WordPress sends user email addresses to Gravatar’s servers every time a user profile photo needs to be displayed. Simple Local Avatars provides an alternative, but understanding why you might want to remove Gravatar is the first step.
What Gravatar Does
Gravatar is a service from Automattic that associates a profile photo with an email address. When WordPress needs to display a user avatar — in comments, author bios, or user lists — it generates an MD5 hash of the email address and sends a request to gravatar.com with that hash. If a Gravatar profile exists for that email, the image is returned. If not, a default image or a generated avatar is returned.
The Privacy Problem
The issue is that MD5 hashes of email addresses are not truly anonymous. Databases of email-to-hash mappings exist, meaning a determined party could reverse the hash to identify the email address. This is relevant under GDPR — sending user email data (even hashed) to a third-party service without explicit consent may require disclosure in your privacy policy and potentially explicit user consent.
For sites with comment sections where visitor email addresses are collected, each commenter’s email is sent to Gravatar on every page view that displays comments. Visitors did not necessarily consent to this data transfer.
The Performance Problem
Each Gravatar request is an external HTTP request. On a blog post with 20 comments, the browser makes 20 separate requests to gravatar.com to retrieve (or fail to retrieve) avatars. Each request adds latency. If gravatar.com is slow or down, avatar loading stalls the page.
Disabling Gravatar Completely
The quickest way to disable Gravatar is to add this to your child theme functions.php:
add_filter( 'get_avatar', function( $avatar, $id_or_email, $size, $default, $alt ) {
return '<img src="' . esc_url( get_template_directory_uri() . '/images/default-avatar.png' ) . '" width="' . esc_attr( $size ) . '" height="' . esc_attr( $size ) . '" alt="' . esc_attr( $alt ) . '">';
}, 10, 5 );This replaces all avatars with a single default image. No external requests are made. Replace the image path with your actual default avatar file.
Using Simple Local Avatars Instead
Simple Local Avatars lets users upload profile photos locally. For users without a local avatar, you can configure it to show a default local image rather than falling back to Gravatar. In the plugin settings under Settings, then Discussion, enable Only show local avatars. This prevents any Gravatar lookups while still showing meaningful profile photos for users who upload them.
Updating Your Privacy Policy
If you currently use Gravatar and continue to do so, your privacy policy should mention the data transfer to Gravatar. WordPress’s built-in privacy policy generator includes a Gravatar section. Go to Settings, then Privacy to review and update your privacy policy page.
Deactivation Checklist
After disabling Gravatar or switching to local avatars: check your comments section, author bio areas, WooCommerce account page, and any other places avatars appeared. Verify the replacement images or local avatars are displaying correctly. Check for any remaining gravatar.com requests in the browser Network tab.
For GDPR compliance setup on WordPress including privacy policy configuration, cookie consent, and data processing documentation, a WordPress developer can implement a complete compliance baseline for your site.