I've got an install that's loading the wrong gravatar and I can't figure out why. Most confusing is that it's doing it in the front-end templates AND in the admin. Here's a screen cap:

The user and email listed are not mine, but the face is. Any idea how that's happening?

Even since Gravatar and Jetpack and linked accounts and whatnot I've felt a little disconnected with how these images are actually conjured, but this is the first time it's bitten me like this.

I've got an install that's loading the wrong gravatar and I can't figure out why. Most confusing is that it's doing it in the front-end templates AND in the admin. Here's a screen cap:

The user and email listed are not mine, but the face is. Any idea how that's happening?

Even since Gravatar and Jetpack and linked accounts and whatnot I've felt a little disconnected with how these images are actually conjured, but this is the first time it's bitten me like this.

• comments
• avatar
• gravatar

Share Improve this question asked Feb 16, 2015 at 2:03 clarkclark 59122 silver badges1010 bronze badges 6

• 3 Is the URL of the image that it's loading wrong, i.e. a hash of your email address and not nmorgan's? Is there any chance he/she has set up a gravatar account with your picture? – Rup Commented Feb 16, 2015 at 7:05
• 2 Could you provide URL of image in full from page source? – Rarst Commented Feb 16, 2015 at 11:02
• @Rarst here is the post in question: careerplug/considerate-rejection – clark Commented Feb 16, 2015 at 20:22
• @Rup I was thinking about asking her if she registered with my address but that just seemed reachy, haha. Is there a way to deduce the email requested from the hashed URL? – clark Commented Feb 16, 2015 at 20:23
• It's a one-way hash, so you can't determine the email address from the URL but you can hash a list of candidate email addresses to see if one matches. And I think they do: the hash component in the URL on your website is the same as in your image here (gravatar/avatar/d6b10d5767d1e29006c11e1a2c590f3c). Which doesn't, I suppose, mean that Jetpack or something similar is mapping the two accounts together and returning your email address to hash, but at first glance I'd guess she's just using your address. (Can't you check that from the users admin interface?) – Rup Commented Feb 16, 2015 at 20:46

 |  Show 1 more comment

2 Answers 2

Sorted by: Reset to default 1

If you go to http://gravatar/d6b10d5767d1e29006c11e1a2c590f3c (omit the /avatar/ from path) you get http://gravatar/clojita which seems to be your gravatar account, correct?

MD5 collision is unlikely (but maybe it's time to buy a lottery ticket :)

Look at source fetches interesting detail — the comment in question has comment-author-clark class. So it's not only the gravatar that is confused.

That class is generated in get_comment_class() function and is coming from user retrieved via $comment->user_id. It's hard to guess more without hands on dumping of data, but my educated guess is that something is screwed up exotically in or around comment template.

First thing I'd try (dumping everything aside) is switching to native theme and/or looking into differences between theme's comments implementation from original Underscores.

I know this is old post but had same issue and figured it out: user ID is of the author of the original post (article) against which the comment was written ... best to repress comment gravatars altogether, or put in a filter to lookup by email io users ....