It's very common to put email addresses onto the front end of websites, and why not, it's a useful piece of information and pretty much essential on loads of websites for loads of reasons. The trouble is those pesky spammers send their bots to crawl the internet looking for email addresses on websites. They then scrape them and use them for whatever it is spammers do with emails - SPAM! So this post/snippet is specifically for how to hide / protect email addresses on WordPress websites. If you want a good overview of some other ways to hide email addresses then check out this post > https://www.labnol.org/internet/hide-email-address-web-pages/28364/.
WordPress actually has a built in function to hide / protect email addresses on the front end of your website. It's the antispambot function (see https://codex.wordpress.org/Function_Reference/antispambot for the full lowdown on this very handy little WordPress function. The default usage is a as follows:
<?php echo esc_html( antispambot( 'email@example.com' ) ); ?>
Obviously replace firstname.lastname@example.org with the email address you're looking to hide / protect from the bots. The function then converts the selected email addresses characters to HTML entities to try to block spam bots from reading it during their crawls. So it becomes this in the source code:
Note that not all characters in the email address are converted; the selection is actually random and changes each time the function is called. On the front end of your WordPress site your users will see:
It's highly recommended to use this function if your are outputting email addresses to the front end of your WordPress site if you're at all concerned about bots / spammers scraping the website for email addresses. You can use this function in your own functions or there's a good example in the documentation here detailing how to make a simple function to use this anti-spam feature.