New Tool Checks If Google Fonts Are Hosted Locally

Earlier this year, WordPress’ Themes Team began urging theme authors to switch to locally hosted fonts after a German court case decision, which fined a website owner for violating the GDPR by using Google-hosted webfonts. Since that ruling, German website owners have continued to receive threats of fines for not having their fonts hosted locally.

The makers of the Fonts Plugin, a commercial product with a free version on WordPress.org, have created a tool called Google Fonts Checker that will help website owners discover where their fonts are hosted. The tool analyzes any URL entered and if the fonts are hosted by Google, it says “Google Fonts Connection Found” with a red ‘X.’ Sites that are in the clear will show a notice that a Google Fonts connection was not found:

Google Fonts Checker is useful for non-technical users who are not sure whether their theme or plugins are referencing fonts hosted on Google’s servers. Beyond delivering the simple connection message, the tool scans the website and returns a list of the font files used to render the page, which can be helpful in tracking down the specific extension loading these files.

More than 200,000 people are using the Fonts Plugin to load assets from the Google Fonts Library. Although the Google Fonts Checker tool is free to use and doesn’t require any personal information or login, the free version of the Fonts Plugin doesn’t support hosting fonts locally. Users will either need to upgrade to the commercial version or use a different plugin, like Local Google Fonts or the OMGF | Host Google Fonts Locally plugin, both of which perform this for free.

Those who find a Google Fonts connection using the tool may also consider switching to Bunny Fonts, an open-source, privacy-first web font platform with no tracking or logging that is fully GDPR compliant. It can act as a drop-in replacement to Google Fonts. The Replace Google Fonts with Bunny Fonts plugin makes it easy to switch.

Some of WordPress’ older default themes are still loading fonts from Google. A ticket for bundling the fonts with the legacy default themes had patches and was on track to be included in WordPress 6.1, but ended up getting punted to a future release after it was determined the approach needed more work. In the meantime, those who are concerned about using Google Fonts in older default themes can use a plugin to host them locally.

20

20 responses to “New Tool Checks If Google Fonts Are Hosted Locally”

  1. Google Fonts is always a factor that causes my website to load slowly. I’ve been looking for ways to make Google Fonts preload to make my website load faster, but I’m not sure how to test it. This article has been incredibly valuable to me. Thank you so much for sharing.

  2. An interesting tool.

    The question to ask is when a website owner discovers their theme has Google-hosted fonts (or even a Google fonts plugin), then what?

    Hard to say what they would do; change themes (if they can find one not using hosted Google Fonts), ignore it, or contact the theme creator. Remember, themes are not the only ones with this issue, plugins that load Google fonts can be added to the list.

    This reminds me, and if I remember right, Anders Norén has already changed every theme of his because of this. I’m still working on it (he’s faster than me, lol), although, my new themes now included local fonts :)

  3. I’m not a lawyer, but according to my information, the GDPR prohibits the disclosure of personal data to third parties (anyone) without explicit consent. The IP address of the website visitor is already considered personal data and it makes no difference if fonts are loaded from Google, Bunny Fonts or any other external server. The use of Akismet and Jetpack also does not comply with data protection requirements.

    • As much as I want to agree with you. I wonder when people get a paid plan for Akismet/Jetpack…if that is consent. No one reads the TOS of accounts we sign up for.

      What about Gravatar?

      When you connect Jetpack to your wordpress.com/gravatar/etc…account…………aren’t you giving permission to do this?

      Technically speaking WordPress collects your IP.

      Wordfence, AIOWPS and other security plugins will collect your IP address. Wordfence has a widget on the admin dashboard that includes the flag of the IP. (flag) (IP).

      Any plugin that bans visitors from certain country has to collect the IP addresses of visitors and check that IP address from a list to see if it’s from a banned country.

      Any site that I go to and gives me prices in Canadian Dollars (CAD), checked my IP to see I am in Canada.

      • European users must constantly check whether plugins they want to use comply with the requirements of the GDPR. The fact that the patch for the bug ticket for standard themes with Google Webfonts was postponed to a later version is just as scandalous as the bundling of Akismet, which is known not to comply with data protection requirements. And no, Gravatar and Jetpack do not comply with the GDPR either. For beginners who see WordPress as an interesting option for their new website and have not bothered with the legal requirements , quickly get into legal trouble. Perhaps this is, what the new slogan on the w.org website claims: Flex your freedom.

        • Technically speaking GDPR applies to EU, not all of Europe. There is a difference. People confuse both.

          Serbia, the GDPR does not apply there. No I am not Serbian. Ethnically I am from Croatia, where GDPR will apply soon.

          • My understanding is that if your website has visitors from one of the GDPR countries then it must be GDPR compliant.

          • No so.. If you get the text, you will see that item 1 of the preamble says “The protection of natural persons in relation to the processing of personal data is a fundamental right.” And that “everyone has the right to the protection of personal data concerning him or her.”

            That is, it is a regulation regarding the protection of the personal data of people. It does not limit that protection to the EU, though clearly it can only directly apply sanctions to data controllers within the EU.

            it does refer to international transfers of personal data in preamble statements 101-108 and data adequacy arrangements with non-EU countries as to whether they are protecting people’s data.

            You are, of course, correct that GDPR does not apply as a, say, Serbian law, but a non-compliant Serbian company with European operations/assets could be putting them at risk.

  4. The problem with Google Fonts is not that Google is tracking users through it (they don’t, in this particular case). The problem is, that the IP address (which is personal information according to the GDPR) is transmitted to a third party. Therefore, Bunny Fonts is NOT GDPR compliant either. Please correct this information, it’s simply wrong.

  5. Hi!

    First off, thanks for mentioning my plugin OMGF 🙂

    One note, though. I’ve always doubted Bunny CDN as an alternative to Google Fonts. Because, strictly speaking, you’d have to inform your visitors that their IP address is shared with a 3rd party BEFORE making the request — In this case, loading the Google/Bunny Fonts.

    Bunny CDN says that their server doesn’t log IP addresses, which is cool, but the IP address still needs to be shared with their server temporarily, in order for the user’s browser to receive the fonts.

    I’m not a lawyer, but I’m pretty sure in this scenario you’d still have to ask your visitor’s permission before loading the fonts. Which means, temporarily showing (ugly) system fonts until the user accepted the cookie notice.

    • I would rather prefer to self host the needed web fonts. No need to ask for permissions then and your website looks cool from the very beginning.
      For those to hesitate writing their own plugin or adding a few lines of code to your child theme, free plugins are available.

      • My point exactly. Self-hosting seems to be the only valid solution, OMGF being one my (free) plugins that provides this solution 🙂

        After writing my comment, I noticed you and Martin Sauter also made the same remark. It would be good if the author changed it in this article, or at least researched it.

  6. Hitting the right spot there. Opportunity to host fonts locally always pops up when I use page speed insight tool. 🙂
    If there’s easier way to host fonts locally, then that would make my service quality an inch forward.

  7. Did you know that if you use Google’s reCAPTCHA service or Maps API you will see the Roboto font being loaded from Google fonts? There isn’t a way to disable this, so if you want to be GDPR compliant you have to remove them.

  8. Yeah, GDPR has been causing some chaos recently, to the point that using Google Analytics in Europe is actually “shady”. We talked about it a lot. Here is hoping the legislation finds a way to make everything legal and clear.

    • Thankfully GA4 is fully GDPR compliant, so once UA is closed down in July next year it won’t be “shady”.

  9. Why should you switch to locally hosted fonts? First, let’s look at why it’s a good practice. Why should you use local fonts on your WordPress website? The answer is simple: Hosting a local font is more secure and saved bandwidth anywhere from 30%-10% by using this option instead of Google Fonts

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Newsletter

Subscribe Via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

%d bloggers like this: