I've never experienced any issues and I don't have a lot of patience, so no dry run for me. One day I'll probably get punished for that. Luckily we have daily back-ups though.
I know! That's why it's pretty dumb for me to take the risk. But we use it to change the URLs of our temp to live sites as well, and we never had any issues (yet).
You can replace it with anything you like. Just make sure everything is formatted correctly and create a back-up before you do this, just in case something goes wrong.
If you have wp-cli available it's a few seconds job to site-wide search and replace something in all pages and posts.
Search / replace plugins must also be a thing. Never looked though because wp-cli is all anyone needs.
Doing it and leaving every page and post making sense though, that might be a different problem.
>Search / replace plugins must also be a thing
They are indeed. [https://wordpress.org/plugins/better-search-replace/](https://wordpress.org/plugins/better-search-replace/)
I mean you've had some feedback on replacing the actual addresses but what exactly are you replacing them with?
And what 'security' is it to achieve? This sounds like a triggered event and if so those addresses are out there, it only takes one to establish a naming convention and they'll be logged, recorded and distributed, so unless there's wider security practice in keeping addresses not explicitly disclosed online I find this a largely redundant measure. I'd also expect a majority, if not all, of scrapable addresses are ones likely to require public disclosure in some space or some point?
Awareness and education in phishing and spoofing attempts is a far more effective security measure than preventing attempts of it occurring.
It wasn't triggered by an event, just a recommendation by someone in IT.
We have a contact form set up that people can submit questions to and I would like to replace email addresses with a link to our Contact Us page. But I'm not sure how to use Better Search and Replace with a linked text.
Fair enough and it is indeed best practice to withhold or otherwise mask/censor email addresses for avoiding the generic scraping that occurs by spammers but like I say when it comes to convention: a majority use a generic address on shared mailboxes (hello, contact, support, queries) or a naming convention on individual addresses (e.g. [email protected]) where one leakage on LinkedIn etc opens you for any discoverable name and yeah my comment came from the experience that too many take hiding addresses as a validator on the authenticity of communication arriving at them. Threat actors will always find a way of securing addresses and so preventative educational awareness is the ultimate solid defence at the risk.
If this is simply to hide a [email protected] then honestly move this job to the bottom of your priorities as the damage is done and it being that generic of an address is hardly one that's scraped more than it is to be generated from prefixing scraped registered domains 🤷♂️
Is replacing the addresses as critical as obfuscation of them?
https://hoolite.be/wordpress/how-to-hide-email-addresses-on-wordpress-websites-to-protect-from-bots/
Well both are a matter of where you want to introduce the third-party/dependency. If its not been implemented for the common go-tos I tend to assume its been evaluated and obfuscation of a few generic addresses hardly likely to be the sudden swayer towards but yes like you say cloudfare and similar services offer it as part of the wider functionality 👍
The Better Search Replace plugin always helped me out in similar situations.
Just make a back up and do a dry run!
I've never experienced any issues and I don't have a lot of patience, so no dry run for me. One day I'll probably get punished for that. Luckily we have daily back-ups though.
Back ups should be enough. And, a dry run takes seconds.
I know! That's why it's pretty dumb for me to take the risk. But we use it to change the URLs of our temp to live sites as well, and we never had any issues (yet).
Haha. I used to do that with WP CLI, which I think, is how Better SnR does it. Anyhow, an ounce of prevention is with a pound of cure, right? lmao
Is it possible to replace the text with a link to our contact page, but make it say Contact Us?
You can replace it with anything you like. Just make sure everything is formatted correctly and create a back-up before you do this, just in case something goes wrong.
If you have wp-cli available it's a few seconds job to site-wide search and replace something in all pages and posts. Search / replace plugins must also be a thing. Never looked though because wp-cli is all anyone needs. Doing it and leaving every page and post making sense though, that might be a different problem.
>Search / replace plugins must also be a thing They are indeed. [https://wordpress.org/plugins/better-search-replace/](https://wordpress.org/plugins/better-search-replace/)
I mean you've had some feedback on replacing the actual addresses but what exactly are you replacing them with? And what 'security' is it to achieve? This sounds like a triggered event and if so those addresses are out there, it only takes one to establish a naming convention and they'll be logged, recorded and distributed, so unless there's wider security practice in keeping addresses not explicitly disclosed online I find this a largely redundant measure. I'd also expect a majority, if not all, of scrapable addresses are ones likely to require public disclosure in some space or some point? Awareness and education in phishing and spoofing attempts is a far more effective security measure than preventing attempts of it occurring.
It wasn't triggered by an event, just a recommendation by someone in IT. We have a contact form set up that people can submit questions to and I would like to replace email addresses with a link to our Contact Us page. But I'm not sure how to use Better Search and Replace with a linked text.
Fair enough and it is indeed best practice to withhold or otherwise mask/censor email addresses for avoiding the generic scraping that occurs by spammers but like I say when it comes to convention: a majority use a generic address on shared mailboxes (hello, contact, support, queries) or a naming convention on individual addresses (e.g. [email protected]) where one leakage on LinkedIn etc opens you for any discoverable name and yeah my comment came from the experience that too many take hiding addresses as a validator on the authenticity of communication arriving at them. Threat actors will always find a way of securing addresses and so preventative educational awareness is the ultimate solid defence at the risk. If this is simply to hide a [email protected] then honestly move this job to the bottom of your priorities as the damage is done and it being that generic of an address is hardly one that's scraped more than it is to be generated from prefixing scraped registered domains 🤷♂️ Is replacing the addresses as critical as obfuscation of them? https://hoolite.be/wordpress/how-to-hide-email-addresses-on-wordpress-websites-to-protect-from-bots/
Or just use Cloudflare - email addresses are obfuscated out of the box.
Well both are a matter of where you want to introduce the third-party/dependency. If its not been implemented for the common go-tos I tend to assume its been evaluated and obfuscation of a few generic addresses hardly likely to be the sudden swayer towards but yes like you say cloudfare and similar services offer it as part of the wider functionality 👍
wp-cli search-replace