Did you know that fonts made quite a stir in the WordPress community?
Well… Not literally “fonts”. It’s more like Google fonts, specifically, were the center of this recent controversy.
It has something to do with a court fining a website, remote hosting Google Fonts, GDPR violation, and the move to locally-hosted fonts.
What was wrong with remote hosting Google Fonts?
The whole drama started when a German court fined a website because of its violation of Europe’s General Data Protection Regulation (GDPR).
Ari Stathopoulos, an active WordPress Core Contributor at Yoast, said the following in his post in regards to this issue:
Unfortunately, Google fonts, as a whole, was an exception because in the past, there was “no reliable” way to host them locally.
As you know, fonts were important in a theme’s design so no author would leave the idea of ignoring typography in a theme.
However, this is a violation of GDPR, as pointed out by a commenter in the original post:
It is true that fonts from external providers are included on your website. It is also true that this is a violation of the GDPR, because through the integration personal data (IP address of the website visitor) is passed on to third parties (the provider of the web font). The violation (as far as I can judge as a non-lawyer) can also not be argued with a “legitimate interest” (Art. 6 para. 1 let. f GDPR), because there are technical possibilities to integrate the web font differently. For example, you can use the (currently not actively maintained) plugin Self-Hosted Google Fonts.– Bego Mario Garde
This is why Google fonts can’t be an exception anymore. It poses a lot of problems for both WordPress theme authors and website owners.
The move: Hosting fonts locally
Violating GDPR wasn’t the intention of why Google fonts was viewed as an exception. Like what Ari explained:
The exception for Google-fonts as an external resource predates this team’s efforts to locally host webfonts. If a theme saves fonts locally, they are no longer considered an “external resource”.
Ari published a post a few years ago on how to locally host the webfonts — which requires downloading the wptt-webfont-loader.php file from the repository first.
According to Benachi, a WordPress themes author:
The themes team strongly encourages the theme authors to update their themes. We recommend updating by switching to locally hosted webfonts. Luckily Google Fonts can be downloaded and bundled in a theme. Bundled font files allow users to host webfonts locally and comply with GDPR.
Benachi also suggested ways on how to locally host webfont files:
- Learn from the Twenty Twenty-Two theme on how to bundle locally hosted webfont files through theme.json
- See Ari’s post on how to implement a webfont API in WordPress core for those using functions.php
- Use the webfont-loader package in conjunction with the webfonts API
What this means for site owners
Well, the move was designed to protect both theme authors and site owners from violating GDPR and paying fines.
Theme authors are “strongly encouraged” to update their themes and switch to locally hosted webfonts. It’s also likely that new themes will not be permitted to use external resources without exception.
The updates and behind-the-scenes will not really affect site owners. The only thing site owners have to do is update their themes once an update is ready.
How do you feel about this recent controversy? If you have some questions or thoughts on this matter, please share them in the comment section.