Email Encoder

Security is a consideration if you have a website. There are concerns even if you don’t have users. I manage a some personal servers and websites on a slew of different hosts. I got an email this morning about a botnet attack on a WordPress login and I fixed it with a couple simple web server rules. It got me thinking about other security rule and I’ve added some documentation @ /docs/security/

Email addresses should never be published on the web. I do recommend publishing a clickable email address in either your header of footer alongside of a phone number, but I insist on obfuscating all email addresses. Most folks don’t know about this, so I’ve added the feature into the theme using this popular open source email encoder:

/** 
https://github.com/tillkruss/email-encoder/blob/ad2c32d70d99384fccd29c14eab82da9d23d821b/email-address-encoder.php
**/

/**
 * Encodes each character of the given string as either a decimal
 * or hexadecimal entity, in the hopes of foiling most email address
 * harvesting bots.
 *
 * Based on Michel Fortin's PHP Markdown:
 *   http://michelf.com/projects/php-markdown/
 * Which is based on John Gruber's original Markdown:
 *   http://daringfireball.net/projects/markdown/
 * Whose code is based on a filter by Matthew Wickline, posted to
 * the BBEdit-Talk with some optimizations by Milian Wolff.
 *
 * @param string $string Text to encode
 * @param bool $hex Whether to use hex entities as well
 *
 * @return string Encoded given text
 */
function eae_encode_str( $string, $hex = false ) {
    $chars = str_split( $string );
    $seed = mt_rand( 0, (int) abs( crc32( $string ) / strlen( $string ) ) );

    foreach ( $chars as $key => $char ) {
        $ord = ord( $char );

        if ( $ord < 128 ) { // ignore non-ascii chars
            $r = ( $seed * ( 1 + $key ) ) % 100; // pseudo "random function"

            if ( $r > 75 && $char !== '@' && $char !== '.' ); // plain character (not encoded), except @-signs and dots
            else if ( $hex && $r < 25 ) $chars[ $key ] = '%' . bin2hex( $char ); // hex
            else if ( $r < 45 ) $chars[ $key ] = '&#x' . dechex( $ord ) . ';'; // hexadecimal
            else $chars[ $key ] = "&#{$ord};"; // decimal (ascii)
        }
    }

    return implode( '', $chars );
}

References:

  1. Till Krüss – Email Encoder – https://github.com/tillkruss/email-encoder