diff --git a/README.md b/README.md
index c0437be..131a5c4 100644
--- a/README.md
+++ b/README.md
@@ -159,6 +159,10 @@ If you want to be able to set user data (extra fields, or specific user access)
 >  
 > Also note that the password will never be stored in the Grav user under `accounts/`.
 
+### Blacklist LDAP Fields
+
+With the Blacklist Fields you have the option of ignoring fields. This is useful for skipping users sensitive data or fields that are stored as media. For example phone numbers, home addresses or images, videos, etc.
+
 ### Troubleshooting
 
 If a user is simply unable to authenticate against the LDAP server, an entry will be logged into the Grav log (`logs/grav.log`) file with the attempted `dn`. This can be used to ensure the `user_dn` entry is correct and can be tested against any other LDAP login system.
diff --git a/blueprints.yaml b/blueprints.yaml
index 2c38e75..f6377c6 100644
--- a/blueprints.yaml
+++ b/blueprints.yaml
@@ -204,6 +204,15 @@ form:
               validate:
                 type: commalist
 
+            blacklist_ldap_fields:
+              type: array
+              type: array
+              value_only: true
+              label: PLUGIN_LOGIN_LDAP.BLACKLIST_FIELDS
+              help: PLUGIN_LOGIN_LDAP.BLACKLIST_FIELDS_HELP
+              placeholder_key: key
+              placeholder_value: PLUGIN_LOGIN_LDAP.BLACKLIST_FIELDS_PLACEHOLDER
+
             default_access_levels.access.site:
               type: array
               label: PLUGIN_LOGIN_LDAP.DEFAULT_ACCESS_LEVELS_SITE
diff --git a/languages/en.yaml b/languages/en.yaml
index 65fc9ec..8366332 100644
--- a/languages/en.yaml
+++ b/languages/en.yaml
@@ -36,3 +36,6 @@ PLUGIN_LOGIN_LDAP:
   USER_SEARCH_DN_DESC: 'String used to retrieve user data. If not provided, extra LDAP user data will not be stored in Grav user account file'
   VERSION: 'Version'
   VERSION_DESC: 'LDAP Version 3 is most popular, only change this if you know what you are doing'
+  BLACKLIST_FIELDS: 'Blacklist Fields'
+  BLACKLIST_FIELDS_HELP: 'A list of LDAP fields to be skipped and ignored'
+  BLACKLIST_FIELDS_PLACEHOLDER: 'Field (ie, jpegPhoto, homePostalAddress)'
\ No newline at end of file
diff --git a/login-ldap.php b/login-ldap.php
index 0afe4c8..9d0f5fe 100644
--- a/login-ldap.php
+++ b/login-ldap.php
@@ -84,6 +84,7 @@ class LoginLDAPPlugin extends Plugin
         $ssl            = $this->config->get('plugins.login-ldap.ssl');
         $start_tls      = $this->config->get('plugins.login-ldap.start_tls');
         $opt_referrals  = $this->config->get('plugins.login-ldap.opt_referrals');
+        $blacklist      = $this->config->get('plugins.login-ldap.blacklist_ldap_fields', []);
 
         if (is_null($host)) {
             throw new ConnectionException('FATAL: LDAP host entry missing in plugin configuration...');
@@ -128,7 +129,6 @@ class LoginLDAPPlugin extends Plugin
 
             // If search_dn is set we can try to get information from LDAP
             if ($search_dn) {
-
                 $query = $ldap->query($search_dn, $map_username .'='. $credentials['username']);
                 $results = $query->execute()->toArray();
 
@@ -149,6 +149,13 @@ class LoginLDAPPlugin extends Plugin
                     unset($userdata['ldap']['userPassword']);
                 }
 
+                // Remove blacklisted fields
+                foreach ($blacklist as $fieldName) {
+                    if (isset($userdata['ldap'][$fieldName])) {
+                        unset($userdata['ldap'][$fieldName]);
+                    }
+                }
+
                 // Get Groups if group_dn if set
                 if ($group_dn) {
                     // retrieves all extra groups for user