WordPress Mirror Gravatar|
This is a
WordPress plugin to locally mirror
commenters' Gravatars and serves them
from your site, rather than loading them from gravatar.com on each page load.
This has several effects:
- If most of the comments on a post have no gravatar, those turn
into one load of a shared image, instead of one for each comment,
that happens to return the same "mystery" image.
- You will be serving more (small) images.
- gravatar.com no longer
has a web-bug on your blog that is loaded by each viewer. Instead of being
loaded at every page view, the gravatar is loaded just once, on the
server-side, at the time each new comment is posted.
Gravatar is owned by
WordPress, and their privacy
policy says that they don't monetize that info, but hey, corporate
policies change, and subpoenas exist.
- The user's Gravatar profile is saved along with their comment,
viewable by admins even if they later change or delete it from gravatar.com.
- If someone changes or deletes their Gravatar, your site continues
displaying the image that was their Gravatar at the time that they last
- Additionally: when commenting, a live preview of the Gravatar
tracks the contents of the "Email" field.
Security and Privacy::
Though WordPress enables Gravatars by default, using them at all might be
considered a privacy risk for your blog commenters. Gravatars expose an MD5
hash of the email address of each commenter, which has been shown to be
vulnerable to attacks.
A sufficiently-motivated attacker can probably translate that MD5 back into an
This plugin does not, at least, make that any worse.
It's available in the
WordPress.org Plugin Directory
, so you can install it by
going to your blog's admin page, searching for it under
Plugins / Add New
, and selecting Install
- Upload the mirror-gravatar directory to your
- Activate the plugin through the "Plugins" menu in WordPress.
- Make sure the directory wp-content/plugins/mirror-gravatar/
is writable by your web server.
© 2022 Jamie Zawinski