Summary: Email obfuscation via ROT13
Version: 7 April 2005
Discussion: EProtect-Talk


eProtect is an email obfuscation add-on for PmWiki. It intercepts pages before they are saved, and rewrites email addresses in a protected format.


With the eProtect script [[mailto:username@domain.net]] is automatically replaced with [[hidden-email:hfre@qbznva.arg]] when you save the page you are currently editing. The actual version of this script supports also alternative linktext e.g. [[mailto:username@domain.net | Nice guy]] is then replaced with [[hidden-email:hfre@qbznva.arg | Nice guy]].

Upon viewing the page, this [[hidden-email:]] directive is interpreted by eProtect, and then translated into a small javascript which is programmed to decode the protected address. If you gave an alternative linktext then this linktext is displayed.

Viewing the source code of the page will not reveal the true email address, nor will clicking on the "Edit Page" link.

But beware: Do not use the email-address as alternative text as this would render this script useless.

About Email Obfuscation

Email obfuscation is simple method of obscuring an email address so email harvesters cannot easily extract that information from your website. Email obfuscation is not encryption, so it's not terribly difficult for someone to write a de-obfuscation script, however, my preliminary research indicated that as of 2004, none of the top email harvesters on the market have any such features. BTW: The encoding is ROT13.

Download one


  1. Copy the file adapted for your PHP version to your cookbook/ folder and rename it to "e-protect.php".
  2. Add this line to your config.php file: include_once('cookbook/e-protect.php');
  3. That's it! You're now protected and every [[mailto: statement is automatically converted.


If you uninstall the recipe, any encoded email addresses in your pages need to be rewritten. You can find them by searching for "hidden-email" on your wiki.

Alternatively or additionally, you can add this code to config.php to help with the email recovery:

# Callback function to recover encoded emails (required)
function cb_restore_emails($m) {
  return "mailto:" . str_rot13($m[1]);

# Restore emails on the fly when browsing existing pages
Markup('restore-emails', '<links',
  '/hidden-email:([^\\s|\\]]+)/', 'cb_restore_emails');

# Restore emails in the wikitext when editing a page
$ROEPatterns['/hidden-email:([^\\s|\\]]+)/'] = 'cb_restore_emails';


I did a lot of research on spam, anti-spam, obfuscation, and email harvesters. I found quite a few sites and various methods and approaches. Here are just a few of the (better) sites that I visited.


  • 20231107 Update for PHP 8.2, added section Uninstallation (Petko)
  • 20190708 Update for PHP 7.2 (Petko)
  • 20150815 Add a version compatible php5.5 (AntonyTemplier)
  • 07-Apr-2005 Replaced str_rot13 with strtr with proper parameters. This fixes the issues with @ and with str_rot13 not being available in early versions of PHP. JoachimDurchholz
  • 07-Apr-2005 Changed install directory from local/ to cookbook/ JoachimDurchholz
  • 18-Nov-2004 Conversion and extension for use with PmWiki 2.x Klonk
  • 07-Jan-2005 Found a problem in decoding the email addresses when SideBar and main text contains emails to decode. Moved script to page header. Klonk
  • 29-Jan-2005 Reformatted html links in Resources to prevent ez2ba.com from redirecting to homepage due to trailing space (%20) after URL when page title included in double-brackets. Kevin
  • 15-Feb-2005 Added support for [[text -> mailto:target]] markup Klonk
  • 18-Feb-2005 Fixed bug (missing commenting of Javascript); now produced code is valid XHTML Klonk
  • 18-11-2004 I almost have rewritten it completely to get it working with PmWiki2. The text of this page is also almost copied from PmWiki 1.x. I just added some stuff to point out the changes I added to the script. Comments are welcome... Now I can move my homepage to PmWiki2 ;-) Klonk
  • 11-05-2004 This script was originally written by Steve Leite for PmWiki 1.x.

See Also

  • DeObMail - Unobtrusive e-mail link (de)obfuscator. DeObMail is now included in the PmWiki core. It offers similar protection with human-readable emails for people with JavaScript disabled. Unlike EProtect, DeObMail doesn't encode the addresses in the wiki text.


  • Steve Leite (see PmWiki 1.x Cookbook)
  • Karl Loncarek Klonk


See discussion at EProtect-Talk

User notes +2 -1: If you use, used or reviewed this recipe, you can add your name. These statistics appear in the Cookbook listings and will help newcomers browsing through the wiki.