Disable access to external resources used by themes or plugins

Hi there,
since i don’t like to force my website visitors to make traceable footprints on the web by just visiting my website, i want to disable access to external websites like google fonts, gravatar, etc.

For example:
The Theme “Lingonberry” i use, does load fonts from google. I was using the script google-font-download to download the used fonts to my server before adding the necessary css file to load them from my own server instead from google.

Now i want to disable gravatar-support without having problems in this (or in any other future) theme and/or plugin (lingonberry uses comment plugin, which uses gravatar support). The related function is located in kirby/vendor/getkirby/toolkit/helpers.php. i just changed it to load a local image by return url::home() . '/assets/avatars/nogravatar.png';

Grepping for "http in base folder (and subfolders) is not realy efficient to find things like that =)

So… what else is kirby linking to?

p.s. it would be nice to have a global preference to disable any external resource, that is not added by a theme.

Kirby doesn’t link to any external resources, the gravatar function only links to an external resource, if you do actually use it. It is hard to tell what a theme or plugin might be adding.

Note that changing the source code is probably not such a good idea, since your changes will be gone with the next update.

thx for your answer.

So, the Gravatar function is the only function/thing, that is linking to an external source in the kirby basis?
Everything else is only done by a theme or plugin?
(for example, the comments-plugin uses the gravatar function)

Do you recommend any other solution to disable the gravatar function globaly, without editing source-code? For sure, i would prefer any other solution than editing source-code.

thx in advance

As far as I can see, there is no other function that calls an external source. And of course, the gravatar() function only calls an external source if it is used anywhere, like in the comments plugin. Therefore, I don’t think changing the gravatar function makes much sense,

The best solution would be a config setting in the plugin that uses this function, that makes use of this function optional, rather than changing any core files.

well, changing core files is indeed a problem.

But a centralized change is much more efficient then checking and editing every plugin and theme one by one.

maybe there is another solution?

Create your own Kirby site without themes or plugins?


well… for sure this is more workload than checking and editing themes and plugins… so this is not an option.

Maybe there is a way with .htaccess… i think in theory can rewrite the call to gravatar etc to something local, rather then hacking stuff. Perhaps there is something here that helps.

Well, you would need access to the gravatar server to rewrite a call to gravatar.com to your own server.

Your own server can only handle incoming calls, not outgoing ones.

Wellllll i did say maybe :slight_smile: I thought that was the case.

Personally I would argue that its up to individual users to protect their information as they see fit (adblockers, privacy extensions in browsers, regularly clearing your cache). I keep stuff that tracks down to a minimum on my websites, and sticky to trustworthy services. For example, I use Piwik for analytics because i can keep the data on my server in my own DB, and I anonymise the end of IP addresses.

If you really want to scare yourself, install this on Firefox and go surfing for an hour or two.

Sometimes it’s better to say nothing, I think.:wink:

Sometimes I’m not quite sure if your kidding around or not (please don’t misunderstand, i mean that playfully) :slight_smile:

What about the hosts file or maybe server firewall if you’ve got control of it?

@demlak Apache 2.2.7 and later has the mod_substitute directive which in fact allows you to modify the server response. So your guess wasn’t that bad after all, @jimbobrjames :peace_symbol:

Don’t know if that really makes sense to filter all server responses just to get rid of a single link. Also, you would have to know what you want to modify, since you don’t want to replace all outbound links.

Hm, unfortunately, it’s rather that we have to protect ourselves as best we can because everyone wants our data that badly. We’d be better off without these data grabbers. On the other hand, there are websites that may not collect user data because of privacy regulations, in which case we as developers have to make sure we do not use any third party scripts that do collect user information.

Oh sure, I totally agree. When European Government decided we all had to get permission from website visitors before dropping any cookies, I had to put a pop up banner on like 40 websites at the company i worked for. Worst week of my life.

@demlak Just on a side note, it’s not the comments plugin that uses the gravatar() method but the Lingonberry theme in the nested.php snippet.

So I’d recommend modifying that snippet instead. That bit of code could probably be better solved with a recursive snippet anyway (would make the code easier to read). That way, you will not run the risk of accidentally overwriting your source code changes when updating Kirby.

Since the gravatar()-function is a php-function. Is it possible to override/replace it by a plugin?

No, you cannot redeclare an already declared function.

What @texnixe meant is that you can modify the nested.php snippet of the Lingonberry theme so that it doesn’t call the gravatar() function in the first place. Then there’s no need to modify or override the gravatar() function at all.

This is also the reason why it makes sense to create your own site without the use of a theme if you want full customization. I understand that this is more work than using a theme, but with themes you always get stuff which you don’t want. :slight_smile:

Exactly, and it’s not only the use of methods that call external libraries. Sometimes, a theme might not be up to date with best coding practices in general, use unnecessary or outdated libraries etc. It’s always advisable to check the code and modify where necessary.


Hey there,
since I didn’t know you were discussing Lingonberry in particular here, I’m kind of late. Why not open an issue on GitHub (like you did before, thanks again) or invite me to this thread?


Personally, I’m not a fan of Gravatar, which I only included because the original theme does - with Gravatar being owned by Automattic (Wordpress founder Matt Mullenweg’s company behind Wordpress [dot] com). I’m open to make Gravatar support optional for the Kirby version, you know …

@texnixe: On a more general note, I’m intrigued by ‘recursive snippets’ & ‘code easier to read’, too (so tell me, please)!


As always, feel free to tell me about best practices, I really appreciate chances to improve.