Privacy-First Gravatar Replacement, Pixel Avatars Module Released for the Toolbelt WordPress Plugin

Decorative image of pixel avatars set in multiple columns and rows.

Ben Gillbanks decided to put an old idea into motion. After the discussion over Gravatar privacy concerns and local avatars in WordPress reignited a couple of weeks ago, he went to work building Pixel Avatars, a generated avatar solution that requires no connection to a third-party service.

Gravatar solves a huge problem. It creates a global avatar so that users need to upload an image to only one site and carry it around the web with them. To use the service, sites must pass email addresses back to Automattic-owned, such as when a visitor leaves a comment. The typical local avatar solution suffers because it forces users to sign up and upload an image for that specific site. Neither option is ideal for every site owner. And, both options tend to add heavily to the page load speed, depending on the number of avatars loaded.

That is where Pixel Avatars come into play. The script has all the privacy benefits of local avatars while maintaining a light footprint.

“Initially, I just liked the idea of making dynamic images that can follow you around the internet,” said Gillbanks. “I hadn’t even considered the privacy implications of using Gravatar — although in hindsight they are obvious.”

He is launching Pixel Avatars as a module in Toolbelt, a WordPress plugin that he launched in 2019. The plugin is a privacy-focused alternative to Jetpack, another project of Automattic that relies on connecting to a third-party server.

“The last few years have made a lot of people more aware of privacy online and so I want everything I build to have privacy as a priority,” he said.

Gillbanks had not put much thought into the Gravatar vs. local avatar discussion until the WP Tavern coverage of it. It is nice to see that we are least in part responsible for some innovative ideas.

“It is accepted that using Gravatar is how you add avatars to WordPress sites,” he said. “However, Gravatar is owned by Automattic and it has the potential for them to generate a lot of data about what sites people view (comment on), and how popular websites are. I have no reason to be suspicious here. I doubt it’s being used in this way, but the potential is there and we’d have no way of knowing if it was being used for data collection.”

He further explained that he believes Gravatar would be better as an optional plugin. “Even a bundled plugin would be better than having it on by default,” he said. “In my opinion, the default should be local avatars with a fallback similar to what I have made for non-registered users (or just a blank image). I’ve offered my code to the core privacy team — my plugin is GPL and the code is on Github, so they are welcome to use it if they wish.”

How the Pixel Avatars Feature Works

Pixel Avatars are completely local to the site. Using 5kb of JavaScript, which is smaller than a single avatar image on average, the code generates a pixelated avatar. For each user, the plugin creates a hash string using their email address. This method also ensures that the avatar is consistent regardless of what site it is used own.

One of the reasons this is much faster than traditional avatar systems is that the avatars are generated. They are not images that must be loaded, which can be especially problematic when loading a blog post with 100s of comments, each with its own avatar.

“If you use external or local avatars then you will still need to load additional image files and no matter how good your content delivery system (server, CDN, third-party avatar service, etc.), this will mean more data transfer, so a slower page load than my Javascript system,” said Gillbanks.

From a technical perspective, the script is relatively simple. It short-circuits the core WordPress get_avatar() function and returns an HTML canvas element with a unique data property containing the hash of the user’s email address. Once the page is loaded, the JavaScript code generates a unique image for each of the canvases.

“Since I am filtering a core function, this will work everywhere that function is used,” said Gillbanks. “Comments in the admin, the little avatar in the admin bar, and any other pages or blocks that make use of the get_avatar() function. It’s not just for comments.”

Some site owners may want to use Toolbelt to handle guest commenter’s avatars while serving a local avatar for logged-in users. This system could be the best of both worlds — local avatars for those who have them and not sending any data from site visitors to a third-party site. Gillbanks has tested against 10up’s Simple Local Avatars plugin, but it should work with other local avatar plugins.


11 responses to “Privacy-First Gravatar Replacement, Pixel Avatars Module Released for the Toolbelt WordPress Plugin”

  1. all very good BUT,.

    I would rather see built in the core option that would let users upload their own picture as avatar..

    the user profile has all these fields:
    Username Usernames cannot be changed.
    First Name
    Last Name
    Nickname (required)
    Display name publicly as
    Contact Info

    Email (required)

    it’s all good, we have a toolbar at the top, where users can access their profile
    And yet, NO chance to upload the image natively without a plugin.. :((((

  2. If privacy is a concern with gravatars, why not ask Automattic to add to their privacy policy? The Automattic privacy policy applies generally to a number of their sites and services, but it would be possible to exclude Gravatar data from advertising and tracking (if that is the concern).

    • Adding something to the privacy policy doesn’t remove privacy concerns. It just makes what they are doing with the data clearer. Whatever the privacy policy says you’ll still be giving data to a third party, and some people don’t want to do that.

      Plus – what’s wrong with having more choices? You don’t have to use this. And if Gravatar does get removed from core (which I can’t see happening), I’m sure there will be a plugin to add it back pretty quickly.

  3. The current Gravatar implementation is painful from a UX and privacy situation. The worst thing is that it even smells a little bit fishy.

    Let me explain why:

    Today I had to change our organization email address in our account on

    Due to that, our avatar image was gone. It’s obvious why; I changed the mail address, so gravatar lost the connection. Not a big deal, I trust Automattic and have no issues with adding our new mail address to (Another user might not think same as I do but this is another topic)

    Here comes what smells: When you go to for the sake of adding a new avatar image, you are required to go through the normal registration process. That process does not differentiate between me as an experienced developer who only wants to add an avatar to his account and a user who wants to use the service for creating a hosted blog or something else.

    So, I’ve created the new account, and WordPress immediately added me into the sales/registration funnel for adding a new domain and a hosted website.

    I got a marketing mail instantly in my inbox that I am ” a few steps closer to creating a great website.”

    Please, I didn’t want this. I didn’t want to use any of the hosted services, and I was not particularly eager to get any marketing emails from you when I did not explicitly give you my consent.

    I only wanted to create an avatar image for my public account, where I am very active every day. I did not expect was trying to pull me into their hosted ecosystem that aggressively.

    After checking account privacy settings, it turned out that the system automatically activated my account to share my information with the analytics tool.

    It opted me in instantly after registration, and I had to unsubscribe from it manually —the same as with the marketing emails.

    I don’t think this is the correct way how you do it, and I’d appreciate it if you take the user’s privacy more seriously.

    Frankly, I am more than a little bit surprised or better say disappointed how Automattic handles this, especially as we as small plugin developers have to take care a lot not to break any rules.

    Jeff wrote an interesting article in 2016 about a similar bad experience he had with the gravatar service. It did not touch much the privacy issues, but it’s still up to date:

    Please give us users the option to upload a local avatar, especially on

    Thank you🙏


Subscribe Via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

%d bloggers like this: