Obfuscates the e-mail address hash used to get avatars from gravatar.com thus
protecting the privacy of users who do not want their activity tracked.
It has an admin panel (in Settings) that allows the blog administrator to
white-list specific domains and/or e-mail addresses that are not to be
obfuscated when hashed.
Please see the Extended Description (In ‘Other Notes’ tab in WordPress hosted
page) for more discussion on this issue.
This plugin uses the code for
get_avatar() from the version of WordPress
listed as ‘Tested up to’ in the top of this ‘readme.txt’ file (shown as
‘Compatible up to’ on WordPress hosted plugin page), with one minor
If you are running a newer version of WordPress that has fixed a bug in that
function, use of this plugin could cause a regression.
I will do my best to try and release updates in a timely manner whenever a new
stable version of WordPress is released that makes changes to that function.
WordPress by default uses avatars from gravatar.com to display with comments
made by visitors to your site. To accomplish this, it uses an MD5 hash of the
commenter’s e-mail address. This is done by the function
get_avatar() in the
There are many benefits to using gravatar.com avatars, but there are also some
privacy concerns. As the hash of the commenter’s e-mail address becomes part of
the blog they commented on, it is possible for third parties to use bots to
scrape WordPress blogs, creating profiles of commenter’s based upon their
unique hash that is used to display avatars.
With the default gravatar theme, this only impacts users who have set up an
account at gravatar.com but many of the fun gravatar themes will use the hash
to ask gravatar.com to generate an avatar for that user even if that user has
no knowledge of gravatar.com.
This plugin obfuscates the hash so that the fun gravatar themes with generated
avatars can still be used without sacrificing the privacy of the user. The user
can not be tracked through the gravatar image URI because the hash associated
with the users e-mail address is specific to the WordPress install.
This plugin does allow two white-lists where the hash of the e-mail address
will not be obfuscated.
The first white-list is domain-based. For example, you may want employees of
your company to have custom gravatar.com avatars. Simply add your companies
domain to the domain white-list and employees of your company will not have the
hash of their e-mail address obfuscated, thus allowing custom gravatars to
The second white-list is for specific e-mail addresses. You may have a
colleague who posts at your blog often and would like his or her custom avatar
used with comments. By adding the e-mail address he or she uses to the e-mail
white-list, their e-mail address will not be obfuscated.
How It Works
The standard URI for a gravatar.com hosted avatar is generated using the
get_avatar() function in the pluggables.php file of a standard WordPress
This plugin replaces that function with a slightly modified version. In the
modified version, instead of using
$email_hash = md5( strtolower( trim( $email ) ) );
$email_hash = smartAvaHash($email);
smartAvaHash checks to see if the argument
white-listed domain or is white-listed itself.
If the e-mail address is white-listed, then the functions returns the MD5 hash
of the e-mail address.
If it is not white-listed, the function salts the address and creates a SHA256
hash. That hash is salted a second time and an MD5 hash is created and
International Domain Names Support
If your php install has the necessary support, there is IDN support for white-
listing domains and e-mail addresses using UTF8 Internation Domain Names.
The following php requirements must be met:
- php >= 5.3.0
- PECL intl >= 1.0.2
- PECL idn >= 0.1
When you enter a UTF8 domain name or e-mail address for white-listing, smartAva
will actually convert it to ASCII punycode for the actual listing and pattern
matching. The domains however will be displayed in UTF8 in the admin interface.
The display of UTF8 domains will have the ASCII punycode equivalent in the
HTML title tag, so you can visually see what it is when you mouse over the
UTF8 domain name.
At least in version 3.7.1, WordPress itself does not like user comments posted
with a UTF8 version of an International Domain Name. Users with e-mail
addresses at those domains will need to use the ASCII punycode version of their
There may be a WordPress plugin that fixes that issue, I do not think it would
be very hard to write one.
IDN Bugs and Issues
I have noticed some bugs that I believe are related to the PECL modules. For
example, the domain ‘sßorra.it’ does not work, but ‘名がドメイン.com’ does.
Until the PECL modules (it may actually be the operating system libidn library)
are fixed, present best practice is to convert IDN domains to ASCII punycode
before entering them in the admin interface. That should work even if you do
not have the required version of php or the PECL modules.
Also, the list of domains and e-mail addresses are sorted using the ASCII
punycode versions of Internation Domain Names, which always starts with ‘xn--‘.
This quite likely will result them in being out of order in many cases. At some
point I will see if there is a better way to sort.
This plugin does not make any network connections and does not write any files.
It does write to the WordPress database but the only user supplied data that
it writes to the WordPress database is from the restricted administration page.
The only user supplied data this plugin interacts with outside of the
administration page is the e-mail address supplied by commenters when the user
comments on a post. This e-mail address is verified as a legal e-mail address
using the php
filter_var($address, FILTER_VALIDATE_EMAIL) function. If it
fails that validation, it is discarded and the generic e-mail address
‘email@example.com’ is used in its place.
The administrative page is protected by requiring an ‘manage_options’ level
of administration capabilities.
Additionally, processing of the POST data sent when changing options uses a
NONCE as an extra check to make sure the data submitted comes from the form
on the administrative page.
- Properly internationalize at least for Spanish, German, and Greek.
- Implement a mechanism by which users who are registered and logged in at a
blog can add their e-mail address to the white-list.
If you believe you have found a bug, the fastest way to get my attention is
probably through twitter at (NSFW) https://twitter.com/AliceWonder32
You can also try using the support forum at
Description of WordPress Options
This plugin creates and uses up to five WordPress options. Options are managed
using the following standard WordPress functions:
An array of domains that are white-listed from hash obfuscation. Posts with
e-mail addresses at those domains (and sub-domains) will not have their e-mail
address obfuscated before the hash that is used with gravatar.com is created.
This option is not created until the first time you specifically add a domain
to the white-list.
An array of e-mail addresses that are white-listed from hash obfuscation. Posts
with e-mail addresses in that array will not have their e-mail address
obfuscated before the hash that is used with gravatar.com is created. This
option is not created until the first time you specifically add an e-mail
address to the white-list.
An array that contains the two salts used to obfuscate the the e-mail hash. It
is automatically created whenever the plug-in wants a salt and the option does
If this option exists, a footer is added to pages letting users know that you
are running smartAva with a link to a web page describing what it is. If the
option does not exist, the notice is not added to the footer. The option is
created or deleted by checking or un-checking a box in the admin page.
When an admin page is served, a NONCE is created and stored as this option. It
is inserted into the form as a hidden input and checked against what is stored
in the WP database when the form is processed to make sure they match. If they
do not match, the form is not processed.
- Activate the plugin through the ‘Plugins’ menu in WordPress
- Configure the plugin through the ‘smartAva’ sub-menu of ‘Settings’
- If you so choose, check the box at bottom of admin page to ‘Allow
Notification to Users of smartAva usage’ so users of your blog will know you
care about their privacy.
- Aren’t you being paranoid?
Perhaps, but I do know that some of the blogs I visit and comment on are not
something I would want a future employer to find about me when he or she does
a background check that involves checking a database that has built profiles
of users based upon the MD5 hash of their e-mail address.
I assume there are other people like me who want to retain some privacy with
respect to their on-line activity, and I hope as many blog administrators as
possible will understand this desire for privacy and take this simple step
to ensure the privacy of their visitors.
AliceWonderfull herself makes the best case for what it is she is trying to stop with this plugin. Kudos to her for creating a plugin to stop some of the invasion of privacy and harvesting of user data.
As AliceWonderfull points out herself, it’s not nearly enough:
I know exactly what your game is. Your company saw Google get rich by making all of us the product they sold to advertisers. And now you are trying the same thing – release stuff like jetpack hoping it gets data pushed through your cloud where you can track us and our interests, and with our e-mail address, even track us on blogs that don’t use jetpack because you can use the hash of our e-mail address to look at gravatar requests.
A sad day when we can’t trust our open source CMS built on the blood and tears of volunteers.
Contributors & Developers
“smartAva” is open source software. The following people have contributed to this plugin.Contributors
- December 04, 2013
- With proper support in php, you can now white-list UTF8 International
Domain Names without needing to convert them to ASCII punycode first.
- Admin interface now (mostly) matches look and feel of other Settings pages.
- Error message for non-conforming domain/addresses.
- December 02, 2013
- Fixed a typo, added label tags to the text inputs on admin page. No new
functionallity or bugs/todo issues addressed.
- November 29, 2013
- Footer notifying users of smartAva website turned into an option the blog
master has to specifically enable.
- Fixed some HTML tags in admin page that were not valid.
- First public release. November 28, 2013