Stopping Joomla Spam

Another Hidden Joomla Secret Revealed

When I gave the first presentation of "Joomla Hidden Secrets" in The Netherlands back in 2009 I stated that I was only presenting some of the "secrets" and that I would present more in the future. Well, for various reasons, I never did.

This week a tweet by Rafael Diaz-Tushman of Dioscouri Design complaining that joomlacode.org was exposing his email address in unprotected form to spammers etc prompted me to reveal at least one more of my "Hidden Secrets of Joomla".

We all know that it is not a great idea to publish email addresses on a web site as they're just a gift to spammers. In fact Joomla has built in safeguards to protect you if you should forget and any email address that you add to Joomla content is automatically protected from spam harvesters by being obfuscated with javascript. Just check the source code of this page to see how this email address, This email address is being protected from spambots. You need JavaScript enabled to view it. is displayed to spambots.

I bet you didn't know that every Joomla site by default will happily reveal the email address of every person who has created content on your site.

With the release of Joomla 1.5.10 in March 2009 a change was made to the way that Joomla produces RSS feeds so that they would validate. This change added an additional field to the RSS field called author and this contains the email address and name of the user who wrote the article.

To show you what I mean I took the RSS feed from a well known template club, an extension developer and a training company and was able to extract the personal email addresses of all seven authors on those sites.

Of course I'm not going to publish the email addresses or the sites here but I'm sure that if you check the RSS feed of your own sites you will see the author's email addresses exposed.

How to stop the spammers!

If you wish to disable this feature and prevent your author's email addresses being made visible to anyone in plain text and un-obfuscated then do not panic.

There is an option in the global configuration of your site that will set the field of your RSS feeds to replace all the Author email addresses with the Site Email. Now the only email address that will be exposed is your site email address and you can of course set this to anything that you want.

This Hidden Joomla Secret was brought to you by the man in cow trousers

The web was meant to be read, not squished.
This isn't the way to test a responsive design.