Locally mirror commenters’ Gravatars and serves them from your site, rather than loading them from gravatar.com on each page load.
This has several effects:
If most of the comments on a post have no gravatar, those turn into one load of a shared image, instead of one for each comment, that happens to return the same “mystery” image.
You will be serving more (small) images.
gravatar.com no longer has a web-bug on your blog that is loaded by each viewer. Instead of being loaded at every page view, the gravatar is loaded just once, on the server-side, at the time each new comment is posted.
The user’s Gravatar profile is saved along with their comment, viewable by admins even if they later change or delete it from gravatar.com.
If someone changes or deletes their Gravatar, your site continues displaying the image that was their Gravatar at the time that they last posted.
If a commenter’s URL looks like a link to a Mastodon profile, this plugin will attempt to mirror the Mastodon avatar instead.
Additionally: when commenting, a live preview of the Gravatar tracks the contents of the “Email” field.
Security and Privacy
Though WordPress enables Gravatars by default, using them at all might be considered a privacy risk for your blog commenters. Gravatars expose an MD5 hash of the email address of each commenter, which has been shown to be vulnerable to attacks. A sufficiently-motivated attacker can probably translate that MD5 back into an email address.
This plugin does not, at least, make that any worse.
- Upload the
mirror-gravatardirectory to your
- Activate the plugin through the “Plugins” menu in WordPress.
- Make sure the directory
/wp-content/plugins/mirror-gravatar/is writable by your web server.
There are no reviews for this plugin.
Contributors & Developers
“Mirror Gravatar” is open source software. The following people have contributed to this plugin.Contributors
- Also mirrors Mastodon avatar images, if the commenter’s URL is of the form “https://example.com/@username”