In June 2022, the WordPress.org theme team began strongly urging theme authors to switch to locally hosted web fonts, following a German court case, which fined a website owner for violating the GDPR using webfont hosted by Google. For years, theme authors queue Google Fonts from Google's CDN for better performance, but this method exposes visitors' IP addresses.
Leaving aside our considerations regarding the nonsense that is the GDPR and the various technical / legal references on which it is based, it must be said that the problem to date undefined has created problems for everyone including WordPress.
The theme team has warned that local font hosting guidelines will change immanently, and many theme authors have moved to comply before it becomes a requirement.
Un ticket Google font grouping with WordPress legacy default themes had patches and was on track to be included in WordPress 6.1 in November. WordPress contributor Hendrik Luehrsen he asked more eyes on the ticket, saying that "directly affects the main WordPress audience in Germany". It reported that users in Germany were still receiving emails threatening fines for using Google-uploaded fonts.
Primary WordPress client Tonya Mork he suggested to explore the release of the updated version of each theme separately from WordPress 6.1.
When each theme is ready, drop it into the wp.org theme repository, users can then upgrade to get locally hosted fonts before WP 6.1 is released.
This changed the direction of the ticket, and with more scrutiny, contributors found that patches could take a little more work.
“Creating new versions of the theme for this specific change could be helpful when they are ready “Said Stephen Bernhardt. " The use of locally hosted fonts it is already recommended, but we must correct our themes before we can make it a requirement for others ”. He presented a list of issues and potential improvements after reviewing the patches and contributors are working on a better approach.
WordPress core committer David Baumwald has changed milestone to 6.2 , as Beta 2 for 6.1 was released yesterday and the ticket still needs a final direction and patch.
“Even though I understand the problem, it's still sad to see,” Luehrsen said. "This is still a serious problem in Germany (and other GDPR territories), as users with active Google Fonts are currently targeted by people who exploit the law ".
Luehrsen turned to Twitter for to comment his disappointment with the ticket missing the window for 6.1.
This is why WordPress will likely lose relevance. Real users get hurt here, but they are in GDPR territories and that doesn't seem to matter. Could I have done more? Probably. But it's kind of sad to see how quickly the momentum on that ticket faded. If Squarespace, Wix, and the like start marketing privacy against WordPress, we're screwed in the GDPR countries.
In the meantime, those using the default WordPress themes can use a plugin like Local Google Fonts o OMGF | GDPR / DSVGO compliant, faster Google Fonts to host fonts locally.
Users can also switch to bunny fonts , an open source, privacy-focused web font platform with no tracking or registration, fully GDPR compliant. Bunny Fonts is compatible with Google Fonts CSS API v1, so it can work as a drop-in replacement. The plug-in Replace Google Fonts with Bunny Fonts allows users to do this easily without changing the theme code.
Contributors are working to have fully GDPR-compliant default WordPress themes ready for WordPress 6.2, scheduled for early 2023.