This plugin hasn’t been tested with the latest 3 major releases of WordPress. It may no longer be maintained or supported and may have compatibility issues when used with more recent versions of WordPress.

WP Mailto Links – Protect Email Addresses


Protect and encode email addresses safely from spambots, spamming and other robots. Easy to use out-of-the-box without any configuration.


  • Full page protection for emails
  • Instant results (No confiruation needed)
  • Protects mailto links, plain emails, email input fields, RSS feeds and much more
  • Autmoatic protection technique detection (Our plugin chooses automatically the best protection technique for each email)
  • Exclude posts and pages from protection
  • Automatically convert plain emails to mailto-links
  • Automatically convert plain emails to png images
  • Supports rot13 encoing, escape encoding, CSS directions, entity encoding and much more
  • Deactivate CSS directions manually for backwards compatibility
  • Shortcode support: [wpml_mailto]
  • Template tag support: wpml_mailto() and wpml_filter()

The plugin combines the best email protection methods (CSS, PHP and JavaScript techniques).

Free Website Check

We offer you a free tool to test if your website contains unprotected emails. You can use our website checker by clicking here

Easy to use

The plugin works out-of-the-box to protect your email addresses. After activating the plugin, all options are already set for protecting your emails and mailto links.


The plugin works out-of-the-box to protect your email addresses. All settings are default set to protect your email addresses automatically with the best method available.
If you want to manually create protected mailto links, just use the shortcode ([wpml_mailto]) within your posts or use the template tags (wpml_mailto() or wpml_filter()) in your theme files.

Shortcode `[wpml_mailto email=”…”]…[/wpml_mailto]`

Create a protected mailto link in your posts:
[wpml_mailto email=””]My Email[/wpml_mailto]

It’s also possible to add attributes to the mailto link, like a target:
[wpml_mailto email=”” target=”_blank”]My Email[/wpml_mailto]

Shortcode `[wpmt_protect]…[/wpmt_protect]`

Protect content using our plugin that is not encodedby default (E.g. some ajax loaded values):
[wpmt_protect]YOUR CONTENT YOU WANT TO CHECK FOR EMAILS[/wpmt_protect]

It’s also possible to customize the encoding type using “protect_using”. Possible values: char_encode, strong_method, without_javascript, with_javascript:
[wpmt_protect protect_using=”…”]YOUR CONTENT YOU WANT TO CHECK FOR EMAILS[/wpmt_protect]

Template tag `wpml_mailto( $email [, $display] [, $attrs] )`

Create a protected mailto link in your template like:

Template tag `wpml_filter( $content )`

Filter given content to protect mailto links, shortcodes and plain emails (according to the settings in admin):


  • Admin Settings Page
  • Encoded Emails with Link Icon on the Site


  1. Go to Plugins in the Admin menu
  2. Click on the button Add new
  3. Search for WP Mailto Links and click ‘Install Now’ or click on the upload link to upload
  4. Click on Activate plugin
  5. You will find the settings page under Settings -> WP Mailto Links or directly wihtin the menu.
  6. The plugin sets by default the right options for protecting your emails. All mailto links will automatically be scanned and protected.


How does it work?

The plugin combines the best email protection methods (CSS and JavaScript techniques). All of them are explained in this article.

A webpage contains code on the backside. In the code all email addresses will be obfuscated, to hide them from spambots. Only when people see the page and click on the mailto link, the encoded email address will be translated to a normal email address.

What’s the best way to protect my email address(es) on my site?

Off course by activating this plugin 🙂 on your site. But even still it’s not recommended to use email addresses directly in your posts or in your theme templates.
It would be better to use the shortcode [wpml_mailto] and template tag wpml_mailto(), because when the plugin isn’t active anymore, the email addresses would not be shown on your site.

How can I exclude pages?

You can exclude pages within our settings page. Simply activate the button for advanced settings and you will see an input field.
In there, simply separate the page/post ids with a comma and save.

Here is an example: 12,455,19

Shortcode does not work in widgets. How can I make it work?

By default shortcodes are not applied to (text) widgets. To support that you can add it to the text widget filter (for more).
If you are not a coder, then just activate this plugin, which does the same thing.

Do you have a problem or found a bug, please report it.


September 9, 2022
Fonctionne bien et simplement. J’ai testé d’autres plugin mais celui-ci est le plus optimisé (on peut cliquer sur le lien mail, le copier aussi, cela fonctionne et il est bien caché en code source…). Rempli très bien sa fonction. Merci mas une petite mise à jour serait nécessaire pour assurer la compatibilité avec les évolutions de wordpress.
September 23, 2019
I’ve changed my review. This was 5 stars because although it seems to work as it claims, but the new dev has decided to include intrusive advertising on the dashboard, not just on the plugin page (which would be fine). You can delete the advert for the session but it always reappears every time you log in. I’ve checked in the settings and I can’t see a way to hide the plugin ads (as many other plugins allow you to do). Alternatively set the ad so that when you delete it, it disappears for say 52 weeks (this is how metaslider do their adverts).
May 25, 2019 1 reply
I have been using another encoder plugin for many years, until the developer decided to create a premium version and make the free version totally useless over night. Luckily I found this plugin that does the job flawlessly. I only had to click one setting (“Turn plain email into mailto”), and my whole page was protected. Thank you for this plugin. And if you one day decide to make money, please do it with additional features. I will be happy to consider those.
Read all 33 reviews

Contributors & Developers

“WP Mailto Links – Protect Email Addresses” is open source software. The following people have contributed to this plugin.


“WP Mailto Links – Protect Email Addresses” has been translated into 3 locales. Thank you to the translators for their contributions.

Translate “WP Mailto Links – Protect Email Addresses” into your language.

Interested in development?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.


3.1.4: September 22, 2023

  • Security Patch for XSS vulnerability within the create_protected_mailto() function (Thanks to Wordfence)

3.1.3: September 22, 2023

  • Security Patch for XSS vulnerability within the [eeb_mailto] shortcode when using the “email” tag (Thanks to Wordfence)


  • Feature: We fully removed all external marketing advertisements! Enjoy our plugin without distractions! 🙂
  • Feature: Full support for Oxygen builder
  • Tweak: Optimize PHPDocs and comments


  • Feature: Soft-Encode all HTML tags + new settings item (This will prevent complex plugins from breaking)
  • Dev: New filter for randomization of javascript escaping methods


  • Feature: Exclude script tags from being encoded
  • Fix: Revalidate and strip escape sequences for encode_escape function


  • Feature: Optimize Jetpack integration to also filter against image attribute description tags
  • Feature: Soft-filter html placeholder tags
  • Feature: Allow template tags to work as well with the plugin settings se tto “Do nothing”
  • Fix: Only one match of the soft attributes was soft encoded properly
  • Fix: Fix fatal error with template tags
  • Fix: The escape js function stripped away all zeros from emails


  • Feature: Introduce settings item to load all scripts within the footer instead of the head section
  • Tweak: Integration for Divi Theme included
  • Tweak: Adjust element id prefix
  • Tweak: Integration for Jetpack Carousel slider meta attributes
  • Fix: WP CLI stopped working due to loaded buffer


  • Feature: Website checker to search your site for unprotected emails. Follow this URL for more information:
  • Tweak: Merge new marketing setting into advanced area
  • Tweak: Optimize some code parts for the newest WordPress standard


  • Feature: Add setting to remove shortcodes from RSS feeds
  • Tweak: Add feature to disable marketing notifications (Thanks @ac1643 for mentioning – this was probably a bug)


  • Feature: Introduce automatic rot13 encoding using javascript
  • Feature: Introduce automatic escape encoding using javascript
  • Feature: Add shortcode to protect additional content that may can’t be reached by the plugin (e.g. certain ajax calls)
  • Feature: Randomization for Javascript methods to offer a better and less predictible protection
  • Tweak: Allow javscript mailto encoding as well if email png protection is activated and javascript is allowed
  • Tweak: Optimize plain email filtering after protecting mailto links and email addresses
  • Tweak: Optimize settings-flow in certain combinations
  • Tweak: Optimize settings description
  • Tweak: Avoid unnecesary email line breaks from wrongly applied display properties
  • Tweak: Extend shortcoe help tabs
  • Dev: Added new random bool function


  • Feature: Soft-encode for script tags to preserve the javascript logic
  • Tweak: Set WordPress filter settings item to advanced (since it is not recommended)
  • Fix: Fix ReferenceError: jQuery is not defined for the frontend scripts


  • Feature: Convert plain emails to PNG images (Custom settings item in advanced settings)
  • Feature: Settings to customize the created PNG Email Images
  • Feature: New setting to deactivate CSS directions manually
  • Tweak: Optimize automatically chosen methods and cross-setting usage
  • Tweak: Updated minimum PHP version
  • Tweak: Include collaboration with MailOptin
  • Tweak: Correct certain text issues
  • Fix: Prevent Woocommerce variation attributes containing emails from breaking
  • Fix: Correct layout issue if multi-inout with text fields is chosen
  • Dev: Optimize code for WordPress standards
  • Dev: New filter: wpmt/validate/email_signature (
  • Dev: New filter: wpmt/validate/generate_email_image_url (
  • Dev: New filter: wpmt/settings/get_soft_attribute_regex (


  • Fix: Widgets did not display in certain cases


  • Tweak: Optimized PHP Docs
  • Fix: Fatal Error due to a non available function


  • PLEASE READ BEFORE UPATING: This plugin was completely rewritten and optimized. We also said goodbye to some features (mentioned below). Please test first.
  • Feature: Completely rewritten version of your beloved plugin
  • Feature: Feature to automatically detect the best protection method
  • Feature: Choose from four new settings to choose the strength of your protections
  • Feature: Added admin security check icon to encoded input fields and encoded plain emails/texts
  • Feature: Also protect every single shortcode content
  • Feature: Choose converting plain emails to mailto links as an additional feature
  • Feature: Change filter apply from “wp” to “init” (This allows you to also grab some ajax values to parse them directy encoded)
  • Tweak: Backward compatibility to the new plugin settings
  • Tweak: Remove custom icon functionality due to performance optimization (If you want it back, feel free to reach out)
  • Tweak: Completely performance optimized (We removed everything that is not necessary, included a better object caching and much more)
  • Tweak: Simplified settings (We cleaned the settings a lot, but you can still get some your old settings page back by activating the advanced checkbox 🙂 )
  • Tweak: Optimized filter combinations
  • Tweak: Allow custom settings key to be also applied within the settings form dynamically
  • Dev: Code rewritten on the newest WordPress standards
  • Dev: Tons of new WordPress filters and actions (For a full list, please check


  • Fix: Show admin keylock icon relatively and not absolute
  • Ironikus took over development


  • 2019-03-26
  • bug fixes
  • 10,000 installations; 88,200 downloads


  • Fixed bug copying emailaddress (credits to Martin Kreiner)


  • Fixed bug retina png or gif images


  • Fixed bug responsive image names containing @


  • Fixed script conflicts on other admin pages
  • Added data-attribute for WP External Links plugin to ignore WPML links


  • Solved CSS overwrite
  • Solved double filtering for final output and widget output


  • Fixed bug only effecting PHP5.3 ($this reference within a closure)


  • Bug fixed in wpml_mailto() and wpml_filter() template tags


  • Removed “wpml_ready” action
  • Code refactor using WPRun library


  • Removed realpath(), causing errors on existing installs
  • Fixed only load js on wpml admin page
  • Security check default off


  • Needs PHP version 5.3+
  • Complete refactor
  • Added Font Awesome Icons and Dashicons
  • Added security check for admin users
  • Deprecated “wpml_ready” action
  • Deprecated “wpml_mailto” filter


  • Added option strong protection for emails in input fields
  • JavaScript depends on jQuery
  • Solved $wp_version missing error


  • Secure JS encoding for input fields


  • Solved JS only loading on plugin admin page


  • Solved bug printing emails
  • Complete refactoring (OO, views, general plugin classes)


  • Solved bug email in input values, will now be encoded with html entities
  • Solved bug @ sign when adding CC and BCC to mailto
  • Solved bug layout wrap when using – sign in email


  • Set protected email address in the title attribute


  • Solved css rtl direction bug


  • Only support for WP 3.4+
  • Removed stylesheet file to save extra request
  • Fixed bug saving metaboxes settings
  • Added prefix to css class names


  • Fixed bug PHP fatal error include path


  • Fixed bug opening mailto links in iOS (iphone)
  • Fixed bug deleting setting values when unregister (will now be deleted on uninstall)
  • Fixed bug for option “Yes, convert plain emails to mailto links”


  • Added option to skip icons on mailtos containing image(s)
  • Added email attribute to mailto shortcode


  • Added apply filter “wmpl_mailto”
  • Changed filter_page method using only one regular expressions
  • Added ob_end_flush to the wp_footer filter
  • Fixed bug replacing plain email addresses


  • Fixed php warning “call_user_func_array() expects parameter 1..”
  • Removed ob_end_flush to the wp_footer filter, does not always work properly


  • Fixed blank page bug on post edit (admin)
  • Added ob_end_flush to the wp_footer filter


  • Fixed bug in regexp plain email
  • Fixed bug shortcode not working
  • Fixed bug – sign in email addresses
  • Fixed defined var $protected
  • Fixed icon in admin menu
  • Fixed update message in admin


  • Added shortcode [wpml_mailto]
  • Added template functions wpml_mailto() and wpml_filter()
  • Added action hook “wpml_ready”
  • Added registered metaboxes with screen settings
  • Refactored code and reorganized files
  • Changed to semantic versioning from 1.0.0


  • Improved regular expressions
  • Fixed keep lettercase in mailto params
  • Fixed convert plain emails without dot on the end
  • Replaced code from pre_get_posts to wp action


  • Fixed IE layout problem (WP 3.3+)


  • Fixed blank page bug (WP 3.2+)
  • Fixed setting default option values


  • Added support for widget_content filter of the Logic Widget plugin
  • Changed script attribute language to type
  • Displayed name will only be encrypted when containing email address(es)


  • Fixed problem of not showing the first letter
  • Fixed rtl css problem
  • Fixed PHP / WP notices


  • Fixed bug of changing <abbr> tag
  • Added protection text for replacing emails in head-section and RSS feed
  • Better RSS protection
  • Improved JS method
  • Improved regular expressions
  • Solved bug using “&” for extra params (subject, cc, bcc, body) on mailto links
  • Small cosmetical adjustments


  • First release, features: protect mailto links and plain emails , set link icon, set no-icon class and additional classes