Hikari Email & URL Obfuscator

Spam is website publishers #1 concern, we wanna share our and our visitors' emails to those who should have access to them, but don't want spam harvesters stealing them and sending garbage to us. A lot of techniques had been developed to hide our emails from these delinquents, while having them shown to real people. And together with spam harvesting, on 15 June 2009, Matt Cutts, a well known software engineer of Google, announced that Google Bot will no longer ignore nofollowed links for PageRank, and now we lose PR/link juice for every link we add to our pages, even if we use rel="nofollow" on them. So, now we must hide links from Search Engines too! I've been searching for an ultimate obfuscation solution for both emails and URLs, that would be user-friendly for me the content publisher, and for my visitors. I've seen a lot of solutions, some that inspired me, but none that would fit my needs. It was time to start coding :) Hikari Email & URL Obfuscator plugin obfuscates emails and URL links, to hide them from spam harvesters and Search Endigne crawlers. It uses ROT13 or cc8b to encode each link while PHP is building the page, then uses JavaScript to decode it and show it to the user. If JavaScript is not available, it uses CSS to hide them. It doesn't use shortcodes, it works directly over HTML links, parsing and obfuscating them. By default it filters all texts in posts, comments, comments authors and text widgets, but you can manually use it anywhere you want. Basically, Hikari Email & URL Obfuscator plugin searches for links that contain URLs and emails on their href atrribute. For each found link, it is replaced by an obfuscated string, and a JavaScript function is called, having in its parameters the required data for JavaScript to decode and recreate the original link. The obfuscated string is then merged back by CSS to a readable URL/email text, so that human visitors can read it while spam harvesters and searchbots will not be able to detect it as a valid email/URL. And, for JavaScript-enabled visitors, this string is replaced by a link with the exact same behavior and attributes of your original link, so that they can interact with it as if there was no obfuscation in place! (Really, there is no way to diferenciate an obfuscated link generated by JavaScript from the original link, unless the HTML document' source is verified or a development tool as FireBug is used!) It uses 4 obfuscation techniques, 2 JavaScript solutions and 2 CSS alternatives for JavaScript-disabled browsers. For CSS, it may revert the link string while PHP is building the page and then CSS reverts it back. Or it may add garbage text between the link, and CSS prevents this extra text from being rendered, so any user-agent that doesn't use CSS can't find the link but browsers show it clearly. Now, when JavaScript is available, it is delivered with the original link, encoded using ROT13 or cc8b by PHP. The link is then decoded back by JavaScript and added to the page, so that real users don't even notice the original link was replaced. And, disregarding the used technique, we content publishers must do nothing different while building our content, just activate the plugin and it does everything else for us :) I dedicate Hikari Email & URL Obfuscator to Ju, my beloved frient ^-^ Features

• Works instantly, no need to edit your posts to have your links obfuscated: Hikari Email & URL Obfuscator plugin automatically detects them and starts obfuscating as soon as it is activated.
• Unobstructive JavaScript: links are obfuscated and shown for visitors with and without JavaScript, forget those "you must enabled javascript to see this email" messages!
• They are real links!: any attribute you can use in an tag you also can use in obfuscated links (JavaScript version only).
• Customization: CSS doesn't let we have real links, but we can at least choose if our obfuscated text will have email only, text only, or both!
• XHTML 1.1 valid: obfuscated links and JavaScript code are valid even in XHTML 1.1 standard. It makes the plugin valid inclusive in HTML 4.0, XHTML 1.0 Strict, XHTML 1.0 Transitional and HTML5!

Advantages over other obfuscation solutions

• Your visitors will see your emails and URLs even if they keep JavaScript disabled.
• Automatic: you don't need to take special actions to start obfuscating, as using shortcodes in place of links or an external tool to get your obfuscation code. Just normally use your links in your posts and let the plugin do the rest!
• Sitewide: instantly works in your existing posts, pages, comments and text widgets, just after you activate it.
• Diversity: for each link, it randomly chooses between 2 CSS and 2 JavaScript obfuscation methods, making it harder for spammers to crack it.
• Extensible: you can call it manually, and add it to other plugins and themes filters.
• Customizable: use custom parameters to force or avoid specific links from being obfuscated, and to define how non-JavaScript obfuscation will behave.

Hikari Email & URL Obfuscator requires at least Wordpress 2.8 and PHP5 to work. You can use the built in installer and upgrader, or you can install the plugin manually.

1. Download the zip file, upload it to your server and extract all its content to your /wp-content/plugins folder. Make sure the plugin has its own folder (for exemple /wp-content/plugins/hikari-email-url-obfuscator/).
2. Activate the plugin through the 'Plugins' menu in WordPress admin page.
3. That's it! Go back to your home page and see how your old links are with JavaScript enabled and disabled :)
4. Go to options page if you wanna add whitelist and blacklist and do some deeper configs.

Upgrading If you have to upgrade manually, simply delete hikari-email-url-obfuscator folder and follow installation steps again. Uninstalling If you go to plugins list page and deactivate the plugin, it's data stored in database (configs, whitelist, blacklist) will remain stored and won't be deleted. If you want to fully uninstall the plugin and clean up database, go to its options page and use its uninstall feature. This feature deletes all stored options, restoring them to default (which can also be used if you want defaults restored back), and then gives you direct link to securely deactive the plugin so that no database data remains stored.

0.08

• Fixed styling incompatibility with Sociable plugin
• Fixed wp_enqueue_style() not providing media parameter
• Fixed adding JS code to wp_footer, now properly using wp_print_scripts
• addes support for PHP Code Widget plugin's filter

0.07

• New: Finally an options page!
• Options page made the plugin incompatible with Wordpress 2.7, now it requires 2.8 to work.
• New: Whitelist and Blacklist, to list URLs and emails to not be obfuscated (Whitelist) and to be forced to (Blacklist).
• New: Also added options related to the position of JavaScript calls for de-obfuscation , and how these calls should be marked up.
• New: Options page also has a proper uninstall feature, which deletes all data the plugin had added to database and also can be used to reset options to default.
• New: If you want a whole block of content (a post, a comment, a text widget, etc) to be skipped from having its links obfuscated, just add to it a comment .
• Further tests for XHTML valid code, now I hope I can assure it :)

0.06

• Fix: plugin CSS is no longer being added to Admin Pages.
• JavaScript decoding code is back to header, instead of footer.
• Added option for JavaScript call be done just after the link it decodes, I belive having those calls spreaded across the page is harder for spam bots to crack than having all of them inside a unique at the footer... but Wordpress breaks XHTML validation, gg.
• Increased filter's priority to surpass raw-html plugin filter.

0.05

• Fix: now plugin's js is added only when there are links to be obfuscated.
• Fix: now plugin folder name is not hardcoded anymore, we can use any folder name we want.

0.04

• First public release.