Block Editor Button?

  • Hello, apologies if this is a newbie question. I know just enough to get myself in trouble! I’ve been using this plugin with what appears to be great success for some time. Appreciate this FREE solution!

    Recently I added a new email button for “COACHING” in the standard WP visual block editor for my site. The button generates an email TO my coaching email and includes a SUBJECT line of “Coaching Inquiry.” When viewing the site my browser displays the “email successfully encoded!” green lock above the new button, so I assumed it was functioning correctly. It also tests as “protected” on your website checking tool.

    However I recently started to receive SPAM to this address (it does NOT include the custom SUBJECT line). Admittedly the address is new, and I don’t monitor the other email I’ve encoded on the site, so I’m not sure how much SPAM they get. But I wanted to make sure I am using your tool correctly.

    My settings:
    – Protect emails: Full-page scan
    – Protect emails using: automatically the best method (including javascript) I recently changed this from “excluding javascript” as I thought this might be the issue?
    – Otherwise I believe the default settings are in place

    Unless the email is indeed exposed somehow, it does NOT appear anywhere on the site visually. I guess someone could manually click on it to expose the email, but the SPAM I received (a business phone plan offer) suggests it was automatically harvested somehow.

    I don’t see many current replies from the developer here, so I hope that this is being monitored and someone can help. Thank you!

    The page I need help with: [log in to see the link]

Viewing 5 replies - 1 through 5 (of 5 total)
  • Thread Starter M. Ballou

    (@ballou)

    As a follow up, I also looked at the source code for the page in 3 browsers and was surprised to see the only viewable email address on my site was NOT obfuscated in Safari v17.2.1, but WAS in the latest versions of Firefox and Brave (chrome browser). I thought that was the whole point of this plugin? By default shouldn’t it at minimum protect a visible MAILTO link? Alternately, I tried to manually protect the email with [eeb_protect_emails], and got the same results.

    In addition the manually protected phone number that shows on my site doesn’t appear to be protected in Safari when viewing the source code, but does not show in search results of the source code in Firefox and Brave. I used the [eeb_protect_content] for that. For what it’s worth, I cleared the cache for my domain on each browser with each test.

    Again, I know enough to get myself in trouble, so maybe I’m misunderstanding how this tool works, or how to check it looking at source code. In Safari I went to Develop>Show Page Source, in Firefox I use Tools>Broswer Tools>Page Source, and in Brave View>Developer>View Source. Assuming I’m using it correctly, as it stands, I can’t recommend it and am going to have start looking for other options. ??

    I see an update for the tool was JUST released today, so it seems like it’s actively being developed. Hope you can shed some light!

    Thread Starter M. Ballou

    (@ballou)

    Unless I am misunderstanding something, it seems like the way I was Safari searching Source data, it maybe combines Inspector and Source data, thus yielding my results. So that may be why that’s happening. As I mentioned in the other post that led me to this conclusion, I’m still not sure why I got spam to an obfuscated email associated with a button on my page… I know there are many ways to have email compromised, but this is a very new email address, and not a logical one. So either someone manually harvested it, or is using some other scraping method?

    Plugin Author Ironikus

    (@ironikus)

    Hey @ballou – Thanks for your message.

    After checking, your email seems to be properly obfuscated. Though my plugin does a good job, there will always be ways to harvest emails for serious platforms.

    While normal bots are easily blocked by our plugin, sophisticated harvesters can interpret javascript and run it in a virtual environment, and then use AI or other extraction tools to scan rendered images of websites to find email addresses. Those bots are more rare, but they exist, and there is not much to do against it except of removing the email from the website, or in best case, obfuscating it visually.

    This means that you can continue to use Javascript as a preferred method, but instead of showing the email as the actual email, you can obfuscate it further by changing its display (This is possible via the “display” argument of the available shortcodes.

    E.g. instead of having [email protected], you can write jondoe [AT] example.com

    This further hardens the possibility of your email being exposed automatically.

    Hope that helps.

    Thread Starter M. Ballou

    (@ballou)

    Thanks for your reply @ironikus! I appreciate the explanation.

    Follow up question to your suggest on further obfuscating displayed email: How do you insert a SUBJECT line into MAILTO shortcode?

    For instance, following your instructions to replace my old MAILTO link, I’m now using something like, [eeb_mailto email=”[email protected]” display=”jondoe(AT)example(DOT)com”]

    I tried a variety of ways for the manually protected MAILTO link to insert the SUBJECT line but couldn’t figure it out. I also used the brackets in your example “jondoe [AT] example.com” and that seemed to break things, so I went with parentheses and that appears to work.

    Plugin Author Ironikus

    (@ironikus)

    Hey @ballou – good point – the shortcode currently only supports the direct email for validation purposes.

    If you want to add additional parameters to an email, you can use the [eeb_protect_content] shortcode instead.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Block Editor Button?’ is closed to new replies.