- The WordPress Themes team has changed the guidelines and they allow theme authors to host their fonts locally.
- The team is responding to a recent German court case, which fined a website owner for violating the GDPR by using Google-hosted web fonts.
- The team came out with a solution which is to save fonts locally on the site’s server. So that they will not be considered an “external resource”. And there will be no violation of GDPR in this case.
The team behind WordPress themes has informed that the guidelines on remote Google Fonts are ready to be changed. The web fonts must be saved locally first and then host locally. If an external resource is used in Theme, a privacy function should be called to avoid any data protection privacy.
Save webfonts locally on the site’s server
Normally, WordPress themes hosted in the w.org themes repository could not use third-party resources. It was not possible. But Google fonts were excluded from this rule. Because, back then, there was not any better solution to use locally hosted web fonts, and typography is a basic part of a theme’s design. Earlier this year, a website owner was fined for violating the GDPR by using Google-Hosted Fonts by a German court. Although the fonts can be used without connecting to Google, the court considered this a violation of Europe’s GDPR (General Data Protection Regulation). Because Google Fonts uncover the visitor’s IP address.
This case prompted further threats against website owners and confusion for the Themes team. As a result, the WordPress Themes team has changed the guidelines and they allow theme authors to host their fonts locally. The team came out with a solution which is to save fonts locally on the site’s server. So that they will not be considered an “external resource”. And there will be no violation of GDPR in this case.
The themes can use any GPL-compatible webfont, no matter which the provider used (google fonts or other webfont providers), provided that the font is bundled with the theme or the themes implements a system to automatically download the remote webfont on the site’s server. Yoast-sponsored contributor of WordPress Theme, Ari Stathopoulos wrote a blog post to answer some questions that the team has been receiving about fonts in themes. He said;
« Yes, the theme is allowed to write the font locally. The limitation should be to not put the files somewhere they’ll be overwritten on update. If the theme bundles the font-files in its own package, then these files can be in the theme itself. If the theme downloads the webfonts and saves them automatically on the site’s server, then a location inside wp-content would be ideal (like for example wp-content/uploads/fonts or wp-content/fonts). However, if the theme does not bundle the webfonts, then it should not be writing these files in the theme’s folder itself, as that folder will get overwritten on update. Of course, placing the files inside Core folders like wp-admin, wp-includes etc would be unacceptable.»
According to Yoast contributor, a theme is not allowed to use external resources. Right now, the guidelines allow for remote Google fonts, but this may be changed soon. If the theme uses the external resource, it should call a privacy function and make sure that these resources don’t get loaded without the user’s explicit consent. But for the bundled web fonts or downloads so they can be hosted locally, there is no need to call a privacy function. Once the resources are downloaded to the server, it is no longer an “external resource”.
Alternatively, Bunny Fonts which are open source,privacy-first web font platform with no tracking or logging and are fully GDPR compliant can be used. Bunny Fonts is adaptable to the Google Fonts CSS v1 API so it can function as a drop-in replacement to Google Fonts by just switching the hostname. Currently, the Themes team is waiting on a core to implement better support for loading local fonts before making a global demand for themes hosted in the directory.