What it does

This MODX Revolution Plugin operates transparently in the background diligently obfuscating all e-mail addresses it finds - whether they appear as links or as straight text in the given page.

How it works

It turns every occurrence of shawn@shawnwilkerson.com into random strings containing 10% of the original characters, 45% encoded in decimal, and 45% of encoded in hexadecimal. These random strings are created automatically for every occurrence of RFC2822 email addresses.

While still looking like:

Who it works for

All users on the project, links to outside e-mail addresses, same-site e-mail address, etc.

It simply works on all e-mail addresses.

Additional Functionality

While the plug-in is operating transparently in the background, it is also performing another task. It is constantly randomizing the encoding of the e-mail address, as to make it appear it is always changing. This provides an additional layer of protection. This can be seen in the source of this page. The hard coded examples will not change, but the initial shawn@shawnwilkerson.com under How it works (and this one) will change and may not even match each other even in the same page.

Though they work flawlessly in e-mail applications and simple cut-and-paste operations.

Package Manager Installation

Simply download and install from the Package Manager. If other OnWebPagePreRender events exist in the project, order of execution priority may be set in the respective Plug-ins - if necessary.

Manual Install

  1. Create a new plugin
  2. Paste in the code from Github
  3. Click the OnWebPagePreRender option on the events tab (near bottom)
  4. Save the Plugin

Protect your projects

With this plug-in, it is very easy to protect the inboxes of every e-mail address located within your pages.

Protect your users and make your self look good in the process.


This Plugin was originally released for MODX Evolution by Aloysius Lim. When I made the jump to MODX Revolution a few years ago, I brought this plugin along as it had served my clients well. With the Release of MODX Revolution 2.1 and its move away from legacy code, some updates had to be performed.

I hope you find ObfuscateEmail-Revo as effective as I have over the years.

Temporarily bypassing ObfuscateEmail

The resolution to Issue 2 at GitHub was to use a MODX Filter to replace the @ symbol of an email address. I then used str.replace in JavaScript to put it back.

The issue was not with ObfuscateEmail, it was in the user's implementation. ObfuscateEmail is going to work regardless of the page content, unless of course it is convinced the content in the page is not an actual email address, which is what I fooled it into "believing".

var email = "[[+email:replace=`@==AT`]]";
someObject.setEmail(email.replace (/at/i, "@"));
May 03, 2012 - Feb 28, 2022
Open Source