Email Address Obfuscator not working on Firefox

@kimu thanks for reporting this. Which shortcode did you use to output the obfuscated email address?

Hi,
I use [obfuscate email="..."]

Got it. I’m guessing you’re using the free version of ASE?

Yes, I use the free version.

Noted. At the moment, I’m unable to replicate the issue on a fresh WP install with Elementor free and using the obfuscation shortcode [ obfuscate email=”[email protected]” ] in a Text Editor widget: https://ase-test.instawp.xyz/elementor-text-widget-email-obfuscation/. It is showing [email protected] on my Firefox v129.0.2 / macOS Monterey. Screenshot: https://www.imagebam.com/view/MEWNKDD

So, this is a bit of a mystery at the moment…

OK, that’s interesting. I am using Elementor Pro, but I don’t think it makes any difference because that widget should be the same regardless of the version used.

This suggests that something else, somehow, is interfeering with this feature… but only on Firefox.
It might be another one of the plugins I have installed, hard to tell. I can try to deactivate them one by one in the development installation and see if I can find the culprit.
If I manage to find it I will report back to you.

I guess that you are doing some sort of user-agent detection to determine whether is a bot or human interacting with the website and I cannot think of anything out of my head that can mess up with that, expect for one thing maybe, but yeah, I will do some testing and I will come back to you.

Peculiar indeed. Yes, there is a piece code that checks for ‘firefox’ string in the user agent from $_SERVER[‘HTTP_USER_AGENT’] global, and changes the way obfuscation are processed based on that. Looking forward to hear what you find.

I am not 100% sure yet, but I had a suspect about the WP Captcha plugin (aka Advanced Google reCAPTCHA)
On top of dealing with Captcha it also has a Firewall feature which among other things offers to block bad bots.
I already have something similar offered by my web provider, so it was no issue to disable it and that worked, but I had different responses on the development and production environments. Not surprisingly maybe, but still weird.

On the development environment, as soon as I deactivate the plugin the issue went away. In production that didn’t work.
But disabling the Block Bad Bots option in the Firewall section did it.
In Production, there are many layers of caches, so that might explain why it didn’t change it immediately, but again not 100% sure.
When that feature is enabled, it adds a bunch of Rewrite conditions/rules to the .htaccess file. I didn’t see anything related to Firefox or Mozilla in those rules, but somehow, it was, apparently, doing something that affected the Email Address Obfuscator.
I will continue messing around with a few things, but for now it seems to be solved with this change I made to the setting of WP Captcha.

Thank you for thoroughly investigating that. That is good info to know. I will mark this resolved for now. Let me know if you find something else as you look deeper.

I have spoken too early.
After a few other changes to the website, plugin updates and other maintenance activities, the issue is back again.

I don’t know what it is, it could be Elementor itself, which has been very temperamental today on our website, maybe some of the cache layers or, maybe something else.
Nothing makes sense though, because if it was one of the cache layers, every browser would be affected.
I am not aware of any user-agent checks done by Elementor, although it is possible.
The fact that only Firefox is affected, makes it really hard to pinpoint it to a global behaviour/feature.
What makes your plugin seeing a session in Firefox being a bot it’s bit of a mystery, but I wouldn’t be surprised if that was due to some of the security layers altering the request headers somehow.
They look “regular” from the browser.

Anyway, I cannot spend more time on this issue, otherwise I will try to understand if something changes in the server logs trying to find what is messing around with this ??
For as much as this is a neat feature, it’s a nice-to-have more than a must, so for now I am going to disable it and put all the emails in clear on the website. Luckily enough they are exposed just in a few spots.

If I find anything else, I will let you know.

Sounds good enough. Thanks again for looking super deep into this. I’ll keep an eye on other user reports of the same issue.

I have just found a page using Gutenberg instead of Elementor and the same issue was shown there as well, so that excludes Elementor from the list.