Hikari Email & URL Obfuscator

Spam is website publishers #1 concern, we wanna share our and our visitors’ emails to those who should have access to them, but don’t want spam harvesters stealing them and sending garbage to us. A lot of techniques had been developed to hide our emails from these delinquents, while having them shown to real people.

And together with spam harvesting, on 15 June 2009, Matt Cutts, a well known software engineer of Google, announced that Google Bot will no longer ignore nofollowed links for PageRank, and now we lose PR/link juice for every link we add to our pages, even if we use rel=”nofollow” on them. So, now we must hide links from Search Engines too!

I’ve been searching for an ultimate obfuscation solution for both emails and URLs, that would be user-friendly for me the content publisher, and for my visitors. I’ve seen a lot of solutions, some that inspired me, but none that would fit my needs. It was time to start coding 🙂

Hikari Email & URL Obfuscator plugin obfuscates emails and URL links, to hide them from spam harvesters and Search Endigne crawlers. It uses ROT13 or cc8b to encode each link while PHP is building the page, then uses JavaScript to decode it and show it to the user. If JavaScript is not available, it uses CSS to hide them.

It doesn’t use shortcodes, it works directly over HTML links, parsing and obfuscating them. By default it filters all texts in posts, comments, comments authors and text widgets, but you can manually use it anywhere you want.

Basically, Hikari Email & URL Obfuscator plugin searches for links that contain URLs and emails on their href atrribute. For each found link, it is replaced by an obfuscated string, and a JavaScript function is called, having in its parameters the required data for JavaScript to decode and recreate the original link.

The obfuscated string is then merged back by CSS to a readable URL/email text, so that human visitors can read it while spam harvesters and searchbots will not be able to detect it as a valid email/URL.

And, for JavaScript-enabled visitors, this string is replaced by a link with the exact same behavior and attributes of your original link, so that they can interact with it as if there was no obfuscation in place!
(Really, there is no way to diferenciate an obfuscated link generated by JavaScript from the original link, unless the HTML document’ source is verified or a development tool as FireBug is used!)

It uses 4 obfuscation techniques, 2 JavaScript solutions and 2 CSS alternatives for JavaScript-disabled browsers.

For CSS, it may revert the link string while PHP is building the page and then CSS reverts it back. Or it may add garbage text between the link, and CSS prevents this extra text from being rendered, so any user-agent that doesn’t use CSS can’t find the link but browsers show it clearly.

Now, when JavaScript is available, it is delivered with the original link, encoded using ROT13 or cc8b by PHP. The link is then decoded back by JavaScript and added to the page, so that real users don’t even notice the original link was replaced.

And, disregarding the used technique, we content publishers must do nothing different while building our content, just activate the plugin and it does everything else for us 🙂

I dedicate Hikari Email & URL Obfuscator to Ju, my beloved frient ^-^

Features

• Works instantly, no need to edit your posts to have your links obfuscated: Hikari Email & URL Obfuscator plugin automatically detects them and starts obfuscating as soon as it is activated.
• Unobstructive JavaScript: links are obfuscated and shown for visitors with and without JavaScript, forget those “you must enabled javascript to see this email” messages!
• They are real links!: any attribute you can use in an <a> tag you also can use in obfuscated links (JavaScript version only).
• Customization: CSS doesn’t let we have real links, but we can at least choose if our obfuscated text will have email only, text only, or both!
• XHTML 1.1 valid: obfuscated links and JavaScript code are valid even in XHTML 1.1 standard. It makes the plugin valid inclusive in HTML 4.0, XHTML 1.0 Strict, XHTML 1.0 Transitional and HTML5!

Advantages over other obfuscation solutions

• Your visitors will see your emails and URLs even if they keep JavaScript disabled.
• Automatic: you don’t need to take special actions to start obfuscating, as using shortcodes in place of links or an external tool to get your obfuscation code. Just normally use your links in your posts and let the plugin do the rest!
• Sitewide: instantly works in your existing posts, pages, comments and text widgets, just after you activate it.
• Diversity: for each link, it randomly chooses between 2 CSS and 2 JavaScript obfuscation methods, making it harder for spammers to crack it.
• Extensible: you can call it manually, and add it to other plugins and themes filters.
• Customizable: use custom parameters to force or avoid specific links from being obfuscated, and to define how non-JavaScript obfuscation will behave.