Mirror Gravatar

Locally mirror commenters' Gravatar images.

Author:Jamie Zawinski (profile at wordpress.org)
WordPress version required:2.7
WordPress version tested:6.0.7
Plugin version:1.2
Added to WordPress repository:09-06-2022
Last updated:03-04-2024
Rating, %:0
Rated by:0
Plugin URI:https://www.jwz.org/mirror-gravatar/
Total downloads:762
plugin download
Click to start download

Locally mirror commenters’ Gravatars and serves them from your site, rather than loading them from gravatar.com on each page load.

This has several effects:

  • If most of the comments on a post have no gravatar, those turn into one load of a shared image, instead of one for each comment, that happens to return the same “mystery” image.

  • You will be serving more (small) images.

  • gravatar.com no longer has a web-bug on your blog that is loaded by each viewer. Instead of being loaded at every page view, the gravatar is loaded just once, on the server-side, at the time each new comment is posted.

    Gravatar is owned by WordPress, and their privacy policy says that they don’t monetize that info, but hey, corporate policies change, and subpoenas exist.

  • The user’s Gravatar profile is saved along with their comment, viewable by admins even if they later change or delete it from gravatar.com.

  • If someone changes or deletes their Gravatar, your site continues displaying the image that was their Gravatar at the time that they last posted.

  • If a commenter’s URL looks like a link to a Mastodon profile, this plugin will attempt to mirror the Mastodon avatar instead.

  • Additionally: when commenting, a live preview of the Gravatar tracks the contents of the “Email” field.

Security and Privacy

Though WordPress enables Gravatars by default, using them at all might be considered a privacy risk for your blog commenters. Gravatars expose an MD5 hash of the email address of each commenter, which has been shown to be vulnerable to attacks. A sufficiently-motivated attacker can probably translate that MD5 back into an email address.

This plugin does not, at least, make that any worse.

Screenshots
ChangeLog