In light of the recent GDPR related fines in Germany, the WordPress.org themes team took a stand on hosting webfonts locally. Representative @benachi recently announced that it “strongly encourages theme authors to update their themes” and to “download and bundle Google Fonts with their themes”.
For long-time followers of this blog, this good practice has been a known fact for 2+ years. So it’s kind of sad that WP.org is only catching up now, when fines are flying around. But that’s not all…
“Strong Encouragement”
While it might seem like a big step; it’s just a strong encouragement. The announcement also states that “We are planning to discuss further at our next meeting whether the remotely hosted font is allowed in a theme as we move forward.”
It would be great if hosting webfonts locally becomes a requirement for themes. And of course the same should count for plugins.
Too many website owners using WordPress are unaware of the privacy-related impact serving webfonts from 3rd party CDN’s has.
An important sidenote is that if this requirement does make it into the guidelines, this only goes for (free) themes listed on WordPress.org, like GeneratePress and Astra. Other popular themes like Avada, Divi, Jupiter, etc. don’t have to follow these guidelines.
Using Google Fonts’ CDN doesn’t improve performance
Theme authors still seem to be under the impression that using Google’s CDN improves performance. The announcement states the same.
As of Chrome 86 (October 2020), they have moved to HTTP cache partitioning. This means Google Fonts will be redownloaded for every website, regardless of the fact that they were already cached in the user’s browser on another website. Safari has done this for years, and Firefox implemented this in version 85 (January 2021).
Google Fonts will be redownloaded for every website, regardless of the fact that they were already cached in the user's browser on another website.
In other words, using the Google Fonts CDN does not improve performance. Hosting Google Fonts locally has always been the proper answer in terms of privacy and performance. Anyone who says otherwise is — simply put — wrong.
Host Google Fonts locally (just do it already!)
WP Tavern covered this announcement yesterday and offered two alternatives to hosting webfonts locally. One of which is — *drum roll, please* — OMGF!
I’ve been maintaining OMGF for 3+ years now, and to have one of my plugins mentioned on such a reputable WordPress website is an honor.
OMGF goes further than just hosting webfonts locally. It also allows you to fully optimize them, using e.g. preload resource hints and unloading unused font styles. But it doesn’t end there…!
Hosting Webfonts Locally with OMGF
I’m currently collaborating with Matthias Altman — AKA the (German) Font Master — to implement his Web Font Loader into OMGF, I’m currently working on my own Web Font Loader in OMGF, effectively replacing the (outdated) Google Webfonts Loader API which OMGF has been using for the past few years.
Although it’s a huge change to OMGF’s core, the benefits will be equally huge! Implementing my own Web Font Loader will:
- Without the use of an external API, OMGF’s optimization process will finish ~30% faster,
- Bring full support for Variable Fonts (one font file for all font styles!) and,
- Deliver properly compressed (smaller) WOFF2 files.
- Fix the “broken capital A” issue that’s haunted OMGF for years! 😱
However, introducing all this awesomeness means I have to make two minor sacrifices: the include File Types and Force Subsets features will be removed. Before you panic, allow me to explain why they’re minor:
- OMGF’s new Web Font Loader uses very efficient unicode-ranges to define subsets, just like Google Fonts’ API, eliminating the need to remove subsets to shrink font filesizes. The Google Fonts API has not supported subsets for a while now, because of this.
- Because WOFF2 is now supported by ~95% (and growing) of browsers, using any other file format than WOFF/2 to load Google Fonts is — well — ridiculous.
- If you really miss this feature, please let me know and I’ll stir up a mini plugin that’ll add support for WOFF and TTF.
Conclusion
Now the WordPress.org themes team has taken a stand on hosting webfonts locally it’ll hopefully result in a shift for the better in terms of privacy and performance in WP’s themes (and plugins) landscape.
Honestly I still have some fears. Themes that currently include all Google Fonts might decide to include all files. That’d mean 100+ MBs of WOFF2 files eating away at your server’s disk space. It wouldn’t be the first time I’d see a theme/plugin author make terrible decisions. Not to toot my own horn, but it’d be smart for them to recommend OMGF. 😁
If your theme hasn’t been updated, OMGF offers you a great(er) alternative. I’ve said it before and I’ll say it again: now is the time to start hosting webfonts locally. Just do it!
I have a website and this information is very helpful for me. But I am not aware of the privacy issues of using 3rd party CDNs for web fonts.
I will wait for your reply. Thanks for sharing this helpful article.
Hi Kate!
You might want to read this post, as it offers some insights on the why and how around these privacy issues. Essentially, if you’re European website owner and you’re loading webfonts using a CDN owned by a US based company, you’re in breach of GDPR and at risk of being fined.
Let me know if you have any other questions!