How to change the default Gravatar in WordPress

Short answer: go to Settings > Discussion in the WordPress admin and scroll to Avatars. Make sure Show Avatars is ticked, then pick a different option under Default Avatar – Mystery Person, Blank, Gravatar Logo, Identicon, Wavatar, or MonsterID. Save changes, and that image is now what shows up for any commenter who does not have a Gravatar attached to their email. To use your own image as the default avatar, you need a small theme snippet or a plugin like WP User Avatar or Simple Local Avatars, because WordPress’s built-in list does not include a custom upload field.

The default avatar is the placeholder image that appears next to a commenter’s name when that commenter has no Gravatar set. On a fresh WordPress install it is the Mystery Person silhouette – a generic grey outline that has been the default since WordPress 3.1. Most site owners never think about it, but if you have a busy comments section, that silhouette is staring at every reader from every unrecognised commenter. Changing it is a thirty-second job. Replacing it with your brand’s mark takes one extra step.

This guide covers all of it: the built-in options, how to use a custom image, why Gravatar exists in the first place, and the privacy angle that nobody talks about until their legal team asks.

What a Gravatar actually is#

Gravatar stands for “globally recognised avatar.” It is a service run by Automattic – the same company behind WordPress.com and the Jetpack plugin – that ties an image to an email address. Upload a photo once on gravatar.com, and that photo appears on every WordPress site (and many other platforms – Stack Overflow, GitHub historically, Slack, plenty of comment systems) that asks for the avatar belonging to your email.

The way it works under the hood is simple. WordPress takes the commenter’s email address, runs it through an MD5 or SHA-256 hash, and requests https://secure.gravatar.com/avatar/<hash> from the Gravatar service. If Gravatar has an image tied to that hash, it returns it. If not, it returns whatever default you have configured – and that is what the Default Avatar setting controls.

This matters because the default is only used as a fallback. Commenters who have already set up a Gravatar will keep showing their own picture no matter what default you pick. The setting only affects the silent majority of commenters who never bothered with Gravatar.

Change the default Gravatar using the built-in options#

This is the path most sites use. It requires no plugins, no code, and takes under a minute.

1. Sign in to the WordPress dashboard.
2. In the left sidebar, go to Settings > Discussion.
3. Scroll down to the Avatars section near the bottom of the screen.
4. Make sure Show Avatars is ticked. If it is not, avatars are disabled site-wide and the default will not show up anywhere.
5. Under Default Avatar, choose one of the radio options:
   • Mystery Person – the grey silhouette, the WordPress default.
   • Blank – a transparent image. Useful if you want to remove avatars from comments visually without disabling the feature entirely.
   • Gravatar Logo – the Gravatar service’s own logo.
   • Identicon – a unique geometric pattern generated from the commenter’s email hash. Every email gets a different shape.
   • Wavatar – cartoon faces, also generated from the email hash.
   • MonsterID – friendly monster illustrations, also unique per email.
6. Scroll to the bottom of the page and click Save Changes.

That is it. Refresh any post that has comments and you will see the new default for any commenter without a Gravatar.

The three “generated” options – Identicon, Wavatar, MonsterID – are worth a second look. Because each one is generated from the commenter’s email hash, every commenter without a Gravatar gets a different image. That breaks up the visual monotony of a long comments thread, and people seem to like seeing a unique-but-anonymous picture next to their name. If you are not going to upload a brand image, Identicon is the most professional-looking of the three.

The same Settings > Discussion screen controls a lot more than avatars – comment moderation, pingbacks and trackbacks, email notifications, the disallowed comment keys list. If you are setting up a fresh site, it is worth scrolling through the whole screen once and tightening anything you have not configured. The defaults are reasonable but not optimal.

Use a custom image as the default avatar#

WordPress’s built-in Avatars section does not let you upload your own image. The list is hard-coded. To use your logo or a custom illustration as the default, you have two options: a plugin or a small snippet in your theme’s functions.php .

Option 1: A plugin#

The two best-known options are WP User Avatar and Simple Local Avatars. Both add an upload field to the user profile screen and an option to set a site-wide default image. They override the Gravatar lookup, which means commenter avatars are now served from your own site instead of from gravatar.com – useful for performance and for the privacy reasons covered below.

To set a custom default with WP User Avatar:

1. Install and activate WP User Avatar from Plugins > Add New.
2. Go to Settings > Avatars (the plugin replaces the built-in Avatars section).
3. Upload your custom image in the Default Avatar field.
4. Save changes.

Simple Local Avatars works the same way but is a leaner plugin if you do not need the full user-upload feature.

Option 2: A theme snippet#

If you would rather not add a plugin, you can register a custom default avatar with about ten lines of code. Open your child theme’s functions.php (never edit the parent theme – the change will be wiped on the next update) and add:

add_filter( 'avatar_defaults', 'hostney_custom_default_avatar' );
function hostney_custom_default_avatar( $avatar_defaults ) {
    $custom_avatar_url = get_stylesheet_directory_uri() . '/images/default-avatar.png';
    $avatar_defaults[ $custom_avatar_url ] = 'My custom default';
    return $avatar_defaults;
}

Drop your image file into wp-content/themes/<your-theme>/images/default-avatar.png (or wherever the path points to) and go back to Settings > Discussion. Your custom option now appears in the Default Avatar radio list. Select it, save, done.

Recommended image size is 96×96 pixels – this is the size WordPress requests from Gravatar in most theme contexts. Anything larger is wasted bytes; anything smaller and the image will be scaled up and look fuzzy on retina screens. PNG with transparency works well; JPEG is fine for photos.

Disable avatars entirely#

If you do not want avatars on your site at all – because they are visual noise, because you have a comments-free site, or because of the privacy concerns in the next section – untick Show Avatars in Settings > Discussion and save. WordPress will stop calling Gravatar entirely, and no avatar images will appear in comments, the author archive, or anywhere else a theme renders get_avatar() .

This is a heavier change than picking a different default. It removes a visual element from the comments section, and on sites where readers identify each other by face, that can make the conversation feel more anonymous. Test it on a busy thread before committing.

The privacy angle: Gravatar leaks email information#

This is the part most tutorials skip. Gravatar is a third-party service. When a commenter’s email is hashed and the hash is sent to gravatar.com, two things happen that have implications under privacy laws:

1. gravatar.com sees the IP address of every visitor to your comments section. That includes visitors who never typed an email anywhere – they are just reading. Their browser fetched an avatar image from gravatar.com when they loaded the page, and gravatar.com logged the request.
2. An email hash is not as anonymous as it looks. MD5 and SHA-256 hashes are one-way, but the address space of common email addresses is small enough that a reverse lookup of common emails is trivial. There are public databases of “hashed email -> known account on platform X” because the hash is the only ID Gravatar uses. If your commenter’s email is in one of those databases, an attacker can correlate a Gravatar hash on your site with their account elsewhere.

For sites in the EU – or sites serving EU readers – this falls under GDPR. Loading an external avatar pings a third party with a visitor identifier (the email hash) and the visitor’s IP. There is no consent flow for that lookup in stock WordPress.

There are three reasonable responses depending on your appetite for the topic:

• Disable avatars. Cleanest from a privacy standpoint, weakest visually.
• Use a local-avatars plugin. WP User Avatar and Simple Local Avatars serve avatars from your own server, so Gravatar is never called. Commenters who set a Gravatar elsewhere will not have it appear on your site – but no email hashes are sent to gravatar.com either.
• Add Gravatar to your privacy policy. If you want to keep the convenience of Gravatar, document that you use it, link to Automattic’s privacy policy, and let visitors know that their email hash is sent to a third party. This is the minimum if you keep Gravatar enabled on a site serving EU readers.

What you should not do is leave Gravatar enabled and ignore it. The amount of data Gravatar quietly collects from your readers is non-trivial, and “the default WordPress setting” is not a defence under GDPR.

How the default Gravatar shows up across your site#

The default avatar is used in more places than just comments. WordPress calls get_avatar() from several theme contexts, and each one falls back to your configured default for users without a Gravatar:

• The comments list under every post.
• The author byline on single-post pages, if the theme renders one.
• The author archive page ( /author/<username>/ ), if the theme shows the author’s avatar.
• The admin user list at Users > All Users.
• The user profile screen in the admin, on each user’s own page.
• Some block patterns – the new block-theme Author Avatar block uses the same Gravatar lookup.

For registered users on the site – your Authors, Editors, and Administrators – changing the default does not affect their displayed avatar if any of them already set up a Gravatar against their account email. That setting overrides the default for that specific user. The default is the fallback for everyone else: commenters without a Gravatar, and registered users who never set one up.

If you want to override an individual registered user’s avatar without forcing them to use Gravatar, the local-avatars plugins above add a per-user upload field on the Users > Your Profile screen. This is the right answer for a multi-author site where each contributor wants their own picture without depending on a third party.

Common mistakes#

A few traps catch people on this.

• Editing the default but Show Avatars is unticked. No matter what default you pick, if Show Avatars is off, nothing renders. Tick it first, then choose your default.
• Caching plugins serving the old avatar. Once you change the default, the new avatar appears immediately for unauthenticated visitors only after the page cache is purged. WP Rocket, W3 Total Cache, LiteSpeed Cache all need a manual purge if you are testing the change as a logged-out user. If you do not see the new default, log out, clear cache, hard-refresh.
• Custom theme snippet not appearing in the radio list. If your avatar_defaults filter is added but the new option does not show up under Settings > Discussion, check that the image URL is reachable. WordPress fetches the image to render the radio option’s preview. A 404 on the image silently drops the choice from the list.
• Custom default image not square. The avatar is rendered in a fixed square box (96×96 by default). Non-square images get distorted. Crop to a square before uploading.
• Assuming the default replaces existing Gravatars. It does not. Commenters who already set up a Gravatar will continue to show their own picture forever, regardless of what default you pick. The setting only changes the fallback.
• Setting a custom default and forgetting to write a privacy policy entry. If you go to the trouble of switching to local avatars for privacy, write that into your privacy policy too. The whole point of the change is to give visitors a clear picture of what is happening with their data. A silent change does not get you there.

How Hostney handles avatars#

Hostney does not interfere with the Gravatar setting. Settings > Discussion is a vanilla WordPress screen and works exactly as upstream WordPress documents. There is no Hostney-specific override or default we ship with our WordPress install.

What Hostney does help with is the broader Discussion screen. A site with a busy comments section is a magnet for spam, and our server-level bot detection sits in front of WordPress and catches a large share of automated comment attempts before they ever reach the database. That cuts down on the number of unrecognised email addresses showing up in your comments thread – which in turn cuts down on the number of times the default avatar even has to render. Less work for your server, less data sent to Gravatar, fewer “Mystery Person” thumbnails next to fake commenters.

If you decide to switch to local avatars for privacy, the storage cost is trivial – each user avatar is typically under 50KB, and our standard plans include enough storage for thousands of users without thinking about it. We do not throttle image serving the way some hosts do, so a local-avatars plugin will perform fine on a Hostney WordPress site even at scale.

For multi-author sites where each contributor wants their own picture and you do not want to depend on gravatar.com being reachable for every page load, local avatars served from your own server are also faster – especially for visitors in regions where gravatar.com’s CDN is sparse.

Summary#

Changing the default Gravatar in WordPress is one of the smaller customisations you can make, but it is also one of the most visible to readers. The grey silhouette is everyone’s first impression of an anonymous commenter, and replacing it with something on-brand – or with a generated Identicon – is a free upgrade to how your comments section looks.

The longer game is deciding whether to keep Gravatar at all. The convenience of “one avatar, every site” is real, but the privacy trade-off is real too. Switching to local avatars with WP User Avatar or Simple Local Avatars is a good middle ground for sites that want consistent visuals without the third-party data flow.

The fastest path: Settings > Discussion, pick Identicon under Default Avatar, save. If you want to go further, install a local-avatars plugin and upload your logo. Five minutes of work, lasting visual improvement.