I’m writing a plugin to PPK encrypt non-public comment data as a second line of defence against crackers (one of my sites was recently compromised, so I have been rather spurred into action!). To achieve this, I am writing a meta comment value containing the encrypted email/IP for each comment, and once everything has been tested, the admin will be able to click a button and safely null the plaintext email/IP fields.
Unfortunately this means that Gravatars will stop working, since this requires a plaintext email field. So, I believe I can register on the get_avatar
filter, but as far as I can tell I’ll need to replicate all of the get_avatar()
function in pluggable.php. Obviously that would means any subsequent core updates to this function will have to be manually patched into my copy, which is rather inelegant.
Or is there something I may have missed in which I can supply a MD5 hash and get all the other goodness in core Gravatar functionality automatically? I do love WP, but the dev docs are a touch on the sparse side for this :)
If that’s not possible, I might try to ask the core team if they would consider adding a new filter. I should think blogs wanting to store personal data only for a limited time would appreciate a way of still being able to use Gravatars on much older comments.
From Gravatar.com:
Instead of storing an email adress in the comment data, you can store the md5-hash of that email adress. The email adress is encrypted and you can use gravatars. Use the filter
add_filter( 'preprocess_comment', 'email_to_md5' )
to modify the email adress and do not null it later.