Adds an avatar upload field to user profiles if the current user has media permissions. Generates requested sizes on demand just like Gravatar!
Adds an avatar upload field to user profiles if the current user has media permissions. Generates requested sizes on demand just like Gravatar! Simple and lightweight.
Just edit a user profile, and scroll down to the new “Avatar” field. The plug-in will take care of cropping and sizing!
- Stores avatars in the “uploads” folder where all of your other media is kept.
- Has a simple, native interface.
- Fully supports Gravatar and default avatars if no local avatar is set for the user – but also allows you turn off Gravatar.
- Generates the requested avatar size on demand (and stores the new size for efficiency), so it looks great, just like Gravatar!
- Lets you decide whether lower privilege users (subscribers, contributors) can upload their own avatar.
- Enables rating of local avatars, just like Gravatar.
Screenshots
Avatar upload field on a user profile page
FAQ
Does Simple Local Avatars collect personal data of website visitors?
No. Simple Local Avatars neither collects, stores, nor sends any PII data of visitors or avatar users on the host site or to 10up or other services.
ChangeLog
2.8.3 – 2024-11-18
- Changed: Only allow images that were uploaded by the same user be used when setting the avatar via a REST request (props @dkotter, @justus12337, @faisal-alvi via #317).
- Fixed: Only allow image files to be set as the avatar in REST requests (props @dkotter, @justus12337, @faisal-alvi via #317).
- Security: Bump
@10up/cypress-wp-utils
from 0.2.0 to 0.4.0, @sentry/node
from 6.19.7 to 8.38.0, @wordpress/env
from 9.2.0 to 10.11.0, cypress
from 13.2.0 to 13.15.2, cypress-mochawesome-reporter
from 3.6.0 to 3.8.2, puppeteer-core
from 23.3.0 to 23.8.0 (props @dkotter via #319).
2.8.2 – 2024-11-12
- Fixed: Ensure dependencies are (actually) included properly in the release (props @dkotter via #316).
2.8.1 – 2024-11-12
- Fixed: Ensure dependencies are included properly in the release (props @dkotter via #315).
2.8.0 – 2024-11-12
Note that this release bumps the minimum required version of WordPress from 6.4 to 6.5.
- Added: Support for the WordPress.org plugin preview (props @faisal-alvi, @jeffpaul via #297).
- Changed: Update PHP compatibility check to use
10up/wp-compat-validation-tool
(props @Sidsector9, @jeffpaul, @faisal-alvi via #291).
- Changed: Bump WordPress “tested up to” version 6.7 (props @sudip-md, @jeffpaul, @dkotter via #310, #312).
- Changed: Bump WordPress minimum supported version to 6.5 (props @sudip-md, @jeffpaul, @dkotter via #310, #312).
- Fixed: Ensure all strings are properly translated (props @pedro-mendonca, @dkotter via #295).
- Fixed: Properly handle malformed
simple_local_avatar
user data (props @adekbadek, @dkotter, @faisal-alvi via #302).
- Security: Run a user capability check before we clear the avatar cache (props @dkotter, @truonghuuphuc, @Sidsector9 via #309).
- Security: Ensure REST API requests to set an avatar only allow existing attachment IDs to be used (props @dkotter, @justus12337, @faisal-alvi via GHSA-wfjh-m788-w2c5).
- Security: Bump
axios
from 1.6.7 to 1.7.4 (props @dependabot, @faisal-alvi via #298).
- Security: Bump
webpack
from 5.90.0 to 5.94.0 (props @dependabot, @faisal-alvi via #303).
- Security: Bump
ws
from 7.5.10 to 8.18.0 and @wordpress/scripts
from 27.1.0 to 30.4.0 (props @dependabot, @faisal-alvi via #305, #311).
- Security: Bump
body-parser
from 1.20.2 to 1.20.3, express
from 4.19.2 to 4.21.0, send
from 0.18.0 to 0.19.0 and serve-static
from 1.15.0 to 1.16.2 (props @dependabot, @faisal-alvi via #306).
2.7.11 – 2024-07-18
Note that this release bumps the minimum required version of WordPress from 6.3 to 6.4.
- Changed: Bumped WordPress “tested up to” version 6.6 and minimum version to 6.4 (props @sudip-md, @ankitguptaindia, @jeffpaul via #289, #290).
- Security: Add nonce check when saving the default avatar ID (props @faisal-alvi, @aaemnnosttv, @rafiem, @dkotter via GHSA-46pw-6m35-9m7x).
- Security: Bump
braces
from 3.0.2 to 3.0.3, pac-resolver
from 7.0.0 to 7.0.1, socks
from 2.7.1 to 2.8.3 and removes ip
(props @dependabot, @Sidsector9 via #286).
- Security: Bump
ws
from 7.5.9 to 7.5.10 (props @dependabot, @faisal-alvi via #287).
2.7.10 – 2024-05-24
2.7.9 – 2024-05-14
2.7.8 – 2024-05-08
Note that this release bumps the minimum required version of WordPress from 5.7 to 6.3.
- Added: “Testing” section in the
CONTRIBUTING.md
file (props @kmgalanakis, @jeffpaul via #274).
- Changed: Bumped WordPress “tested up to” version 6.5 (props @sudip-md, @dkotter, @jeffpaul via #270).
- Changed: Move
simple_local_avatar_deleted
action to avatar_delete
(props @lllopo, @faisal-alvi, @dkotter via #255).
- Changed: Clean up NPM dependencies and update node to
v20
(props @Sidsector9, @dkotter via #257).
- Changed: Update
CODEOWNERS
of the plugin (props @jeffpaul, @dkotter via #253).
- Changed: Disabled auto sync pull requests with target branch (props @iamdharmesh, @jeffpaul via #263).
- Changed: Upgrade
download-artifact
from v3 to v4 (props @iamdharmesh, @jeffpaul via #265).
- Changed: Replaced
lee-dohm/no-response
with actions/stale
to help with closing no-response/stale
issues (props @jeffpaul, @dkotter via #266).
- Fixed: Broken default avatar when
Local Avatars Only
is unchecked (props @faisal-alvi, @ankitguptaindia, @qasumitbagthariya via #260).
- Fixed: Ensure high-quality avatar preview on profile edit screen (props @ocean90, @dkotter via #273).
- Fixed: Possible PHP warning (props @BhargavBhandari90, @dkotter via #261).
- Fixed: Fixed typos (props @szepeviktor, @dkotter via #268).
2.7.7 – 2023-12-13
2.7.6 – 2023-11-30
- Added: Check for minimum required PHP version before loading the plugin (props @kmgalanakis, @faisal-alvi via #226).
- Added:
pre_simple_local_avatar_url
filter to allow an avatar image to be short-circuited before Simple Local Avatars processes it (props @johnbillion, @peterwilsoncc via #237).
- Added: Repo Automator GitHub Action (props @iamdharmesh, @faisal-alvi via #228).
- Added: E2E test for checking the front end of avatars (props @Firestorm980, @iamdharmesh via #219).
- Changed: Bumped WordPress “tested up to” version 6.4 (props @zamanq, @ankitguptaindia, @faisal-alvi, @qasumitbagthariya via #230, #244).
- Changed: Update the Dependency Review GitHub Action to leverage our org-wide config file to check for GPL-compatible licenses (props @jeffpaul, @faisal-alvi via #215).
- Changed: Documentation updates (props @jeffpaul, @faisal-alvi via #242).
- Fixed: Address conflicts with other plugins and loading the media API (props @EHLOVader, @dkotter via #218).
- Fixed: Prevent PHP fatal error when switching from a multisite to single site installation (props @ocean90, @ravinderk, @faisal-alvi via #222).
- Fixed: Local avatar urls remain old after domain/host change (props @jayedul, @ravinderk, @jeffpaul, @faisal-alvi via #216).
- Security: Bump
word-wrap
from 1.2.3 to 1.2.4 (props @dependabot, @faisal-alvi via #223).
- Security: Bump
tough-cookie
from 4.1.2 to 4.1.3 (props @dependabot, @faisal-alvi via #225).
- Security: Bump
@cypress/request
from 2.88.10 to 3.0.0 (props @dependabot, @faisal-alvi via #225, #234).
- Security: Bump
cypress
from 11.2.0 to 13.2.0 (props @dependabot, @faisal-alvi, @iamdharmesh via #234, #236).
- Security: Bump
postcss
from 8.4.21 to 8.4.31 (props @dependabot, @faisal-alvi via #238).
- Security: Bump
@babel/traverse
from 7.20.12 to 7.23.2 (props @dependabot, @faisal-alvi via #240).
- Security: Bump
@10up/cypress-wp-utils
version to 0.2.0 (props @iamdharmesh, @faisal-alvi via #236).
- Security: Bump
@wordpress/env
version from 5.2.0 to 8.7.0 (props @iamdharmesh, @faisal-alvi via #236).
- Security: Bump
cypress-mochawesome-reporter
version from 3.0.1 to 3.6.0 (props @iamdharmesh, @faisal-alvi via #236).
View historical changelog details here.