E-mail spammers often use programs, known as e-mail harvesters, that scan pages on the Internet for e-mail addresses to collect and send unsolicited e-mail. If your e-mail address is publicly available through your WordPress installation, it may be vulnerable to these kinds of programs. Below are a few simple ways you can protect yourself from spam while still providing an e-mail address to your readers.
A popular solution to e-mail harvesting is to create a "throwaway" e-mail address at free services such as GMail or Yahoo Mail. Set this as your e-mail address in your profile. WordPress makes it easy to display the address on your blog by providing the function the_author_meta('user_email'). Within The Loop portion of your templates, just add the tag:
<?php the_author_meta('user_email'); ?>
You will be able to check e-mail that is specifically sent from your readers. If spam becomes too much of a problem, simply delete this account, create a new one, and change the e-mail address in your profile to the new address. Your site will be immediately updated without having to change any template files.
To "fool" e-mail harvesters, a simple method is to convert the symbols in an e-mail address to words (typically parenthesized). For example, firstname.lastname@example.org becomes steve (at) mac (dot) com. Since this is not recognized as a valid e-mail format, harvesters tend to ignore it.
A slightly more complicated approach is to transform or encode characters in an address to their HTML character entity, or numeric character reference, equivalent. This means the letter a in an address becomes
a, the @ symbol
@, and so on. These should appear as gobbledygook to harvesters, while your browser renders them correctly.
<?php echo antispambot(get_the_author_meta('user_email')); ?>
The function antispambot() above parses the e-mail address passed by get_the_author_meta('user_email') (this is the same as the_author_meta('user_email'), except it returns rather than displays the author's e-mail address). Use of the echo command displays the output of antispambot(). An interesting feature is it encodes only portions of an address, and does so randomly so the letters encoded are different each time the page loads, adding a little more firepower to the spam protection arsenal.
NOTE: Unfortunately, WordPress does not allow invalidly formatted e-mail addresses to be used in one's profile, so obfuscating your e-mail address there will not work.
Another easy trick for disguising your email is to create an image of your email address using some screen capture software, cropping it to size with an image editor, and inserting it where ever you like :-)
Be aware that screen reading software (commonly used by people with vision impairment) will not be able to read your e-mail address either. If you use this method, provide a second form of contact as well.
There are some plugins that do this work automatically in posts and pages. For instance Pixeline's Email protector provides a human-friendly solution that protects any mailto: link of plain email addresses inside posts and as a theme function, or Email Address Encoder which converts all plain email addresses and mailto links into decimal and hexadecimal entities. Another one is CryptX. There are some drawbacks as if it's not properly configured, they might mess with contact form where users introduce email addresses (if they make some mistake and the form is refilled and re-filtered). A less automated approach is that of Slash Admin, which has an option for including disguised email addresses in posts and pages via shortcodes (using the antispambot() function).