The WordPress Themes Team is about to change its guidelines on remotely hosting Google Fonts and once again strongly urges theme authors to host their fonts locally. Yoast-sponsored contributor Ari Stathopoulos posted an update today to answer some questions the team has received about fonts in themes:
Google Fonts was an exception to this rule because, at the time, there was no reliable way to implement locally hosted web fonts, and typography is an integral part of a theme’s design.
Google Fonts, however, can no longer be considered an exception to this guideline due to GDPR and privacy implications.
The team responds to a recent German court case, which fined a website owner for violating GDPR by using web fonts hosted by Google. This case sparked a few other threats against website owners and many questions for the Themes team.
What was once a strong recommendation from WordPress.org is now a warning that guidelines are about to change.
“A theme should not be allowed to use external resources,” Stathopoulos said. “The guidelines currently allow remote Google Fonts, but that will likely change soon. If the theme uses external assets, then yes, it should call a privacy function and ensure that those assets are not loaded without the explicit consent of the user.
A ticket to update default WordPress themes to load Google Fonts locally has a fix but the milestone is set for WordPress 6.1. This will make all core themes GDPR compliant, but won’t arrive until October.
Some theme authors saw the writing on the wall a few weeks ago and have been working to update their themes to load fonts locally.
“I decided to do it too,” said Rough Pixels founder André Jutras. “Although a few themes have a font selection option in the Customizer with Google’s full selection. This is going to be difficult to change with existing users using it. My new theme will definitely have local fonts.
Offering a selection of fonts to users inside the theme isn’t as easy as just including one or two fonts that come with the theme.
“I tried to do the same with Blockbase,” said Automattic developer Jason Crist. “But Blockbase comes with a LOT of fonts to choose from, so this was a unique challenge.”
In 2020, the Themes team created a package that helps theme authors host their web fonts locally. It was created in anticipation of the removal of Google Fonts as an exception to the rule prohibiting the use of CDNs to load assets.
Bunny Fonts are an alternative to Google Fonts that some plugin authors have on their radar now that some European jurisdictions are cracking down on Google-hosted fonts. It is an open-source, privacy-friendly, zero-tracking, zero-logging, and fully GDPR-compliant web font platform. Bunny Fonts is compatible with the Google Fonts CSS v1 API and can therefore work as a direct replacement for Google Fonts by simply changing the hostname. If the Themes team were to add a service to its list of exceptions, Bunny Fonts would be a more privacy-friendly option than Google Fonts.
The Themes Team is waiting on the kernel to implement better support for loading local fonts before making a drastic requirement for themes hosted in the directory. In the meantime, WordPress theme authors have time to update their themes to load Google Fonts locally before a requirement is put in place.