Small business owners know that making it easy for customers to contact them leads to sales. So, many display their telephone number and email address in a prominent place on their site. Unless that email address is properly encoded, spammer bots can easily harvest it. Thankfully there are several tricks you can use to foil the spam bots and still make it easy for customers to contact you. Read on to discover the old tricks that no longer work and the new ones that do.
There’s one thing that all email addresses have that is different from the surrounding text and that is the @ symbol. So, it’s a simple matter for hackers to program a bot to search a site for that. And, believe it or not, as smart as harvest bots have gotten, that’s still the first thing they look for.
Once upon a time it was easy to foil spam bots that harvested email addresses by simply breaking up the address like this: me (at) my site (dot) com. That removed the @ symbol issue, but hackers soon taught bots to simply look for the word at or the word dot in parenthesis instead.
You’ll still find this trick listed on the official WordPress.org Codex as a way to foil harvest bots. Notice that there is no date on that article. There should be, because it no longer works. (And Google, if you’re listening, you need to date your support files too and/or remove that old stuff that no longer applies or works.)
The other trick you’ll find in that Codex post is to use WordPress’ internal antispam bot code. It looks a like this:
The get_the_author_email part grabs the email address from your WordPress User profile.
This and similar methods still work, and is the best way of protecting your email address from bots. I’m a big believer in putting critically important things directly into the theme code and not relying on a plugin that could go bye-bye at any time. But if you’re not a coder, and you don’t want to hire one, then a plugin is the next best thing.
Send in the Plugin
Email Address Encoder is one of the better plugins for scrambling your email address so that humans can read it and bots can’t. It’s light-weight and works automatically by using the hacker’s own bag of tricks. It simply looks for the @ symbol, assumes it is an email address, and encodes it into a decimal and hexadecimal string that is decoded by the browser so humans can read it.
The plugin does not search the whole site for the @ symbol, just the places an email address is likely to be, such as posts, pages, comments, excerpts and text widgets.
The Surest Way
The best way to protect your email address from bot harvesters is to not display it on your site. Now, that doesn’t mean that you can’t give clients an easy way to contact you. Instead of your email address, use a text link to your Contact page.
The form on your Contact page ensures that you get all of the information you need from your client. That’s what it’s there for, make use of it. And bots will not break that code and steal your email address.
How About You?
Do you display your email address on your site? How do you protect it?