Visitor Privacy

A plugin to fix some privacy issues presented by WordPress and popular plugins.


The main issues that this plugin fixes are with Gravatar and Leaflet Map.

The issues with Gravatar is best explained by our comment on this Trac Ticket Report … namely …

  • Users’ email address hashes are exposed
  • Users can be tracked across all sites they’ve posted content to via their unique email hash
  • Visitors’ browsers make requests to Gravatar when a Gravatar for a particular user doesn’t even exist
  • Visitors’ browsers from make requests to third party Gravatar servers exposing their IP addresses without their prior consent

What this plugin does is get the web server to download a user’s Gravatar (if one exists) and then cache it locally and serve it by their local user ID rather than by a hash of their email address. This resolves all the issues we highlighted above.

The issue with Leaflet Map is that map tiles and the Leaflet JavaScript library are downloaded from third party servers by visitors’ browsers which in turn exposes their IP addresses without their prior consent.

Similarly to our Gravatar solution, the plugin downloads the Leaflet JavaScript library and map tiles and caches them locally.

This plugin is not published so if you would like to use it, please contact us.