Plugin Directory

Test out the new Plugin Directory and let us know what you think.
!This plugin hasn’t been updated in over 2 years. It may no longer be maintained or supported and may have compatibility issues when used with more recent versions of WordPress.

Avatar Privacy

Adds options to enhance the privacy when using avatars.

I activated the plugin and don't see any change!?

Did you remember to visit the discussion settings page, activate some or all of the checkboxes in the "Avatar Privacy" section and save the changes? On a multisite installation, this has to be done for every blog that wants to use the plugin. You also have to enable the use of gravatars first.

I saved the settings and still don't see any changes. How do I know the plugin works?

Depending on which options you selected, you wouldn't see a change in the way the page looks. The changes are visible in the source code though:

  • Don't publish encrypted E-Mail addresses for non-members of gravatar.com: Look at the gravatar image URL of a user without a gravatar. The plugin works if the URL looks like "http://1.gravatar.com/avatar/[long MD5 token]?s=68" instead of "http://1.gravatar.com/avatar/[other long MD5 token]?s=68&d=http%3A%2F%2F1.gravatar.com%2Favatar%2F[long MD5 token]%3Fs%3D68&r=PG". There aren't two URLs in there anymore, only one, and the default URL looks the same for two comments without a gravatar.
  • Let users and commenters opt in or out of using Gravatars: You should see the checkbox on the comment form. You need to log out though to see it. If you are logged in, you should see a similar checkbox in your user profile in the WordPress backend.

I still don't see the checkbox in the comment form!? Everything else works.

Then you probably don't use a modern theme which makes use of the function comment_form() to create the comment form. Check if you can find this function used in comments.php or a similar file of your theme. If you do and it still doesn't work, tell me. Otherwise chances are that you do have to add the checkbox manually. Use this function:

<?php if (function_exists('avapr_get_avatar_checkbox')) echo avapr_get_avatar_checkbox(); ?>

I'm confused by all the settings. What should I select?

For a maximum effect, check both "Don't publish encrypted E-Mail addresses for non-members of gravatar.com." and "Let users and commenters opt in or out of using gravatars.". Whether you want to enable the latter or not depends on whether you think this will demand too much from your potential commenters.

For a maximum privacy effect, select "The checkbox is... not checked by default". Then people wanting to use gravatars would actively have to tick this box. If you just want to give concerned visitors the chance not to display gravatars, but want to use gravatars for everyone els as a default, select "The checkbox is... checked by default".

The default value is necessary for older comments and user profiles that haven't been saved since activating the plugin. If you did have gravatars enabled before, choose "Show gravatars" here, otherwise "Don't show gravatars". If you are newly enabling gravatars on your site and have already lots of comments, you can of course select "Show gravatars", so that these comments won't look odd because none of them has a gravatar. It would be a bit unfair to your users though, since they commented when there weren't any gravatars on your site. For regular commenters, the gravatars will start to show up over time anyway, since the per-commenter setting of showing gravatars or not is per commenter, not per comment.

Last, scroll up a bit and select one of the local default avatar icons added to the bottom of the list. Their advantage is that together with the rest of the plugin options they can reduce (public) calls to gravatar.com. You are depending a bit less on an external resource and a bit less data flows to gravatar.com.

What happens if I disable the plugin? Are any of the data altered?

The plugin saves additional data about whether commenters and users want to display a gravatar or not (if you select that mode in the settings). These data are deleted when you properly uninstall the plugin.

Apart from that, the plugin only filters data, but does not permanently change them. Especially, if you deactivate the plugin und have gravatars turned on, they will again show up for everybody, even those commenters and users who opted out of displaying gravatars. You do have to change the default gravatar back manually, though.

Can this plugin be used together with cache plugins?

Yes, it certainly can. You have to be careful though which plugin options you select and how you cache your content. The first plugin option checks if a gravatar exists for a given E-Mail address and, if not, displays the default image directly. If you cache the output of this check, the gravatar will not be displayed if the user later decides to sign up with gravatar.com. If you're using this option, you should invalidate cached pages with gravatars on them (mostly the single view of entries) regularly.

Can this plugin be used on a multisite installation?

Yes, the plugin can be used on a multisite installation. You can either activate it on individual blogs or do a network activation. Options will be set per blog, so the blog admins need to decide which options to use. What will be global is the table for the 'Let users and commenters opt in or out of using gravatars.' option: A global table 'wp_avatar_privacy' will be created that is shared across all blogs. So if a user comments on blog A and chooses to display gravatars, this decision will be followed on blog B and C too.

I develop and use this plugin on a multisite installation with three blogs. Any network with a comparatively small number of blogs should be fine. I haven't really thought about the implications of using the plugin on a network with many 'sites' (as opposed to 'blogs'). Does anybody even do that with WordPress?!

Why is a minimal WordPress version of 3.2 required? Will it work with older WordPress installations?

I chose WP 3.2 since that was the release that dropped support for PHP 4 and I didn't want to support that. While I'm writing the initial release of this plugin, WP 3.3 is the current release. I will be testing with WP 3.2, but not with older versions. It's reasonable to assume that it works with versions since WP 3.0 at least if you use PHP 5. There is a check in the main plugin file that checks for PHP and WP versions and doesn't load the plugin on older versions. If you absolutely must use it with older WP versions, comment out the lines after the 'check minimum WP requirements' comment.

Won't spam comments flood the database table with useless entries for the checkbox in the comment form?

The plugin doesn't save the value of the "use gravatar" checkbox for comments by registered users (see below), trackbacks/pingbacks (there is no E-Mail address) and comments that are marked as spam when they are saved. If you mark a comment as spam later, the table entry is not removed, since the same E-Mail address might also be used by non-spam comments. If a comment is marked as spam by Akismet or similar plugins and you later manually mark it as non-spam, what the user selected when submitting the comment will already be lost. This only happens with spam comments, not comments who just need to be moderated, e.g. because of the 'needs at least one published comment' rule.

Can commenters override a registered user's choice whether to display a gravatar by creating fake comments?

No, for registered users the user profile is checked, not the table for the commenter's choices. Commenters can not override this value, not even the user themselves if they post a comment when not signed-in.

Which plugins are known to work with Avatar Privacy?

I used Avatar Privacy together with these plugins:

If you find any problems with particular plugins, please tell me!

Requires: 3.2 or higher
Compatible up to: 3.5.2
Last Updated: 4 years ago
Active Installs: 90+


0 out of 5 stars


Got something to say? Need help?


Not enough data

0 people say it works.
0 people say it's broken.