Warith AL Maawali

0 %
Warith AL Maawali
Driving cybersecurity excellence
Innovator behind Linux Kodachi
  • Residence:
  • Uptime Binary:
  • Mantra:
    Innovate, Secure, Repeat
Visual basic
  • Infrastructures
  • Digital Forensics
  • Cryptocurrency
  • Cloud & Server Management

How to protect your WordPress external links


Encrypting External Links on Your WordPress Blog

As you may notice, all external links on my blog used to be encrypted to protect the content from being copied. I tried to find a plugin that does this, but I couldn’t, so I modified one that encodes external URLs to Base64. Instead of encoding the URL, I will show you how to encrypt it with your own defined key. I will show you how I did it through simple steps if you wish to have external links encrypted on your WordPress blog.

Please note that the coder has merged my code with his from version 4.2.0 and above so if you are using version 4.2.0 and above you do not need my code.




  • You will need php mcrypt_decrypt installed on your server
  • For CentOS just type
    yum install php-mcrypt

  • For ubuntu just type
    sudo apt-get install php5-mcrypt

  • Install WP No External Links plugin I am currently using version 4.0.2.
  • Activate the plugin.
  • Go to setting then wp-noexternallinks select the check box of Use base64 encoding…etc.
  • Now go to plugin editor.
  • Versions below 4.0 Select WP No External Links then select wp-noexternallinks-parser.php
  • Versions above 4.0 Select WP No External Links then select public then public.php

Search for:


Replace it with:

$salt ='PSOtJIaJCSRthDJ3ZkcNZVubMYZOZZrn'; // <--- This is your secret key it can be anything you like remember only keys of sizes 16, 24 or 32 supported in mcrypt_encrypt.
$url=trim(base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $salt, $url, MCRYPT_MODE_ECB, mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND))));

Then Search for:


Replace it with:

$salt ='PSOtJIaJCSRthDJ3ZkcNZVubMYZOZZrn'; <--- We use the same key to decrypt
$url=trim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $salt, base64_decode($url), MCRYPT_MODE_ECB, mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND)));


The reason for using the known $salt key is if your content gets copied you can always change the key on both locations and all of the previous links will be invalid to the person who copied your article.


I faced some difficulties with some of the social share links such as (Linkedin , pinterest , mailto , skype and local links starting with #). Though the author of the plug-in did exclude those strings it did not work as expected so I had to tweak the code as follows:

Search for:

 $this->debug_info('Not in exclusion list, masking...');

Add just before it:

if (false !== strpos($matches[2] . '//' . $matches[3],'javascript') or false !== strpos($matches[2] . '//' . $matches[3],'mailto') or false !== strpos($matches[2] . '//' . $matches[3],'twitt') or false !== strpos($matches[2] . '//' . $matches[3],'skype') or false !== strpos($matches[2] . '//' . $matches[3],'#')) {
return $matches[0];

If you get your page and comments section messed up you will need to replace:

$pattern = '/(.*?)<\/a>/si';


$pattern = '/(.*?)<\/a>/i';


If all links are labled as _blank you have to add:

$url=$matches[2].'//' .$matches[3];


$ifnofollow=' rel="nofollow"';

Then replace:

return ''.$matches[4].'';
return ''.$matches[4].' ^('.$url.')';
$link='<a'.$ifblank.$ifnofollow.' href="'.$url.'" '.$matches[1].$matches[3].'>'.$matches[4].'';


return ''.$matches[5].'';
return ''.$matches[5].' ^('.$url.')';
$link='<a'.$ifblank.$ifnofollow.' href="'.$url.'" '.$matches[1].$matches[4].'>'.$matches[5].'';


Download script version below 4.0


Download script version above 4.0


Output examples:

Normal URL to Husmail

With WP No External Links plugin (base64)

With WP No External Links plugin + Encryption


Posted in Tech BlogTags:
© 2024 Warith AL Maawali. All Rights Reserved.
Stay Secure, Stay Assured.