Avatar Pri­va­cy

Avatars from Gra​vatar​.com are great, but they come with cer­tain pri­va­cy im­pli­ca­tions. You as site ad­min may al­ready know this, but your vis­i­tors and users prob­a­bly don’t. Avatar Pri­va­cy can help to im­prove the pri­va­cy sit­u­a­tion by mak­ing some sub­tle changes to the way avatars are dis­played on your site.

The plu­g­in works with­out chang­ing your theme files if you use a mod­ern theme, and it does sup­port (sim­ple) mul­ti­site in­stal­la­tions. It re­quires at least PHP 7.0 and Word­Press 5.2. For the plu­g­in to do any­thing for you, you need to vis­it the dis­cus­sion set­tings page in the Word­Press ad­min area and en­able Show Avatars. Please note that the plu­g­in does not pro­vide an op­tions page of its own, it rather adds to the ex­ist­ing Discussion set­tings page.


The plug­in’s fea­tures summed up:

  • Add lo­cal avatar caching to en­sure the pri­va­cy of your web­site visitors.
  • Let users and com­menters ex­plic­it­ly opt-​in be­fore us­ing gravatars.
  • Don’t pub­lish en­crypt­ed e‑mail ad­dress­es for peo­ple who are not mem­bers of Gra​vatar​.com.
  • Use de­fault avatar im­ages host­ed on your serv­er rather than Gra​vatar​.com.

If you are in­ter­est­ed in the top­ic, there’s al­so a more de­tailed dis­cus­sion on the Rea­sons for Us­ing Avatar Pri­va­cy.


Avatar Pri­va­cy can be in­stalled from the Word­Press plu­g­in repos­i­to­ry. If you’d like to di­rect­ly fol­low our on­go­ing de­vel­op­ment ef­forts, you can do so on GitHub (fea­ture re­quests and bug re­ports are al­so wel­come there).


Avatar Pri­va­cy is based on the orig­i­nal plu­g­in by Jo­hannes Freuden­dahl. The new re­lease al­so in­cludes work by sev­er­al oth­er people:



  • john wrote:

    I just up­dat­ed to the lat­est ver­sion and now I can’t see my site.


    Respond to this

    • @John: I am sor­ry to hear that. I’ll need some more in­for­ma­tion about your site (PHP and WP ver­sions main­ly and any­thing that might be un­usu­al about it). Can you look if there’s any­thing in your PHP er­ror log? (If you’d like, we can take this to email. Just leave me a short note here and I’ll con­tact your.)

  • john wrote:

    Since the plu­g­in up­date all my word­press set­tings etc and the web­site just dis­play as white pages with no vis­i­ble con­tent. php 5.6

    Respond to this

    • OK, so it’s not the PHP ver­sion. Can you please look at the PHP er­ror log? There should be an er­ror mes­sage there that will tell me more on why the site crashes.

  • john wrote:

    I can­nott ac­cess any­thing in word­press — set­tings, logs etc. all are just white pages.

    Respond to this

    • I don’t know about your spe­cif­ic host­ing plan, but nor­mal­ly, there is a way to low-​level con­fig­u­ra­tion files and er­ror mes­sages. One such file is the PHP er­ror log. (The path should be list­ed in your php.ini in the error_log directive.)

      To de­ac­ti­vate a plu­g­in when the Word­Press back­end crash­es. you need shell or filesys­tem ac­cess to your (vir­tu­al) serv­er and re­name the plu­g­in fold­er. In this case, [path to wordpress]/wp-content/plugins/avatar-privacy/ needs to be delet­ed or renamed.

  • john wrote:

    Thanks! Re­named the plu­g­in fold­er and now every­thing is back to nor­mal. BUT, with no avatar pri­va­cy. hmmmm

    Respond to this

  • Tim Themann wrote:

    Hi, un­for­tu­nate­ly, the plu­g­in throws a SQL er­ror on activation:

    WordPress-​Datenbank-​Fehler You have an er­ror in your SQL syn­tax; check the man­u­al that cor­re­sponds to your MySQL serv­er ver­sion for the right syn­tax to use near ‘WHERE meta_​key like ‘_​site_​transient_​avatar_​privacy_​%’ and site_​id = 1’ at line 1 fxc3xbcr Abfrage SELECT meta_​key FROM WHERE meta_​key like ‘_​site_​transient_​avatar_​privacy_​%’ and site_​id = 1 von do_action(‘wp_ajax_delete-plugin’), WP_Hook->do_action, WP_Hook->apply_filters, wp_​ajax_​delete_​plugin, delete_​plugins, uninstall_​plugin, do_action(‘uninstall_avatar-privacy/avatar-privacy.php’), WP_Hook->do_action, WP_Hook->apply_filters, Avatar_Privacy\Components\Uninstallation::uninstall, Avatar_Privacy\Components\Uninstallation::delete_transients, Mundschenk\Data_Storage\Site_Transients->get_keys_from_database

    Respond to this

    • Is that a fa­tal er­ror on your site? I no­ticed it in the plug​in​tests​.com re­port. The site_meta ta­ble does not ex­ist on sin­gle­site in­stalls. The plu­g­in should still work, though (the called func­tion is on­ly for site tran­sients clean-up).

      A fixed ver­sion will be re­leased lat­er tonight.

    • Tim Themann wrote:

      Cor­rect, I´m sor­ry. That one was from unin­stal­la­tion. On ac­ti­va­tion, it throws

      WordPress-​Datenbank-​Fehler You have an er­ror in your SQL syn­tax; check the man­u­al that cor­re­sponds to your MySQL serv­er ver­sion for the right syn­tax to use near ‘WHERE meta_​key like ‘_​site_​transient_​avatar_​privacy_​%’ and site_​id = 1’ at line 1 fxc3xbcr Abfrage SELECT meta_​key FROM WHERE meta_​key like ‘_​site_​transient_​avatar_​privacy_​%’ and site_​id = 1 von activate_​plugin, include_once(‘/plugins/avatar-privacy/avatar-privacy.php’), run_​avatar_​privacy, Dice\Dice->create, Dice\Dice->Dice\{closure}, Dice\Dice->Dice\{closure}, Dice\Dice->create, Dice\Dice->Dice\{closure}, Dice\Dice->Dice\{closure}, Dice\Dice->create, Dice\Dice->Dice\{closure}, ReflectionMethod->invokeArgs, Avatar_Privacy\Data_Storage\Site_Transients->__construct, Mundschenk\Data_Storage\Transients->__construct, Mundschenk\Data_Storage\Abstract_Cache->__construct, Mundschenk\Data_Storage\Transients->invalidate, Mundschenk\Data_Storage\Site_Transients->get_keys_from_database
       — CUT —

    • That’s fixed in 1.0.1. The er­ror should not have had any ill ef­fect, though, ex­cept for not clean­ing up site tran­sients prop­er­ly on uninstall.

    • Tim Themann wrote:

      On­ly once and not re­pro­ducible (un­for­tu­nate­ly I can not pin­point that one) it threw

      WordPress-​Datenbank-​Fehler Du­pli­cate col­umn name ‘time’ fxc3xbcr Abfrage ALTER TABLE ‘wp_​gravatars‘ ADD ‘time‘ int von activate_​plugin, do_action(‘activate_fv-gravatar-cache/fv-gravatar-cache.php’), WP_Hook->do_action, WP_Hook->apply_filters, fv_gravatar_cache_activation
       — CUT —

      It is non-​fatal and func­tion­al­i­ty does not seem to be af­fect­ed. If this is “nor­mal” for non-​multisite in­stal­la­tions, I´d sim­ply count it as a cos­met­ic issue ;-).

      By the way: This is is pret­ty much what a lot of peo­ple might be look­ing for at the mo­ment! Thanks a lot!

  • Tim Themann wrote:

    Oh. Cor­rect. I re­placed the FV Gra­vatar Cache plu­g­in, there­fore the er­ror that plu­g­in threw dur­ing de­ac­ti­va­tion went right be­tween the oth­er ones in the log. Sor­ry for the confusion.

    Respond to this

  • Frank Kunert wrote:

    Thank you very much for this very use­ful plu­g­in. If I dis­able or delete the plu­g­in and pre­vi­ous­ly se­lect­ed Sil­hou­ette as the de­fault avatar, no de­fault avatar will be dis­played and cre­at­ing an http sta­tus 400 when ac­cess­ing i0​.wp​.com. Sug­ges­tion: Change Sil­hou­ette to “Mys­te­ri­ous Per­son” at deactivation.

    Respond to this

  • vilmoskörte wrote:

    It does not work for me: The gra­vatar im­age is saved in wp-​content/​uploads/​avatar-​privacy/​cache, and if a add a new com­ment the check­box at the text “Ein Gravatar-​Bild neben meinen Kom­mentaren anzeigen.” is checked, how­ev­er, there is no gra­vatar im­age dis­played along with the com­ment. Al­so, the ta­ble wp_​avatar_​privacy in the SQL data­base has no rows. 

    Lat­est Word­Press, PHP 7.1.18

    Respond to this

    • Are you per­haps us­ing a mail ad­dress for an anony­mous com­ment that is used by a reg­is­tered user on your site? In that case, the val­ue is not saved to pre­vent avatar dis­clo­sure by fraud­u­lent comments.

  • vilmoskörte wrote:

    Ich habe noch ein weit­eres Prob­lem: Aus guten Grün­den musste ich in Word­Press die Vari­ablen Home-​URL und Website-​URL auf den Pun­y­code https://​xn​-​-vil​moskrte​-kcb​.de statt http://vilmoskörte.de setzen:

    Home-​URL https://​xn​-​-vil​moskrte​-kcb​.de
    Website-​URL https://​xn​-​-vil​moskrte​-kcb​.de

    Seit­dem bleibt die Check­box “Ein Gravatar-​Bild neben meinen Kom­mentaren anzeigen.” im­mer aus­geschal­tet, auch wenn ich sie beim let­zten Kom­men­tieren eingeschal­tet hat­te. Gle­ich­wohl ist das Cook­ie comment_​use_​gravatar_​a1b16743124519a8fc9b7ade2eac1c0a für die Web­site xn​-​-vil​moskrte​-kcb​.de auf 1 geset­zt. (Und wird auf 0 geset­zt, wenn ich einen Kom­men­tar ohne Häkchen an der Check­box sende).

    Respond to this

  • vilmoskörte wrote:

    Eine An­re­gung: Ich fände es gut, wenn mit dem Text zur Check­box unter dem Kom­men­tar (“Ein Gravatar-​Bild neben meinen Kom­mentaren anzeigen.”) eine Er­läuterung aus­gegeben würde, aus der her­vorge­ht, dass die Ein­bindung der Pro­fil­bilder ohne Über­mit­tlung per­so­n­en­be­zo­gen­er Dat­en er­fol­gt, ggf. mit einem op­tionalen, in den Ein­stel­lun­gen zu set­zen­den Link auf einen er­läutern­den Text. 

    Grund: Ich habe das zwar in mein­er Cookie-​Policy er­läutert, aber wer li­est die schon. Und in­zwis­chen haben die Leute mit­gekom­men, das Gra­vatar “böse” sein kön­nte und set­zen aus Furcht keinen Haken.

    Respond to this

  • Andy wrote:

    Thanks for this Avatar man­ag­er. Works per­fect­ly when I am logged in as ad­min, but when log­ging in as nor­mal user edit­ing my pro­file I do not get the op­tion to Choose File. I on­ly get Gra­vatar op­tion which is too com­pli­cat­ed. How to fix this?

    Respond to this

    • Andy: What role is as­signed to your “nor­mal” user? File up­load­ing ca­pa­bil­i­ties are need­ed for up­load­ing your own avatar (at the mo­ment there is no way to choose an im­age from Me­dia Library).

  • Andy wrote:

    That was prompt — thanks! Un­der settings-​general I have ticked any­body kan reg­is­ter and choosen sub­scriber as stan­dard sta­tus. Should that be Au­thor instead?
    As Ad­min I can choose from my Media/​Pictures li­brary. Can or­di­nary users nev­er do so?

    Respond to this

    • Avatar Pri­va­cy on­ly has the up­load pos­si­bil­i­ty for lo­cal avatars, no “choose from li­brary” fea­ture for any­one. Are you maybe al­so us­ing an­oth­er plu­g­in for user avatars? Avatar Pri­va­cy has some in­te­gra­tions that dis­able its na­tive up­load­ing fea­ture in def­er­ence to, for ex­am­ple, WP User Man­ager’s. If so, you would need to check whether there are set­tings in that plu­g­in that can change its behavior.

  • Sebas wrote:

    I up­loaded pic­ture A. Great, now pic­ture A was my avatar.

    I checked “delete lo­cal avatar pic­ture” and pressed save. Great, no avatar any­more. (And great, be­cause it was a test pic­ture of a dog, not the one I wanted).

    I browsed, se­lect­ed a bet­ter pic­ture for pos­ter­i­ty, pressed Save changes… pic­ture of the dog again.

    I delete, up­load what­ev­er I want, and I al­ways have pic­ture A when­ev­er there’s a pic­ture up­loaded, even if I clicked “delete lo­cal avatar”.

    I mean, it’s prob­a­ble a cache, but it’s a big bug that makes the plu­g­in tem­porar­i­ly use­less to me.

    Respond to this

    • @sebas: That would be your brows­er caching the im­age (just re­fresh the cache by us­ing shift-reload). I’ve no­ticed the is­sue my­self on my MAMP test sites, but not on the live ver­sion. Might be a dif­fer­ence be­tween Ng­inx and Apache? I’ll look in­to it, but it will not be a prob­lem any­one else ac­cess­ing the same image.

  • open source news wrote:

    Da auch wir für un­sere neue WP-​Installation die DSGVO um­set­zen, waren wir SEHR froh, so eine ein­fache Lö­sung zu haben 😀


    Respond to this

  • Hel­lo Avatar Privacy,

    I have im­ple­ment­ed Avatar Pri­va­cy on our WooCom­merce site. If you’d like to reg­is­ter you can see how I’ve in­te­grat­ed [avatar-​privacy-​form] in the My­Ac­count dash­board. How­ev­er, this was by stum­bling around. (We don’t do prod­uct down­loads, so I’ve used that endpoint).

    How­ev­er, have I missed some­thing? Be­cause I could not find any doc­u­men­ta­tion on hooks, short­codes, com­pat­i­bil­i­ty with WooCom­merce, us­age, … for the plu­g­in. Main­ly I found my clues in the re­lease notes.


    Respond to this

    • @Barry: I have no di­rect ex­pe­ri­ence with WooCom­merce in­te­gra­tion, so no, you haven’t missed any ad­di­tion­al doc­u­men­ta­tion. De­vel­op­er doc­u­men­ta­tion is some­thing I even­tu­al­ly want to write up, but un­for­tu­nate­ly, there is nev­er enough time (but re­lease notes and in­line doc­u­men­ta­tion will al­ways be up to date — that I do ensure).

      Though if you like to write a blog post about the chal­lenges you en­coun­tered (or even a HOWTO), I’ll link to it or pub­lish it here as a guest post.

      PS: From a pri­va­cy per­spec­tive, you re­al­ly should have a non-​infinite da­ta re­ten­tion pe­ri­od (or rather: some da­ta should have a non-​infinite re­ten­tion pe­ri­od, though I know it is a pain to en­force with WordPress).

  • Hel­lo Peter,

    In my code I had suc­cess­ful­ly been us­ing get_​avatar() to pro­vide the gra­vatar for an au­thor if one is avail­able. Now with Avatar Pri­va­cy ac­ti­vat­ed, get_​avatar() re­turns the mys­tery per­son, re­gard­less of whether the au­thor has ‘Dis­play a gra­vatar …” ticked or not. If I de­ac­ti­vate Avatar Pri­va­cy, I get the gra­vatar when expected. 

    I sus­pect I need to be do­ing some­thing dif­fer­ent from call­ing get_​avatar() in code now that Avatar Pri­va­cy is ac­ti­vat­ed? Please can you ad­vise what I should be doing?

    Many thanks,

    Respond to this

    • @Barry: I as­sume you are us­ing the email ad­dress as the “ob­ject” in the get_avatar() call? If so, the plu­g­in does not know you are try­ing to ac­cess a user and will treat is an anony­mous com­ment au­thor email. If there’s a user reg­is­tered for the same email ad­dress, Avatar Pri­va­cy will not dis­play the Gra­vatar un­less the user al­so has “Logged-​out Com­ment­ing” enabled.

      It will work as ex­pect­ed if you first get the user ob­ject via get_user_by( 'email', $email ).

    • Hi Pe­ter,

      All good now. I had­n’t re­alised the wider im­pli­ca­tion of “Logged-​ot Com­ment­ing”, since on our site you can’t com­ment un­less you’re logged in. So I’d men­tal­ly ig­nored that checkbox.

      So now I must up­date our au­thor in­struc­tions to en­sure they al­ways check “Logged-​our Com­ment­ing” if they want their pro­file pic­ture with their au­thor bio.

      Many thanks,

    • @Barry: While en­abling the set­ting is a workaround, I can­not rec­om­mend it. Chang­ing your code from get_avatar( $email ) to get_avatar( get_user_by( 'email', $email ) ) will work with or with­out Avatar Pri­va­cy. There’s no need for them to use the “logged-​out com­ment­ing” feature.

    • Hi Pe­ter,

      Well I’ve tried you’re sug­ges­tion with the re­sults side by side to en­sure there are no caching is­sues. The test code;

      $author_email = get_the_author_meta('user_email', $post->post_author) ;
      $user = get_user_by( 'email', $author_email);
      $avatar_peter = get_avatar( $user, 90 );

      $avatar = get_avatar( get_the_author_meta('user_email', $post->post_author) , 90 );

      // Test avatars side by side
      $author_details .= '' . $avatar . $avatar_peter . nl2br( $user_description ). '';

      The re­sult is be­yond my com­pre­hen­sion. With the au­thor hav­ing “logged-​out com­ments” checked, I see $avatar as the ex­pect­ed gra­vatar, but $avatar_peter gives the set de­fault mys­tery man! Uncheck­ing “logged-​out com­ments” re­sults in both avatars be­ing the mys­tery man. 


    • Fur­ther to the above (I was bounced for not be­ing concise):

      Nat­u­ral­ly I’ve not done this test in live, but you can see an ex­am­ple of the bio that’s con­struct­ed if you scroll down the page.

      I have checked the code in ph­p­Storm and the cor­rect user email is be­ing re­turned, and re­sults in the cor­rect user ob­ject, so no er­ror that I can see.

      Al­though you de­scribe us­ing the “logged-​out com­ments” check­box as a workaround, it sort of makes sense to me, be­cause the au­thor is not logged in, in­deed no one may be logged in when the bio is viewed. It’s not oner­ous and au­thors prob­a­bly want all the ex­po­sure they can get. 

      Apolo­gies for the length, but there you go,

    • Ah, I thought you need­ed this for com­ment au­thors. For post au­thors, just hand­ing the $post ob­ject to get_avatar() should be enough. I’m not sure what’s go­ing wrong with the ex­am­ple code (you can add some calls to error_log() to see which of the func­tions is fail­ing), but the whole back-​and-​forth con­ver­sion is not nec­es­sary to dis­play the avatar for a post author.

  • Cheng Shen wrote:

    Avatar Pri­va­cy re­veals the email ad­dress of any com­menter to any­one who cares.

    While Word­Press de­fault gen­er­at­ed avatars are com­plete­ly un­salt­ed, and thus eas­i­ly re­versed, re­veal­ing the true email ad­dress of every com­menter to any­one who cares, and to the cen­tral avatar im­age serv­er se​cure​.gra​vatar​.com (why is there a cen­tral im­age serv­er for lo­cal­ly gen­er­at­ed image)

    Avatar Pri­va­cy im­age names can be re­versed to email ad­dress­es with on­ly slight­ly more dif­fi­cul­ty, be­cause it us­es a thir­ty two bit site wide salt in­stead of a two fifty six bit salt.

    Giv­en a known email ad­dress, one can find the salt. Hav­ing found the salt, one can then re­verse the hash, which is re­vealed by the name of the im­age file.

    Respond to this

    • @Cheng Shen: You are cor­rect that a per-​address hash would be cryp­to­graph­i­cal­ly bet­ter. It is some­thing I might im­ple­ment in a fu­ture ver­sion of Avatar Pri­va­cy. If you’d like to do a pull re­quest on GitHub, I’ll glad­ly in­clude it in the next version. 

      Where we dis­agree is that un­salt­ed MD5 and (site-​wide) salt­ed SHA-​256 are at all in the same cat­e­go­ry. By de­fault, the Gra­vatar hash­es are not on­ly eas­i­ly re­versible, but can be tracked glob­al­ly across the en­tire web by every­one. This is pre­vent­ed by Avatar Pri­va­cy. Al­so, SHA-​256 is much more dif­fi­cult to brute-force.

      Re­gard­ing your com­ment about se​cure​.gra​vatar​.com, I don’t know what you are talk­ing about — gra​vatar​.com is on­ly con­tact­ed for com­menters who ex­plicite­ly state that they want to use their Gra­vatar (and on­ly on the back­end). Do­ing so ob­vi­ous­ly shares the MD5 hash of their mail ad­dress with gra​vatar​.com, but that is not pre­ventable when one wants to use that service.

      Any­way, even if you can’t or won’t use GitHub, I’m open to ac­tion­able sug­ges­tions for im­prove­ments here in the com­ments, so please let me know if you have got any spe­cif­ic pro­pos­als in mind.

  • Hel­lo, great plu­g­in, but with the “Gwolle Guest­book” un­for­tu­nate­ly on­ly the set in­di­vid­ual avatar is dis­played with the au­thors. I have al­so al­ready con­tact­ed the man­u­fac­tur­er of the “Gwolle Guest­book”, he says his plu­g­in us­es the stan­dard func­tion get_avatar().

    Respond to this

  • Hi guys,

    I have in­stalled Avatar Pri­va­cy to my Word​Press​.com host­ed web­site: dig​i​talesleben​.blog. Avatar is set on gra­vatar. In Einstellungen/​Diskussion the set­ting for Avatar anzeigen is active. 

    But I can­not see the ad­di­tion­al set­ting “Dis­play a Gra­vatar im­age next to my com­ments” be­low my com­ment sec­tion on blog posts. 

    I use the fol­low­ing ver­sions: WP 6.0.1, PHP 7.4.30, Jet­pack 11.3‑a.3

    Could you please check why this does not work properly?

    Respond to this

  • Hi Küchen­meis­ter,

    I de­ac­ti­vat­ed the com­ment mod­ule of Jet­pack. And now every­thing works fine with Avatar Pri­va­cy. Thank you for the great plu­g­in. I ap­pre­ci­ate the ad­di­tion­al pri­va­cy and to make my site more DSGVO/​GDPR compliant 😀 

    Best re­gards, Andreas

    Respond to this

Leave a Reply

By posting a comment you consent that we store the submitted information as well as your anonymized IP address on our servers, under the terms of our data protection policy. Your email is never shared with anyone else.

Required fields are marked *.