Enhances the privacy of your users and visitors with gravatar opt-in and local avatars.
Avatars from Gravatar.com are great, but they come with certain privacy implications. You as site admin may already know this, but your visitors and users probably don’t. Avatar Privacy can help to improve the privacy situation by making some subtle changes to the way avatars are displayed on your site.
The plugin works without changing your theme files (for reasonably modern themes), and it does support multisite installations. Please note that the plugin does not provide an options page of its own, it rather adds to the existing discussion settings page.
The plugin’s features summed up:
A more detailed examination of the reasons for using Avatar Privacy can be found on the plugin homepage.
Avatar Privacy includes the following WP-CLI commands:
wp avatar-privacy db show
: Show information about the custom database table(s).wp avatar-privacy db list
: List entries in the custom database table(s).wp avatar-privacy db create
: Create the custom database table.wp avatar-privacy db upgrade
: Upgrade the structure of the custom database table.wp avatar-privacy default get-custom-default-avatar
: Show information about the custom default avatar for the site.wp avatar-privacy default set-custom-default-avatar
: Set a custom default avatar for the site.wp avatar-privacy default delete-custom-default-avatar
: Delete the custom default avatar for the site.wp avatar-privacy cron list
: List active cron jobs created by the plugin.wp avatar-privacy cron delete
: Delete cron jobs created by the plugin.wp avatar-privacy user set-local-avatar
: Set a local avatar image for a user.wp avatar-privacy user delete-local-avatar
: Delete the local avatar image for a user.wp avatar-privacy uninstall
: Remove data added by Avatar Privacy.Please report any problems with the plugin, I’ll do my best to sort things out. You can use the contact form on my code site or create a topic in the support forum. You can contact me in German or English.
Avatar Privacy is based on the original plugin by Johannes Freudendahl. The new release also includes work by several other people:
Avatar Privacy has the following additional requirements beyond those of WordPress itself:
Did you remember to visit the discussion settings page, activate ‘Show Avatars’? You have to enable avatars for this plugin to be able to do anything.
Depending on which options you selected, you might not see a change in the way the page looks. The changes are visible in the source code though:
[your site]/wp-content/uploads/avatar-privacy/cache/gravatars/[x]/[y]/[long SHA256 token]-68.png
instead of https://secure.gravatar.com/avatar/[other long MD5 token]?s=68&d=http%3A%2F%2F1.gravatar.com%2Favatar%2F[long MD5 token]%3Fs%3D68&r=PG
. There aren’t two URLs in there anymore, only one, and the default URL looks the same for two comments without a gravatar.Then you probably don’t use a modern theme which makes use of the function comment_form()
to create the comment form. Check if you can find this function used in comments.php
or a similar file of your theme. If you do and it still doesn’t work, tell me. Otherwise chances are that you do have to add the checkbox manually. Use this function:
<?php if ( \function_exists( 'Avatar_Privacy\gravatar_checkbox' ) ) { \Avatar_Privacy\gravatar_checkbox(); } ?>
The plugin saves additional data about whether commenters and users want to display a gravatar or not (if you select that mode in the settings). These data are deleted when you properly uninstall the plugin.
Apart from that, the plugin only filters data, but does not permanently change them. Especially, if you deactivate the plugin und have gravatars turned on, they will again show up for everybody, even those commenters and users who opted out of displaying gravatars. You do have to change the default gravatar back manually, though.
Yes, it certainly can. You have to be careful though which plugin options you select and how you cache your content. The first plugin option checks if a gravatar exists for a given e-mail address and, if not, displays the default image directly. If you cache the output of this check, the gravatar will not be displayed if the user later decides to sign up with Gravatar.com. If you’re using this option, you should invalidate cached pages with gravatars on them (mostly the single view of entries) regularly.
Yes, the plugin can be used on a multisite installation. You can either activate it on individual blogs or do a network activation. As users are global to a multisite installation, their choice regarding Gravatar.com use will affect all sites in the network. So if a user comments on blog A and chooses to display gravatars, this decision will be followed on blog B and C too. On new installations, comment author (i.e. non-user) opt-in is recorded per site, not per network. If you first installed Avatar Privacy 0.4 or earlier, the global table wp_avatar_privacy
continues to be used for all sites in the multisite network. This behavior can be overriden by the network admin via the filter hook avatar_privacy_enable_global_table
.
The plugin doesn’t save the value of the “use gravatar” checkbox for comments by registered users (see below), trackbacks/pingbacks (there is no e-mail address) and comments that are marked as spam when they are saved. If you mark a comment as spam later, the table entry is not removed, since the same e-mail address might also be used by non-spam comments. If a comment is marked as spam by Akismet or similar plugins and you later manually mark it as non-spam, what the user selected when submitting the comment will already be lost. This only happens with spam comments, not comments who just need to be moderated, e.g. because of the ‘needs at least one published comment’ rule.
While storing the cached avatar images on your own server will take some extra disk space, the plugin makes sure that it does not grow out of bounds by deleting cached gravatars every other day and all other images once a week. When the cached file is accessed again, it is automatically regenerated.
If you don’t have to worry about the amount of disk space consumed, you can extend the maximum age of cached files via the filter hooks avatar_privacy_gravatars_max_age
and avatar_privacy_all_images_max_age
. The cron job intervals can also be adjusted via hooks (avatar_privacy_gravatars_cleanup_interval
and avatar_privacy_all_images_cleanup_interval
, respectively).
No, for registered users the user profile is checked, not the table for the commenter’s choices. Commenters can not override this value, not even the user themselves if they post a comment when not signed-in.
These plugins have been tested successfully in conjunction with Avatar Privacy:
Please note that several Jetpack by WordPress.com modules do not work well with Avatar Privacy because they generate their HTML markup on the WordPress.com servers.
If you find any problems with particular plugins, please tell me!
There is a difference between deactivating the plugin and uninstalling it. The plugin gets deactivated if you do so on the plugins page or if you simply delete the plugin files via FTP. No uninstallation tasks are performed then, so you can activate and deactivate the plugin as you want without losing the plugin’s settings.
If you deactivate the plugin und have gravatars turned on, they will again show up for everybody, even those commenters and users who opted out of displaying gravatars. If you changed the default avatar to one of the new local avatar images, the gravatars will not be displayed until you change the default avatar image back.
If you want to completely uninstall the plugin and get rid of any data in the database, you should properly uninstall it: Deactivate the plugin first via the WordPress plugins page and then click ‘delete’ (same page, next to the plugin). For multisite installations, this has to be done by the network administrator on the network plugins page.
The plugin saves additional data about whether commenters and users want to display a gravatar or not (if you select that mode in the settings). The following data are stored by the plugin and deleted upon uninstallation:
[prefix]_avatar_privacy
(global or per blog on new multisite installations)usermeta
values per user: use_gravatar
, avatar_privacy_hash
, avatar_privacy_user_avatar
option
per blog: avatar_privacy_settings
sitemeta
) on multisite installations: avatar_privacy_salt
transient
per commenter: avapr_check_[mail hash]
The default avatar image is set to the mystery man if you selected one of the new local default avatar images.
wp_delete_file
filter when deleting files.identifier
column of avatar_privacy_hashes
table to 256 characters on supported MySQL/MariaDB versions (as it was in 2.4.0).yzalis/identicon
has been removed as a dependency.wp_delete_file
filter hook.avatar_privacy_upload_min_width
avatar_privacy_upload_min_height
avatar_privacy_upload_max_width
avatar_privacy_upload_max_height
WP_DEBUG
is enabled.)level-2/dice
package.scripturadesign/color
has been removed as a dependency.Illegal mix of collations
errors).yzalis/identicon
package has been updated to version 2.0.vendor-scoped
directory.avatar_privacy_hashes
).avatar_privacy_allow_remote_default_icon_url
to allow third-party domains and avatar_privacy_validate_default_icon_url
if you want to implement your own image URL validation.avatar_privacy_allow_remote_avatar_url
to prohibit third-party domains (the default is to allow them for webmentions) and avatar_privacy_validate_avatar_url
if you want to implement your own image URL validation.pre_get_avatar_data
filter can now be adjusted using the avatar_privacy_pre_get_avatar_data_filter_priority
hook instead of being hardcoded.[avatar-privacy-form]
(optional parameter: avatar-size
) to allow changing Avatar Privacy’s user settings on the frontend of the site.\Avatar_Privacy\gravatar_checkbox()
for legacy themes added.wp avatar-privacy db show
: Show information about the custom database table(s).wp avatar-privacy db list
: List entries in the custom database table(s).wp avatar-privacy db create
: Create the custom database table.wp avatar-privacy db upgrade
: Upgrade the structure of the custom database table.wp avatar-privacy uninstall
: Remove data added by Avatar Privacy.wp avatar-privacy cron list
: List active cron jobs created by the plugin.wp avatar-privacy cron delete
: Delete cron jobs created by the plugin.avapr_get_avatar_checkbox()
has been deprecated in favor of \Avatar_Privacy\get_gravatar_checkbox()
.use_gravatar
comment form checkbox has been changed to avatar-privacy-use-gravatar
. Please update custom CSS rules accordingly.avatar-privacy-use-gravatar
comment form checkbox to work around common theme limitations. Styling can be disabled using the avatar_privacy_comment_checkbox_disable_inline_style
filter hook.Avatar_Privacy\Vendor
to reduce the chance of conflicts with other plugins.usermeta
keys are now prefixed (avatar_privacy_use_gravatar
instead of use_gravatar
).avatar_privacy_gravatar_use_default
hook can now be set from the Discussion
settings page.avatar_privacy_gravatar_link_rel
and avatar_privacy_gravatar_link_target
to filter the rel
and target
attributes of all links to Gravatar.com.avatar_privacy_gravatar_use_default
works again for registered users.use_gravatar
checkbox can be adjusted via the new filter hook avatar_privacy_use_gravatar_position
.avatar_privacy_gravatar_use_default
.use_gravatar
is actually checked when the cookie has been set.wp_get_image_editor()
.WP_Image_Editor
to work around trac ticket #42663.rel
and target
attributes are allowed in use_gravatar
checkbox labels and by the default, the noopener
and nofollow
values for the rel
attribute are added to the Gravatar.com link.mystery
if necessary.use_gravatar
checkbox is compatible with more themes now.avatar_privacy_gravatar_use_default
filter hook.