- The WordPress The Themes team has changed the guidelines and allows theme authors to host their fonts locally.
- The team responds to a recent German court case, which fined a website owner for violating GDPR by using web fonts hosted by Google.
- The team came up with a solution that involves saving the fonts locally on the site’s server. So that they are not considered an “external resource”. And there will be no GDPR violation in this case.
The team behind WordPress themes has informed that the remote Google Fonts guidelines are ready for change. Web fonts must first be saved locally and then hosted locally. If an external resource is used in the theme, a privacy function must be called to avoid privacy related data protection.
Save web fonts locally on the site server
Normally WordPress themes hosted in the w.org theme repository couldn’t use third-party resources. It was not possible. But Google Fonts have been excluded from this rule. Because back then there was no better way to use locally hosted web fonts, and typography is a fundamental part of designing a theme. Earlier this year, a website owner was fined for violating GDPR by using Fonts hosted by Google by a German court. Although the fonts can be used without logging into Google, the court ruled that this was a violation of European GDPR (General Data Protection Regulation). Because Google Fonts discovers the visitor’s IP address.
This case caused new threats against website owners and confusion for the themes team. As a result, the WordPress themes team changed the guidelines and allows theme authors to host their fonts locally. The team came up with a solution that involves saving the fonts locally on the site’s server. So that they are not considered an “external resource”. And there will be no GDPR violation in this case.
Themes can use any GPL-compliant web font, regardless of the provider used (google fonts or other web font providers), as long as the font comes with the theme or the themes implements a system to automatically download the remote web font on the site server. . Yoast Sponsored WordPress Theme Contributor Ari Stathopoulos wrote a blog post to answer some questions the team received about fonts in themes. He said;
“Yes, the theme is allowed to write the font locally. The limitation should be to not place the files somewhere where they will be overwritten during the update. If the theme bundles font files into its own package, those files can be in the theme itself. If the theme downloads web fonts and automatically saves them to the site’s server, then a location inside wp-content would be ideal (such as wp-content/uploads/fonts or wp-content/fonts). However, if the theme does not bundle web fonts, it should not write these files to the theme folder itself, as this folder will be overwritten during the update. Of course, putting the files in Core folders like wp-admin, wp-includes, etc. would be unacceptable.
According to the Yoast contributor, a theme is not allowed to use external resources. Currently the guidelines allow remote Google Fonts, but this may change soon. If the theme uses the external resource, it should call a privacy function and ensure that these resources are not loaded without the user’s explicit consent. But for web fonts or bundled downloads so they can be hosted locally, there is no need to call a privacy function. Once the resources are uploaded to the server, they are no longer an “external resource”.
Alternately, bunny fonts which are open-source, a privacy-friendly web font platform with no tracking or logging and fully GDPR compliant can be used. Bunny Fonts is adaptable to Google Fonts CSS v1 APIs so it can work as a direct replacement for Google Fonts by just changing the hostname. Currently the Themes team is waiting for a kernel to be implemented better support for loading local fonts before making a global request for themes hosted in the directory.