WhoKnew Shield — Email, Phone & Address Security

Description

WordPress security plugin for contact obfuscation — Stop bots from harvesting your email addresses, phone numbers, and physical addresses. Whether you need to hide email addresses in WordPress, deploy honeypot traps that actively catch scrapers, or defend against anti-scraping threats with a built-in Web Application Firewall, WhoKnew Shield provides email harvesting protection with zero configuration required.

Why stores and businesses need contact security:

• Privacy Risk: Scrapers harvest emails for spam databases
• Security Threat: Phone scrapers collect numbers for robocalls, SMS spam, and phishing
• Fraud Prevention: Address scrapers use your location for junk mail and identity theft
• Passive Exposure: Contacts in posts, widgets, and footers are often left unprotected
• Bot Evolution: Modern bots can parse basic HTML encoding
• Comprehensive Coverage: Every unprotected contact is a potential harvest point

WhoKnew Shield uses dual-layer security to help keep your contact information private.

Free Features (Instant Setup)

• Dual-layer obfuscation — HTML entities + CSS reversal + JavaScript protection
• Email auto-detection — Write naturally, automatic security everywhere
• Click-to-reveal buttons — One click for visitors; blocks automated scrapers
• JavaScript-protected links — Email addresses never appear in HTML source code
• Multiple contact types — Protect email addresses, phone numbers, and physical addresses
• Shortcodes — [whoknew_shield] for precise control when needed
• Strictness controls — 3 detection levels to balance protection vs false positives
• Modern admin UI — Clean, intuitive dashboard
• No locked features — Everything in free plugin is fully functional
• Works with any theme — Page builders, Gutenberg, Classic Editor, WooCommerce
• Cache-compatible — Works with WP Rocket, LiteSpeed, W3 Total Cache, SG Optimizer

Pro Features ($80/year)

• Phone protection & address protection — Auto-detect ALL contact types automatically
• Web Application Firewall (WAF) — Scraper Trap™ honeypot defense catches bots in action
• WhoKnew Intelligence™ Network — Community-powered blacklist with daily-updated threat intelligence from Shield Pro users worldwide
• Bot blocker with automatic IP blocking — Block caught scrapers site-wide (1hr to permanent)
• Analytics Dashboard — Visual charts, geographic heat maps, threat intelligence
• Competitor shortcode support — Supports Email Address Encoder, Neotrendy, Email Encoder Bundle, Antispambot shortcodes
• Advanced encryption — Domain-specific rotating keys (changes every 15 minutes)
• Custom obfuscation engine — Create your own scraper protection patterns
• Geographic tracking — See where attacks originate with country-level data
• Custom block pages — Show your message to blocked bots
• Email alerts — Get notified when threats are detected
• IP whitelist/blacklist — Complete control over access
• Priority support — Direct access to our team

No coding. Works with any WordPress theme. Set it once, protect everything.

Upgrade to Pro → | View Features

Why Auto-Detection Matters

Manual shortcode plugins require wrapping every contact individually:

• Easy to forget contacts in old posts, footer widgets, page builder sections
• Manually wrapping every email address or phone number in shortcodes is time-consuming and error-prone
• Shield’s auto-detection ensures nothing slips through

Write naturally. Shield finds and protects email addresses, phone numbers, and physical addresses automatically. No gaps. No missed contacts.

Plugin Switching

Switch from other email security and anti-spam plugins with no broken pages:

• Email Address Encoder — [encode] shortcodes work immediately
• Email Obfuscation by Neotrendy — [obfuscate_email] supported
• Email Encoder Bundle — [eeb_protect_emails], [eeb_mailto] compatible
• Antispambot — All shortcodes work with stronger dual-layer security

Just activate Shield Pro and deactivate the old plugin. All existing shortcodes continue working. No find-and-replace needed across your posts.

Web Application Firewall (WAF) — Pro Feature

Active security defense beyond passive hiding:

The Pro version includes WAF capabilities through Scraper Trap™ honeypots:

• Hidden honeypot traps invisible to real users but attractive to bots
• Automatic blocking — Caught bots are banned site-wide
• Threat intelligence — See attack patterns, geographic origins, bot signatures
• Real-time analytics — Visual charts showing when and where attacks happen
• Privacy protection — Stop bots before they harvest any email addresses, phone numbers, or physical addresses
• Security monitoring — Know exactly who tried to scrape your site

This turns passive protection into active security. You’re not just hiding contacts — you’re catching and blocking malicious bots.

WhoKnew Intelligence™ — Community Blacklist Network (Pro)

Collaborative threat protection and anti-spam defense:

Shield Pro users can join the WhoKnew Intelligence™ network to share threat data and download a community-powered blacklist:

• Daily-updated blocklist — Block known scrapers before they reach your site
• Anonymous contribution — Optionally share caught IPs to help protect the community
• Live threat intelligence — Benefit from detections across Shield Pro sites
• Pre-emptive blocking — Stop bots that attacked other sites before they find yours
• Community-powered security — The more sites that join, the stronger the protection

When you catch a bot with Scraper Trap™ honeypots, you can anonymously share that IP to protect other Shield users. In return, you get access to a constantly-updated blocklist of confirmed threats.

External Services

This plugin displays links in the WordPress admin area that point to whoknew.io, the author’s website. These links are used to provide upgrade information, pricing, and documentation for the optional Pro add-on.

WhoKnew.io (Plugin Author Website)

What it is: whoknew.io is the website of the plugin author (WhoKnew). It hosts the Pro upgrade page, documentation, and support resources for this plugin.

What data is sent and when: The free plugin does not automatically transmit any data to whoknew.io or any other external server. The admin UI contains standard upgrade and documentation links; clicking those links takes you to the whoknew.io website in your browser, subject to normal browser behaviour. No data is collected, tracked, or sent without user action.

Note on the optional Pro add-on: If you separately purchase and activate WhoKnew Shield Pro, that add-on may connect to whoknew.io for licence validation and to download the WhoKnew Intelligence™ community blocklist (an opt-in feature). Those connections are documented in the Pro add-on itself.

• Terms of Service: https://whoknew.io/terms/
• Privacy Policy: https://whoknew.io/privacy/

Third-Party Libraries

WhoKnew Shield Free does not use any third-party libraries or external services. All code is self-contained within the plugin. No CDN dependencies, no external API calls, no data transmission to third-party servers.

Bundled Data: IANA Root Zone Database

The plugin bundles a static copy of the Internet Assigned Numbers Authority (IANA) Root Zone Database (data/iana-tlds.txt). This file is used exclusively for offline TLD validation when email detection is set to Strict mode — it is never loaded, transmitted, or used outside of that context.

• Source: https://data.iana.org/TLD/tlds-alpha-by-domain.txt
• License: Public domain / IANA (no restrictions on use)
• Usage: Bundled locally; no runtime HTTP request is made to IANA
• Updates: The file is updated with each plugin release to reflect newly delegated TLDs

Privacy by Design:
– All protection runs locally on your WordPress server
– No external scripts loaded from CDNs
– No tracking or analytics sent to external services
– Complete data sovereignty — everything stays in your database
– GDPR-friendly architecture with zero external dependencies