The Gravatar service, which powers by default all of the avatars displayed at WordPress comments and admin areas is a service that was designed in a much more naive times, when the implications of bad security and privacy practices weren’t obvious to all. As a result it has the following problems:
- It identifies people by their email address, but our email address is a more or less public information and we use it to identify at all kinds of sites. This make it relatively easy to impersonate us at sites we have never visited, for example use an email addess of a conservative person on a porn site.
- It uses MD5 hashing to mask the email address when it is included in the HTML, but MD5 was proven not to be strong enough to handle modern processing power and it was proven in practice that the real email addresses can be extracted from the MD5 hash of the email.
Add to that that the service tracks you on all the sites it is active on, and any privacy oriented person should ask himself why to have it active at all.
The problem with disabling it is that the site will look very bland without all the images, but this plugin address the other problems
While a commenters still have to enter his email to comment, before using it as an input to the gravatar service, the address is being “salted” by a value which is unique to the site (one of the “salt” values generated by the WordPress installation process. Since the salts are unique to a site it is not possible to use value from one site to impersonate on the other.
The side effect is that since the real email address is not being used, the service will not be able to provide images that were uploaded into it, and will show only the automatically generated ones.
The plugin respects the Avatar settings in the “Settings” >> “Discussion” and will use the “Default Avatar” settings for the automatically generated avartar.
WordPress 4.2 and above on both standalone and multisite/network