No Bot humans will see the emails that you write using the \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FShortcode\" rel=\"nofollow ugc\">shortcode\u003C\u002Fa> [hide_email email=”example@mail.com”], but robots will not.\u003C\u002Fp>\n\u003Cp>The user will not be able to copy the email in the clipboard. If you think this is a problem, this plugin is not for you.\u003C\u002Fp>\n\u003Cp>Looking at the screen you can see the email, but if you inspect elements, instead of the email you will see something strange, and not predictable. That’s what a bot will also see.\u003C\u002Fp>\n\u003Cp>The output is something very random for the bot, and even if the code of this plugin is open source, no bot will be able to decrypt the email.\u003C\u002Fp>\n\u003Cp>There are amazing plugins for contact forms, but sometimes what you really need is just an email that people can use to contact you.\u003Cbr \u002F>\nContact forms are so popular because a bot will not be able to get your email, but if you have a way to prevent bots from getting your email, you can simply add it to your page without the need of a contact form. Your page will be lighter and simple.\u003C\u002Fp>\n\u003Cp>Email No Bot has no settings page, it doesn’t write anything in the database, and it doesn’t load any asset on frontend, it just provides a shortcode, that’s it.\u003C\u002Fp>\n\u003Ch3>How to encrypt an email with Email No Bot\u003C\u002Fh3>\n\u003Cp>To encrypt an email use the shortcode \u003Cstrong>[hide_email email=”example@mail.com”]\u003C\u002Fstrong>.\u003Cbr \u002F>\nOf course, replace example@mail.com with the email that you want to display.\u003Cbr \u002F>\nYou can see an example and see how it works on the blog post \u003Ca href=\"https:\u002F\u002Fjosemortellaro.com\u002Fprevent-bots-from-getting-emails-from-your-website\u002F\" rel=\"nofollow ugc\">Prevent bots from getting emais from your website\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Main features of Email No Bot\u003C\u002Fh3>\n\u003Cp>It obfuscate emails with 52 lines of code! The entire zip is less than 3 kB. No complicated settings, no database queries, no assets, nothing else than a shortcode. You will have no spam at zero cost in terms of performance. The weight of this plugin similar to the weight of \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fhello-dolly\u002F\" rel=\"ugc\">Hello Dolly\u003C\u002Fa>.\u003Cbr \u002F>\nYou can see here the \u003Ca href=\"https:\u002F\u002Fplugintests.com\u002Fplugins\u002Fwporg\u002Femail-no-bot\u002Flatest\" rel=\"nofollow ugc\">consumption of Email No Bot\u003C\u002Fa>. As you will see it’s not measurable.\u003C\u002Fp>\n\u003Ch3>Limitations of Email No Bot\u003C\u002Fh3>\n\u003Cp>The user will not be able to copy the email in the clipboard. But this is also what makes this plugin so powerful against spam bots.\u003C\u002Fp>\n\u003Ch3>Similar plugin to hide links\u003C\u002Fh3>\n\u003Cp>If you need something similar to hide links, you can try \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fhide-link\u002F\" rel=\"ugc\">Hide Link\u003C\u002Fa>\u003C\u002Fp>\n","Humans will see the email address on your page, but robots will not.",6485,"2025-12-05T09:20:00.000Z","4.6",[130,20,131,132,73],"email-encryption","no-bot","spam-email","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Femail-no-bot.0.0.3.zip",{"attackSurface":135,"codeSignals":182,"taintFlows":212,"riskAssessment":213,"analyzedAt":224},{"hooks":136,"ajaxHandlers":174,"restRoutes":175,"shortcodes":176,"cronEvents":181,"entryPointCount":95,"unprotectedCount":13},[137,143,147,152,155,159,163,166,169,171],{"type":138,"name":139,"callback":140,"file":141,"line":142},"action","admin_menu","tg_email_protection_add_page","tg-email-protection.php",31,{"type":138,"name":144,"callback":145,"file":141,"line":146},"admin_init","tg_email_protection_admin_init",74,{"type":148,"name":149,"callback":150,"file":141,"line":151},"filter","widget_text","shortcode_unautop",480,{"type":148,"name":149,"callback":153,"file":141,"line":154},"do_shortcode",481,{"type":148,"name":156,"callback":157,"file":141,"line":158},"the_content","tg_email_protection_modify_email",491,{"type":148,"name":160,"callback":161,"file":141,"line":162},"the_title","tg_email_protection_modify_email2",494,{"type":148,"name":164,"callback":161,"file":141,"line":165},"get_the_excerptz",497,{"type":148,"name":167,"callback":161,"file":141,"line":168},"comment_text",500,{"type":148,"name":149,"callback":161,"file":141,"line":170},503,{"type":148,"name":172,"callback":161,"file":141,"line":173},"bloginfo",506,[],[],[177],{"tag":178,"callback":179,"file":141,"line":180},"tgemail","tg_email_protection_shortcode",479,[],{"dangerousFunctions":183,"sqlUsage":184,"outputEscaping":186,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":211},[],{"prepared":13,"raw":13,"locations":185},[],{"escaped":13,"rawEcho":187,"locations":188},11,[189,192,194,196,198,200,202,204,206,207,209],{"file":141,"line":190,"context":191},229,"raw output",{"file":141,"line":193,"context":191},244,{"file":141,"line":195,"context":191},259,{"file":141,"line":197,"context":191},274,{"file":141,"line":199,"context":191},289,{"file":141,"line":201,"context":191},304,{"file":141,"line":203,"context":191},319,{"file":141,"line":205,"context":191},330,{"file":141,"line":32,"context":191},{"file":141,"line":208,"context":191},351,{"file":141,"line":210,"context":191},361,[],[],{"summary":214,"deductions":215},"The tg-email-protection v1.0 plugin exhibits a strong security posture in several key areas, particularly regarding its handling of SQL queries and lack of external HTTP requests. The absence of any recorded vulnerabilities or CVEs in its history is a positive indicator, suggesting a history of responsible development or a lack of historical scrutiny. The static analysis also shows a minimal attack surface with no reported dangerous functions or file operations.\n\nHowever, a significant concern arises from the complete lack of output escaping in all identified output points. This presents a considerable risk of Cross-Site Scripting (XSS) vulnerabilities, where malicious scripts could be injected and executed within the WordPress environment. Furthermore, the absence of nonce and capability checks across all entry points, including its sole shortcode, means that any user, regardless of their privileges, could potentially trigger the plugin's functionality, opening it up to unauthorized actions or information disclosure.\n\nWhile the plugin has a clean vulnerability history and good practices in data handling (SQL prepared statements), the critical findings of unescaped output and missing authorization checks on its shortcode introduce substantial security weaknesses. These issues require immediate attention to mitigate potential XSS and unauthorized access risks.",[216,219,222],{"reason":217,"points":218},"No output escaping",20,{"reason":220,"points":221},"No nonce checks on shortcode",10,{"reason":223,"points":221},"No capability checks on shortcode","2026-03-16T22:02:35.417Z",{"wat":226,"direct":231},{"assetPaths":227,"generatorPatterns":228,"scriptPaths":229,"versionParams":230},[],[],[],[],{"cssClasses":232,"htmlComments":233,"htmlAttributes":234,"restEndpoints":235,"jsGlobals":236,"shortcodeOutput":237},[],[],[],[],[],[238,239],"[tgemail]","[\u002Ftgemail]"]