Gravatar sends hashed email addresses to external servers, which is a GDPR concern. Here's how to disable it and use privacy-friendly alternatives.
Method 1: WordPress Settings (Simplest)
- Go to Settings → Discussion in your WordPress admin.
- Scroll down to the Avatars section.
- Uncheck "Show Avatars".
- Click Save Changes.
This completely disables avatar display, including Gravatar requests.
Method 2: Replace Gravatar with Local Avatars
If you still want to display avatars but without Gravatar, add this to your functions.php:
// Disable Gravatar - use local default avatar instead
add_filter('get_avatar_url', function($url, $id_or_email, $args) {
// Return a local default avatar
return get_template_directory_uri() . '/images/default-avatar.png';
}, 10, 3);
// Prevent any DNS prefetch to gravatar.com
remove_action('wp_head', 'wp_resource_hints', 2);Method 3: Use a Plugin
Several plugins handle this for you:
- One User Avatar — Allows users to upload local profile pictures
- Simple Local Avatars — Stores avatars locally on your server
- Avatar Privacy — Comprehensive privacy-focused avatar solution
Verify with InspectWP
After disabling Gravatar, run a new InspectWP scan. The GDPR section should no longer show Gravatar as an active external service.