Strong link obfuscation with PHP and JavaScript. Object-oriented, using the Rot47 algorithm. Hides email, phone and sms links from being crawled by spambots.

1.1.0 2023-12-18 12:06 UTC

This package is auto-updated.

Last update: 2024-06-18 13:17:14 UTC


PHP from Packagist Codacy Badge Latest Stable Version Total Downloads License

Kiwa Link Obfuscator

Strong link obfuscation with PHP and JavaScript. Object-oriented, using the Rot47 algorithm. Hides email, phone and sms links from being crawled by spambots.


This library is made for the use with Composer. Add it to your project by running $ composer require kiwa/link-obfuscator.


There are three classes available: Mail, Phone and SMS. All of them can be used in the same way:


use \Kiwa\LinkObfuscator\Mail;

echo new Mail('');

// Basically equal to <a href=""></a>

The output will be: <a data-href="%3E2%3A%3DE%40i96%3D%3D%40o3%3AE2%3F53%3D24%3C%5D4%40%3E" data-id="_klo0">|||96%3D%3D%40o3%3AE2%3F53%3D24%3C%5D4%40%3E</a>, followed by some JavaScript code.

There are some parameters available:

  1. The first one is the link href
  2. Second one is the link description
  3. The third can be every additional parts like class names
  4. If the link description should also be encrypted.

Using them, the example above would look like:


use \Kiwa\LinkObfuscator\Mail;

echo new Mail('', 'Mail us', 'class="btn"', false);

// Basically equal to <a href="" class="btn">Mail us</a>

Now the output is: <a data-href="%3E2%3A%3DE%40i96%3D%3D%40o3%3AE2%3F53%3D24%3C%5D4%40%3E" data-id="_klo0" class="btn">Mail us</a>, also followed by some JavaScript code.

The JavaScript will then decrypt the link. But instead of appending raw data into the page, the link href will be stored in some event listeners. So even if the page will be parsed with active JavaScript, the link will simply look like <a href="javascript:void(0);">hello<span>@</span></a>.



The Kiwa Link Obfuscator uses the Rot47 algorithm per default. You can change this by adding a custom algorithm using AbstractLink::setEncryption(new MyCustomEncryption()). Please note that the algorithm needs also to be available in JavaScript.


The default prefix for all link ids is _klo. This id is stored as data-id to keep the id free for your usage. To change the prefix you can call AbstractLink::setUidPrefix('myCustomPrefix').


Every html link will have its own JavaScript code at the end. The first of them has also the functions which are needed to create functional links. If you have a lot of links in one page, want to keep your page DRY, or whatever else, you can disable this functionality and use the code in your own way.

There are three parts of JavaScript code, which can be disabled:


use \Kiwa\LinkObfuscator\AbstractLink;


Now you can add that code to your JavaScript file, for example by writing

import { handleLink } from "/vendor/kiwa/link-obfuscator/src/Basic";
import { encrypt } from "/vendor/kiwa/link-obfuscator/src/Encryption/Rot47";
global.encrypt = encrypt;

Now a custom code is needed as replacement for the Action.js. This could be:

const links = document.querySelectorAll("a[data-id^='_klo']");

links.forEach((link) => handleLink(link));


If you have any questions, feel free to contact us under

Further information about Bit&Black can be found under