Avatars from Gravatar.com are great, but they come with certain privacy implications. You as site admin may already know this, but your visitors and users probably don’t. Avatar Privacy can help to improve the privacy situation by making some subtle changes to the way avatars are displayed on your site.
The plugin works without changing your theme files if you use a modern theme, and it does support (simple) multisite installations. It requires at least PHP 7.0 and WordPress 5.2. For the plugin to do anything for you, you need to visit the discussion settings page in the WordPress admin area and enable Show Avatars. Please note that the plugin does not provide an options page of its own, it rather adds to the existing Discussion settings page.
Features
The plugin’s features summed up:
- Add local avatar caching to ensure the privacy of your website visitors.
- Let users and commenters explicitly opt-in before using gravatars.
- Don’t publish encrypted e-mail addresses for people who are not members of Gravatar.com.
- Use default avatar images hosted on your server rather than Gravatar.com.
If you are interested in the topic, there’s also a more detailed discussion on the Reasons for Using Avatar Privacy.
Installation
Avatar Privacy can be installed from the WordPress plugin repository. If you’d like to directly follow our ongoing development efforts, you can do so on GitHub (feature requests and bug reports are also welcome there).
Credits
Avatar Privacy is based on the original plugin by Johannes Freudendahl. The new release also includes work by several other people:
- Daniel Mester Pirttijärvi (Jdenticon),
- Shamus Young (Wavatars),
- Andreas Gohr (the original MonsterID and RingIcon),
- Scott Sherrill-Mix & Katherine Garner (the hand-drawn monster update), and
- Benjamin Laugueux (Identicon),
- David Revoy (Bird and Cat Avatars), and
- Zikri Kader, Colin Davis & Nimiq (RoboHash).
I just updated to the latest version and now I can’t see my site.
??????
@John: I am sorry to hear that. I’ll need some more information about your site (PHP and WP versions mainly and anything that might be unusual about it). Can you look if there’s anything in your PHP error log? (If you’d like, we can take this to email. Just leave me a short note here and I’ll contact your.)
Since the plugin update all my wordpress settings etc and the website just display as white pages with no visible content. php 5.6
OK, so it’s not the PHP version. Can you please look at the PHP error log? There should be an error message there that will tell me more on why the site crashes.
I cannott access anything in wordpress – settings, logs etc. all are just white pages.
I don’t know about your specific hosting plan, but normally, there is a way to low-level configuration files and error messages. One such file is the PHP error log. (The path should be listed in your
php.iniin theerror_logdirective.)To deactivate a plugin when the WordPress backend crashes. you need shell or filesystem access to your (virtual) server and rename the plugin folder. In this case,
[path to wordpress]/wp-content/plugins/avatar-privacy/needs to be deleted or renamed.Thanks! Renamed the plugin folder and now everything is back to normal. BUT, with no avatar privacy. hmmmm
@John: Please look for the PHP error log (Error Log Monitor might help you do that from within the admin dashboard).
Hi John! Have you been able to find anything in the log file? There was one small bug on non-multisite installations that has been fixed in 1.0.1, but that should not normally have caused a “white screen”, so the issue you experience might still persist. May still be worth try, though.
@John: Did the new version work? Is there anything I can do to help?
Hi, unfortunately, the plugin throws a SQL error on activation:
WordPress-Datenbank-Fehler You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘WHERE meta_key like ‘_site_transient_avatar_privacy_%’ and site_id = 1′ at line 1 fxc3xbcr Abfrage SELECT meta_key FROM WHERE meta_key like ‘_site_transient_avatar_privacy_%’ and site_id = 1 von do_action(‘wp_ajax_delete-plugin’), WP_Hook->do_action, WP_Hook->apply_filters, wp_ajax_delete_plugin, delete_plugins, uninstall_plugin, do_action(‘uninstall_avatar-privacy/avatar-privacy.php’), WP_Hook->do_action, WP_Hook->apply_filters, Avatar_Privacy\Components\Uninstallation::uninstall, Avatar_Privacy\Components\Uninstallation::delete_transients, Mundschenk\Data_Storage\Site_Transients->get_keys_from_database
Is that a fatal error on your site? I noticed it in the plugintests.com report. The
site_metatable does not exist on singlesite installs. The plugin should still work, though (the called function is only for site transients clean-up).A fixed version will be released later tonight.
Also, does this happen on activation as well? The stack trace seems to be from uninstallation/delete.
Correct, I´m sorry. That one was from uninstallation. On activation, it throws
— CUT —
WordPress-Datenbank-Fehler You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘WHERE meta_key like ‘_site_transient_avatar_privacy_%’ and site_id = 1′ at line 1 fxc3xbcr Abfrage SELECT meta_key FROM WHERE meta_key like ‘_site_transient_avatar_privacy_%’ and site_id = 1 von activate_plugin, include_once(‘/plugins/avatar-privacy/avatar-privacy.php’), run_avatar_privacy, Dice\Dice->create, Dice\Dice->Dice\{closure}, Dice\Dice->Dice\{closure}, Dice\Dice->create, Dice\Dice->Dice\{closure}, Dice\Dice->Dice\{closure}, Dice\Dice->create, Dice\Dice->Dice\{closure}, ReflectionMethod->invokeArgs, Avatar_Privacy\Data_Storage\Site_Transients->__construct, Mundschenk\Data_Storage\Transients->__construct, Mundschenk\Data_Storage\Abstract_Cache->__construct, Mundschenk\Data_Storage\Transients->invalidate, Mundschenk\Data_Storage\Site_Transients->get_keys_from_database
— CUT —
That’s fixed in 1.0.1. The error should not have had any ill effect, though, except for not cleaning up site transients properly on uninstall.
Only once and not reproducible (unfortunately I can not pinpoint that one) it threw
— CUT —
WordPress-Datenbank-Fehler Duplicate column name ‘time’ fxc3xbcr Abfrage ALTER TABLE `wp_gravatars` ADD `time` int von activate_plugin, do_action(‘activate_fv-gravatar-cache/fv-gravatar-cache.php’), WP_Hook->do_action, WP_Hook->apply_filters, fv_gravatar_cache_activation
— CUT —
It is non-fatal and functionality does not seem to be affected. If this is “normal” for non-multisite installations, I´d simply count it as a cosmetic issue ;-).
By the way: This is is pretty much what a lot of people might be looking for at the moment! Thanks a lot!
This one wasn’t me. It looks like this error was generated by the FV Gravatar Cache plugin (which is not needed anymore because Avatar Privacy includes its own gravatar cache).
Oh. Correct. I replaced the FV Gravatar Cache plugin, therefore the error that plugin threw during deactivation went right between the other ones in the log. Sorry for the confusion.
Thank you very much for this very useful plugin. If I disable or delete the plugin and previously selected Silhouette as the default avatar, no default avatar will be displayed and creating an http status 400 when accessing i0.wp.com. Suggestion: Change Silhouette to “Mysterious Person” at deactivation.
@Frank: Thanks, I forgot to use the new names in the deactivation hook. Will be fixed in 1.0.4.
It does not work for me: The gravatar image is saved in wp-content/uploads/avatar-privacy/cache, and if a add a new comment the checkbox at the text “Ein Gravatar-Bild neben meinen Kommentaren anzeigen.” is checked, however, there is no gravatar image displayed along with the comment. Also, the table wp_avatar_privacy in the SQL database has no rows.
Latest WordPress, PHP 7.1.18
Are you perhaps using a mail address for an anonymous comment that is used by a registered user on your site? In that case, the value is not saved to prevent avatar disclosure by fraudulent comments.
Yes, I am. Using a different email address it behaves as expected. Thanks!
I’ve created an enhancement request on GitHub for this (you are not the first person stumbling over the default behavior).
Ich habe noch ein weiteres Problem: Aus guten Gründen musste ich in WordPress die Variablen Home-URL und Website-URL auf den Punycode https://xn--vilmoskrte-kcb.de statt http://vilmoskörte.de setzen:
Home-URL https://xn--vilmoskrte-kcb.de
Website-URL https://xn--vilmoskrte-kcb.de
Seitdem bleibt die Checkbox “Ein Gravatar-Bild neben meinen Kommentaren anzeigen.” immer ausgeschaltet, auch wenn ich sie beim letzten Kommentieren eingeschaltet hatte. Gleichwohl ist das Cookie comment_use_gravatar_a1b16743124519a8fc9b7ade2eac1c0a für die Website xn--vilmoskrte-kcb.de auf 1 gesetzt. (Und wird auf 0 gesetzt, wenn ich einen Kommentar ohne Häkchen an der Checkbox sende).
Übrigens ist das hier bei Euch auch so, ich muss immer wieder einen Haken bei “Display a Gravatar image next to my comments.” machen.
Der Fehler ist in 1.0.7 behoben.
Eine Anregung: Ich fände es gut, wenn mit dem Text zur Checkbox unter dem Kommentar (“Ein Gravatar-Bild neben meinen Kommentaren anzeigen.”) eine Erläuterung ausgegeben würde, aus der hervorgeht, dass die Einbindung der Profilbilder ohne Übermittlung personenbezogener Daten erfolgt, ggf. mit einem optionalen, in den Einstellungen zu setzenden Link auf einen erläuternden Text.
Grund: Ich habe das zwar in meiner Cookie-Policy erläutert, aber wer liest die schon. Und inzwischen haben die Leute mitgekommen, das Gravatar “böse” sein könnte und setzen aus Furcht keinen Haken.
Grossartiges Plugin. Bin begeistert!
Danke!
Thanks for this Avatar manager. Works perfectly when I am logged in as admin, but when logging in as normal user editing my profile I do not get the option to Choose File. I only get Gravatar option which is too complicated. How to fix this?
Andy: What role is assigned to your “normal” user? File uploading capabilities are needed for uploading your own avatar (at the moment there is no way to choose an image from Media Library).
That was prompt – thanks! Under settings-general I have ticked anybody kan register and choosen subscriber as standard status. Should that be Author instead?
As Admin I can choose from my Media/Pictures library. Can ordinary users never do so?
/A
Avatar Privacy only has the upload possibility for local avatars, no “choose from library” feature for anyone. Are you maybe also using another plugin for user avatars? Avatar Privacy has some integrations that disable its native uploading feature in deference to, for example, WP User Manager’s. If so, you would need to check whether there are settings in that plugin that can change its behavior.
I uploaded picture A. Great, now picture A was my avatar.
I checked “delete local avatar picture” and pressed save. Great, no avatar anymore. (And great, because it was a test picture of a dog, not the one I wanted).
I browsed, selected a better picture for posterity, pressed Save changes… picture of the dog again.
I delete, upload whatever I want, and I always have picture A whenever there’s a picture uploaded, even if I clicked “delete local avatar”.
I mean, it’s probable a cache, but it’s a big bug that makes the plugin temporarily useless to me.
@sebas: That would be your browser caching the image (just refresh the cache by using
shift-reload). I’ve noticed the issue myself on my MAMP test sites, but not on the live version. Might be a difference between Nginx and Apache? I’ll look into it, but it will not be a problem anyone else accessing the same image.Da auch wir für unsere neue WP-Installation die DSGVO umsetzen, waren wir SEHR froh, so eine einfache Lösung zu haben 😀
DAAAAANKE 🙂
@open source news: Danke für das Lob! Vielleicht geht sich bei Gelegenheit auch eine Bewertung auf WP.org aus?
Die Bewertung is raus, steckt in der Moderation… 😀
Hello Avatar Privacy,
I have implemented Avatar Privacy on our WooCommerce site. If you’d like to register you can see how I’ve integrated [avatar-privacy-form] in the MyAccount dashboard. However, this was by stumbling around. (We don’t do product downloads, so I’ve used that endpoint).
However, have I missed something? Because I could not find any documentation on hooks, shortcodes, compatibility with WooCommerce, usage, … for the plugin. Mainly I found my clues in the release notes.
Regards,
Barry
@Barry: I have no direct experience with WooCommerce integration, so no, you haven’t missed any additional documentation. Developer documentation is something I eventually want to write up, but unfortunately, there is never enough time (but release notes and inline documentation will always be up to date – that I do ensure).
Though if you like to write a blog post about the challenges you encountered (or even a HOWTO), I’ll link to it or publish it here as a guest post.
PS: From a privacy perspective, you really should have a non-infinite data retention period (or rather: some data should have a non-infinite retention period, though I know it is a pain to enforce with WordPress).
Hi Peter,
At last, here’s our post GDPR Avatar Privacy in WooCommerce. Also, prompted by your data retention comment, we implemented ‘Delete Me’. Your offer of a link or guest post is very welcome, thank you.
Also, I hope you like our ‘Contrast’ button.
Best regards,
Barry
Hi Again Peter,
On our ‘Contrast’ button, if you do try it, it seems with Chrome it’s important to be on the latest version. As you may be aware there are some issues surrounding cookies and SameSite .
Hello Peter,
In my code I had successfully been using get_avatar() to provide the gravatar for an author if one is available. Now with Avatar Privacy activated, get_avatar() returns the mystery person, regardless of whether the author has ‘Display a gravatar …” ticked or not. If I deactivate Avatar Privacy, I get the gravatar when expected.
I suspect I need to be doing something different from calling get_avatar() in code now that Avatar Privacy is activated? Please can you advise what I should be doing?
Many thanks,
Barry
@Barry: I assume you are using the email address as the “object” in the
get_avatar()call? If so, the plugin does not know you are trying to access a user and will treat is an anonymous comment author email. If there’s a user registered for the same email address, Avatar Privacy will not display the Gravatar unless the user also has “Logged-out Commenting” enabled.It will work as expected if you first get the user object via
get_user_by( 'email', $email ).Hi Peter,
All good now. I hadn’t realised the wider implication of “Logged-ot Commenting”, since on our site you can’t comment unless you’re logged in. So I’d mentally ignored that checkbox.
So now I must update our author instructions to ensure they always check “Logged-our Commenting” if they want their profile picture with their author bio.
Many thanks,
Barry
@Barry: While enabling the setting is a workaround, I cannot recommend it. Changing your code from
get_avatar( $email )toget_avatar( get_user_by( 'email', $email ) )will work with or without Avatar Privacy. There’s no need for them to use the “logged-out commenting” feature.Hi Peter,
Well I’ve tried you’re suggestion with the results side by side to ensure there are no caching issues. The test code;
The result is beyond my comprehension. With the author having “logged-out comments” checked, I see
$avataras the expected gravatar, but$avatar_petergives the set default mystery man! Unchecking “logged-out comments” results in both avatars being the mystery man.Regards,
barry
Further to the above (I was bounced for not being concise):
Naturally I’ve not done this test in live, but you can see an example of the bio that’s constructed if you scroll down the page.
I have checked the code in phpStorm and the correct user email is being returned, and results in the correct user object, so no error that I can see.
Although you describe using the “logged-out comments” checkbox as a workaround, it sort of makes sense to me, because the author is not logged in, indeed no one may be logged in when the bio is viewed. It’s not onerous and authors probably want all the exposure they can get.
Apologies for the length, but there you go,
Barry
Ah, I thought you needed this for comment authors. For post authors, just handing the
$postobject toget_avatar()should be enough. I’m not sure what’s going wrong with the example code (you can add some calls toerror_log()to see which of the functions is failing), but the whole back-and-forth conversion is not necessary to display the avatar for a post author.Avatar Privacy reveals the email address of any commenter to anyone who cares.
While WordPress default generated avatars are completely unsalted, and thus easily reversed, revealing the true email address of every commenter to anyone who cares, and to the central avatar image server secure.gravatar.com (why is there a central image server for locally generated image)
Avatar Privacy image names can be reversed to email addresses with only slightly more difficulty, because it uses a thirty two bit site wide salt instead of a two fifty six bit salt.
Given a known email address, one can find the salt. Having found the salt, one can then reverse the hash, which is revealed by the name of the image file.
@Cheng Shen: You are correct that a per-address hash would be cryptographically better. It is something I might implement in a future version of Avatar Privacy. If you’d like to do a pull request on GitHub, I’ll gladly include it in the next version.
Where we disagree is that unsalted MD5 and (site-wide) salted SHA-256 are at all in the same category. By default, the Gravatar hashes are not only easily reversible, but can be tracked globally across the entire web by everyone. This is prevented by Avatar Privacy. Also, SHA-256 is much more difficult to brute-force.
Regarding your comment about secure.gravatar.com, I don’t know what you are talking about – gravatar.com is only contacted for commenters who explicitely state that they want to use their Gravatar (and only on the backend). Doing so obviously shares the MD5 hash of their mail address with gravatar.com, but that is not preventable when one wants to use that service.
Anyway, even if you can’t or won’t use GitHub, I’m open to actionable suggestions for improvements here in the comments, so please let me know if you have got any specific proposals in mind.
Hello, great plugin, but with the “Gwolle Guestbook” unfortunately only the set individual avatar is displayed with the authors. I have also already contacted the manufacturer of the “Gwolle Guestbook”, he says his plugin uses the standard function get_avatar().
@Rainer: What do you mean by “only the set individual avatar”? Are you talking about registered WordPress users?
Hi guys,
I have installed Avatar Privacy to my WordPress.com hosted website: digitalesleben.blog. Avatar is set on gravatar. In Einstellungen/Diskussion the setting for Avatar anzeigen is active.
But I cannot see the additional setting “Display a Gravatar image next to my comments” below my comment section on blog posts.
I use the following versions: WP 6.0.1, PHP 7.4.30, Jetpack 11.3-a.3
Could you please check why this does not work properly?
@Andreas: Unfortunately, as described in the FAQs, Avatar Privacy has no way to interface with Jetpack’s remote rendering.
Hi Küchenmeister,
I deactivated the comment module of Jetpack. And now everything works fine with Avatar Privacy. Thank you for the great plugin. I appreciate the additional privacy and to make my site more DSGVO/GDPR compliant 😀
Best regards, Andreas