Can't disable email address obfuscation

ben79 · March 4, 2025, 11:59am

What is the name of the domain?

What is the error message?

[email protected]

What is the issue you’re encountering

Email addresses being obfuscated and can’t turn it off

What steps have you taken to resolve the issue?

Tried switching off email address obfuscation in Scrape Shield but it just resets back to on every time

What are the steps to reproduce the issue?

This is intermittent, I haven’t been able to replicate myself but some people have seen [email protected] instead of the email address on the website. This is despite Cloudflare’s documentation saying that there should be no difference to human users and only robots will have the email address removed. I have found the setting for email address obfuscation in Scrape Shield and switched it off. However every time I go back to check, it has reverted back to on. It seems to be getting overwritten somewhere. Is there a way round this? Thanks.

sandro · March 4, 2025, 12:02pm

That would suggest you have some automated system (maybe your host) accessing your account and resetting that. Check your API tokens and roll your API key to prevent that.

ben79 · March 5, 2025, 11:02am

Thanks, I don’t think we’re using API keys as we just set up by updating the nameservers. I will ask our hosting company if they can help.

sandro · March 5, 2025, 11:05am

Cloudflare won’t reset it, so it will be an associated service. Go through your audit log and reset the values as mentioned.

ben79 · March 5, 2025, 12:11pm

I can’t see anything in Manage Account > Audit Log but this only seems to be user login/API actions, is there another audit log that would show this?

sandro · March 5, 2025, 12:55pm

No, the audit log contains all requests. If there is nothing, it shouldn’t be reset.

ben79 · March 6, 2025, 9:18am

So it’s not API keys or hosting settings causing the problem. Could it be something in the WP code, is there anything else that would reset the email address obfuscation setting?

sandro · March 6, 2025, 10:27am

Do you have anything in the audit log?

Right now your address is not obfuscated.

ben79 · March 6, 2025, 10:47am

Nothing in the log, I think I’ve fixed it with a configuration rule but I couldn’t see the issue before so waiting for someone else to confirm

ben79 · March 6, 2025, 11:36am

To confirm for anyone else reading in future, I fixed this by setting up a configuration rule: in Rules, set up new rule, choose Configuration rule, named “Stop email address obfuscation”, select All incoming requests, scroll down to Email Obfuscation and click Add+, confirm it’s selected as ‘off’, then Deploy

sandro · March 6, 2025, 2:08pm

You don’t need a rule for that. If the feature is off, it is off. If it turns on, that will be for a different reason.

ben79 · March 6, 2025, 2:23pm

I couldn’t work out what is turning the setting back on each time but the rule has fixed it.

danielb7390 · March 6, 2025, 4:28pm

Having the same problem here… i can click to disable it, it shows as off, but a page refresh shows it enabled again… seems like a bug?

david197 · March 6, 2025, 7:32pm

Hey, I’m experiencing the exact same issue with the Email Address Obfuscation setting. No matter how many times I toggle it off, after refreshing the page it always reverts to “on”. It also incorrectly states “last changed 15 hours ago,” even though I’ve toggled it multiple times today.

Looks like a Cloudflare-side issue—anyone found a workaround yet?

Laudian · March 6, 2025, 9:26pm

Hi everyone, thanks for the reports.

Cloudflare is currently looking into this issue.

Edit:

Laudian · March 6, 2025, 10:25pm

@ben79 @danielb7390 @david197

Should be solved now so that you can disable it.

XdekHckr · March 6, 2025, 11:00pm

They solved one thing and broke other thing… My Wordpress website which use cloudflare turnstile plugin doesn’t work anymore, even tho I’m passing verification it says that I need to pass verification… Few minutes later I couldn’t even load my website. Host Error 524…
It is literally going randomly offline and online because of cloudflare, I really don’t know what they did that they broke whole cloudflare. And I’m pretty sure the issue is on their side, because when it started to happen they were fixing problem mentioned in this thread and now it disappeared from cloudflare status page…

Laudian · March 6, 2025, 11:38pm

That really does not sound related to this incident at all. Please create your own topic.

XdekHckr · March 7, 2025, 7:02am

Well it really is, It happened after 10 minutes after they said they are working on a fix for this, I wasn’t even doing anything on website, so I couldn’t break anything. I am not going to make thread, probably more people will discover this issue.
Edit: btw website is working smoothly (for now) after I woke up, it probably wasn’t issue with my hosting, I didn’t saw any crazy usage on it or something
Edit 2: I can also confirm that turnstile is working normally again and I and customers on my website can pass it without getting human verification error…

Topic		Replies	Views
Disabling email address obfuscation General	4	22648	June 18, 2021
Email OBFUSCATION issue. Showing only "email protected" General	1	1168	April 22, 2023
Off Email Protected API	7	3462	January 16, 2021
Email protected on contact us page Security	2	838	August 13, 2023
Cloudflare-static/email-decode.min.js General	3	13569	August 18, 2022