Local Gravatars is a WordPress plugin designed to minimize potential privacy issues around Automattic’s Gravatar service.
The plugin will get your users gravatars and host them locally on your website.
Your visitors will get the gravatars directly from your website instead of the gravatar CDN, therefore increasing privacy and performance.
To avoid cluttering the filesystem and to allow refreshing gravatars, the files get flushed on a weekly basis (interval can be modified using a filter).
To avoid performance issues server-side, the download process for gravatars is limited to a maximum of 5 seconds (value can be modified using a filter).
In an interview at WP Tavern, the plugin’s author, Ari Stathopoulos, outlined the sort of risk he’s trying to reduce with the plugin,
“And when I visit a site that uses Gravatar, some information is exposed to the site that serves them — including my IP,” said Stathopoulos. “Even if it’s just for analytics purposes, I don’t think the company should know that page A on site B got 1,000 visitors today with these IPs from these countries. There is absolutely no reason why any company not related to the page I’m actually visiting should have any kind of information about my visit.”
The Local Gravatars plugin must still connect to the Gravatar service. However, the connection is made on the server rather than the client. Stathopoulos explained that the only information exposed in this case is the server’s IP and nothing from the client, which eliminates any potential privacy concerns.