SafeFonts - ChoosePlugin.com

Host custom fonts locally in WordPress with advanced security validation and block editor integration.

Author:	Chris Martens (profile at wordpress.org)
WordPress version required:	6.2
WordPress version tested:	6.8.3
Plugin version:	1.1.9
Added to WordPress repository:	02-11-2025
Last updated:	14-11-2025
Rating, %:	0
Rated by:	0
Plugin URI:	https://safefonts.com
Total downloads:	240
Click to start download

SafeFonts helps you comply with GDPR by hosting fonts locally and avoiding third-party requests, with seamless Gutenberg integration and CSS variables support.

If you need to host custom fonts locally on your WordPress site for performance, privacy, or GDPR compliance, SafeFonts makes it simple with advanced security validation, automatic integration with the WordPress block editor, and CSS variables for custom CSS usage.

Compatible With

Block Editors:
* WordPress Gutenberg Block Editor
* WordPress 6.5+ Font Library
* Full Site Editing (FSE) Themes

Need Page Builder Integration?
SafeFonts Pro adds seamless support for 14 integrations: Elementor, Bricks, Beaver Builder, Divi, Oxygen, Brizy, Builderius, Astra, GeneratePress, Kadence, Blocksy, Kadence Blocks, Spectra, and GenerateBlocks with zero configuration.

Why Choose SafeFonts?

???? Security-First Approach
* Magic byte validation for all font files
* MIME type verification
* File hash checking
* Configurable file size limits
* Protection against malicious uploads

⚡ Fast & Lightweight
* Custom database storage for instant queries
* Designed to minimize impact on page load speed
* Optimized font delivery
* Works with any theme or page builder

✅ Gutenberg Integration
* Automatic integration with block editor typography
* WordPress 6.5+ Font Library support
* Works with all blocks that support typography
* No configuration needed

???? CSS Variables Support
* Automatic CSS variables generation for all fonts
* Use var(–safefonts-font-slug) in custom CSS
* Works with any theme or builder supporting CSS custom properties
* Dedicated CSS Reference page with comprehensive documentation

???? Quick Start Video

Watch this quick tutorial to see how easy it is to upload and use custom fonts in WordPress.

???? Simple Upload Process
* Individual font file uploads (.woff2, .woff, .ttf, .otf)
* Specify font family, weight, and style
* Visual font previews in admin
* Drag-and-drop ready interface

⚡ Performance Optimization
* Font preloading support for faster page loads
* Automatic preload tag generation: <link rel="preload" href="..." as="font">
* User-selectable fonts for preloading (Settings tab)
* Best practice: Preload 1-2 critical fonts only
* Reduces flash of invisible text (FOIT)
* Improves Core Web Vitals scores

???? GDPR Compliant
* Local font hosting
* No external font requests—fonts are served entirely from your WordPress installation
* Complete data privacy
* Suitable for GDPR-compliant sites

Perfect For

Privacy-conscious websites requiring GDPR compliance
Sites that need custom or premium fonts
Agencies managing multiple client sites
Anyone wanting better control over typography
Performance-optimized websites

How It Works

Upload Fonts: Go to SafeFonts menu and upload your font files
Configure Details: Set font family name, weight (100-900), and style (normal/italic)
Use Everywhere: Your fonts automatically appear in:
- Gutenberg block editor typography settings
- CSS variables for custom CSS (check CSS Reference page)
- WordPress 6.5+ Font Library
That’s It! Fonts are served locally with optimal performance

Getting Google Fonts

Download Google Fonts from these sources:

SafeFonts Web Font Downloader – convenient bulk download tool
Google Fonts GitHub – official repository
Google Webfonts Helper – third-party download tool

Once downloaded, upload the font files (.woff2, .woff, .ttf, .otf) through SafeFonts > Upload tab.

Need more features? SafeFonts Pro offers bulk ZIP imports, page builder integration, and advanced font management. Learn more

Supported Font Formats

WOFF2 (recommended – best compression)
WOFF (broad browser support)
TTF (TrueType fonts)
OTF (OpenType fonts)

WordPress 6.5+ Font Library

If you’re using WordPress 6.5 or higher, SafeFonts automatically integrates with the native Font Library in the Site Editor, giving you a unified font management experience.

Developer Documentation

Template Functions

SafeFonts provides helper functions for developers:

safefonts() - Get the main plugin instance
safefonts()->font_manager->get_fonts() - Get all fonts from database
safefonts()->font_manager->get_fonts_by_family() - Get fonts grouped by family

Hooks & Filters

Filters:
* upload_mimes – SafeFonts adds font MIME types automatically

Database Structure

Table: wp_chrmrtns_safefonts
* id – Font ID
* font_family – Font family name
* family_slug – Sanitized family slug for folder names (v1.1.0+)
* font_style – normal or italic
* font_weight – 100-900
* file_path – Relative path to font file (includes family folder v1.1.0+)
* file_hash – SHA-256 hash for integrity
* file_size – File size in bytes
* mime_type – Validated MIME type
* created_at – Upload timestamp
* updated_at – Last update timestamp

Architecture

SafeFonts uses modern PHP namespaces and PSR-4 autoloading:
* Chrmrtns\SafeFonts\Core – Main plugin class
* Chrmrtns\SafeFonts\FontManager – Font validation and management
* Chrmrtns\SafeFonts\Admin\AdminInterface – Admin UI

Support

For support, feature requests, or bug reports, please visit:
* GitHub
* Website

Privacy Policy

SafeFonts does not collect, store, or transmit any personal data. All font files are stored locally on your WordPress installation. No data is sent to external services.

Screenshots
FAQ

What font formats are supported?

SafeFonts supports WOFF2, WOFF, TTF, and OTF font files. We recommend WOFF2 for the best compression and performance.

Is this GDPR compliant?

Yes! SafeFonts stores all fonts locally on your server, so no data is sent to external services like Google Fonts. This makes it GDPR compliant.

Does this work with Gutenberg?

Absolutely! Uploaded fonts automatically appear in:
* All block typography settings
* Paragraph and heading blocks
* Any block with font family support
* WordPress 6.5+ Font Library (if available)

Can I use this with page builders?

The free version works with Gutenberg and provides CSS variables that can be manually used with any builder or theme supporting CSS custom properties (like Builderius, Bricks, Oxygen, and others). Simply use var(–safefonts-font-slug) in typography fields or custom CSS.

For automatic integration (14 integrations including Elementor, Bricks, Beaver Builder, Divi, Oxygen, Brizy, Builderius, Astra, GeneratePress, Kadence, Blocksy, Kadence Blocks, Spectra, and GenerateBlocks) where fonts appear directly in builder dropdowns, check out SafeFonts Pro.

How does the security validation work?

SafeFonts performs multiple security checks:
* File extension validation
* MIME type verification
* Magic byte signature checking
* File size limits
* SHA-256 hash generation for integrity

Will this slow down my site?

No! SafeFonts uses a custom database table (not WordPress post meta) for optimized fast queries. Fonts are served as static CSS files with no JavaScript overhead.

Can I upload Google Fonts?

Yes! Download the font files from Google Fonts, then upload them individually through SafeFonts. For bulk imports from our Google Fonts Downloader tool, check out SafeFonts Pro.

What’s the difference between SafeFonts Free and Pro?

SafeFonts Free includes:
* Individual font file uploads
* Gutenberg integration
* CSS variables for custom CSS usage
* CSS Reference page with documentation
* Security validation
* WordPress 6.5+ Font Library support

SafeFonts Pro adds:
* Page builder & theme integration (14 integrations: Elementor, Bricks, Beaver Builder, Divi, Oxygen, Brizy, Builderius, Astra, GeneratePress, Kadence, Blocksy, Kadence Blocks, Spectra, GenerateBlocks)
* Bulk ZIP package imports from Google Fonts Downloader
* Enhanced admin interface with bulk operations
* Advanced font management tools (family deletion, CSS variables, etc.)

Learn more

Where are the font files stored?

Font files are stored in /wp-content/uploads/safefonts/ organized by font family (e.g., /roboto/, /open-sans/) with proper security protection. Font metadata is stored in a custom database table for fast retrieval.

Can I delete fonts?

Yes! Each font has a delete button in the SafeFonts admin interface. Deleting a font removes both the file and database entry.

Hide FAQ

ChangeLog

1.1.9

NEW: CSS variables output for all fonts – enables manual font selection in custom CSS and builders supporting CSS custom properties
NEW: CSS Reference page – comprehensive documentation for CSS variables, Gutenberg classes, and implementation details
FIX: Auto-regeneration now works correctly for both single plugin updates and bulk updates
FIX: CSS regeneration hook now properly detects updates from all update methods

1.1.8

NEW: Manual CSS regeneration button in Settings page for refreshing fonts.css when needed
NEW: Automatic CSS regeneration after plugin updates to prevent font display issues
IMPROVEMENT: fonts.css automatically regenerates when plugin is updated via WordPress auto-update or manual update

1.1.7

FIX: WordPress Font Collection registration now uses correct data structure with font_family_settings wrapper, resolving Site Editor JavaScript errors
FIX: Font families now include proper fallback categories (serif, sans-serif, monospace, cursive, fantasy) in Font Library
IMPROVEMENT: Enhanced compatibility with FSE themes and Site Editor font management

1.1.6

MAJOR: Full prefix refactoring – all PHP elements now use chrmrtns_safefonts_ prefix for better namespace isolation
NEW: Per-weight font preloading – select specific font weights instead of entire families
NEW: File format display in preload UI – shows WOFF2, WOFF, TTF, OTF for each weight option
FIX: WordPress Plugin Check 1.7.0 compliance – all variables properly prefixed
FIX: Database query security – table names now properly escaped using %i placeholder
FIX: Form field prefix mismatch – preload settings now save correctly
IMPROVEMENT: Automatic migration from old safefonts_ prefix to new chrmrtns_safefonts_ prefix
IMPROVEMENT: Collapsible font family sections in preload settings for better organization
IMPROVEMENT: Enhanced uninstall.php with proper variable prefixing
Technical: Constants renamed (SAFEFONTS_* CHRMRTNS_SAFEFONTS_*)
Technical: Function renamed (safefonts() chrmrtns_safefonts())
Technical: Options migrated (safefonts_version chrmrtns_safefonts_version, etc.)
Technical: New FontPreloader class extracted from Core for better code organization
Technical: CSS class names remain safefonts- for backwards compatibility
Security: All SQL queries now use WordPress 6.2+ $wpdb->prepare() with %i for table identifiers
Security: WordPress minimum requirement bumped to 6.2 (required for %i placeholder support)

1.1.5

CRITICAL FIX: Migration now runs automatically on plugin update (no longer requires deactivate/reactivate)
NEW: Bulk delete functionality – select multiple fonts and delete them at once with “Select All” option
NEW: Font format display – shows WOFF2, WOFF, TTF, or OTF badge in fonts list for better visibility
Fix: Font previews now display correctly in admin area (fonts.css properly enqueued)
Fix: Folder structure migration triggers on version change, not just activation
Fix: CSS file regeneration after migration ensures fonts display immediately
Fix: Browser cache issues with admin CSS/JS files using file modification timestamps
Improvement: Version check system ensures migrations run once per version upgrade
Improvement: Enhanced fonts list UI with checkboxes for individual selection
Improvement: Cleaned up font list layout for better readability (removed grid conflicts)
Technical: Added check_version_and_migrate() method that runs on plugins_loaded hook
Technical: Added handle_bulk_font_deletion() AJAX handler for bulk operations
Technical: CSS cache-busting using filemtime() for instant updates

1.1.4

Fix: Fonts now display correctly in Gutenberg editor iframe preview
Improved: Added add_editor_style() support for block editor content area
Enhancement: Fonts now visible when editing posts/pages in Gutenberg

1.1.3

Fix: Font previews now display correctly in admin area
Improved: Enqueue fonts.css in admin for proper font preview rendering
Enhancement: Fonts now visible in SafeFonts > Fonts admin page preview

1.1.2

Fix: Fonts now display correctly in Gutenberg block editor
NEW: Generate .has-{slug}-font-family CSS classes for Gutenberg typography controls
NEW: Intelligent font fallback detection (serif, sans-serif, monospace, cursive)
Fix: Database migration now properly adds family_slug column for users upgrading from v1.0.x
Improved: Enhanced error handling for font uploads with detailed error messages
Improved: Better directory writability checks before file operations
Technical: Added PHPCS ignore comments for legitimate direct filesystem operations

1.1.1

Fix: Use wp_upload_dir() instead of hardcoded WP_CONTENT_DIR for better compatibility
Fix: Ensures proper upload directory detection across all WordPress configurations
Compatibility: Addresses WordPress.org plugin review guidelines

1.1.0

NEW: Font family folder organization – fonts now stored in dedicated family folders (e.g., /roboto/, /open-sans/)
NEW: Added family_slug column to database for faster family-based queries
NEW: Automatic migration on plugin update – existing fonts moved to family folders seamlessly
NEW: Automatic cleanup of empty family folders when last font is deleted
IMPROVED: Admin UI – Font weight badge now uses yellow color instead of red to avoid confusion with delete button
IMPROVED: File path handling – relative paths now include family folder structure
Technical: Database schema version bump for migration support

1.0.9

Fixed: Removed manual load_plugin_textdomain() – WordPress.org handles translations automatically
Improved: Help & Documentation page now uses CSS tabs for better organization and navigation
Improved: Cleaner tabbed interface without long scrolling page
Added: Translation support with POT file (translatable strings ready)
Added: Full internationalization (i18n) support for translators

1.0.8

Added: Gutenberg block editor integration – uploaded fonts now appear in font picker dropdown
Added: register_fonts_with_editor() method to inject fonts into editor settings
Improved: Fonts automatically available in typography controls for all blocks
Technical: Uses block_editor_settings_all filter to register custom font families

1.0.7

Improved: Keyboard accessibility – Upload button now fully accessible via Tab navigation
Added: ARIA labels for better screen reader support on upload and delete buttons
Added: Explicit tabindex on upload submit button for consistent keyboard navigation
Added: Enter key handler for upload button to ensure keyboard submission works
Improved: Delete buttons now have descriptive ARIA labels including font family name

1.0.6

Fixed: Critical – File extension detection now uses original filename instead of temporary upload path
Fixed: Font uploads were failing because temp files (like /tmp/phpXXXXXX) have no extension
Improved: validate_font_file() now accepts original filename parameter for accurate validation
Improved: import_single_font() method signature updated to handle original filenames

1.0.5

Fixed: MIME type validation now accepts all common font MIME type variations
Fixed: Corrupted or empty allowed_types settings are now automatically repaired
Improved: Better error messages that specify exact validation failure (extension or MIME type)
Improved: MIME type arrays now include application/octet-stream for broader compatibility
Added: Automatic detection and repair of misconfigured settings

1.0.4

Fixed: Critical – Font upload directory (assets/fonts/) was not being created during refactoring
Fixed: Incorrect CSS file paths pointing to assets/fonts/css/ instead of assets/css/
Fixed: Font uploads now work correctly after plugin activation
Added: Security files (.htaccess, index.php) to fonts directory
Improved: Directory creation logic in activation hook

1.0.3

Fixed: Database table name now includes vendor prefix (chrmrtns_safefonts) to prevent conflicts
Fixed: Database table not being created on plugin activation
Improved: Better namespace consistency throughout codebase
Updated: Developer documentation with correct table name

1.0.2

Fixed: WordPress 6.5+ Font Library validation error when no fonts installed
Added: Extra safety check before registering empty font collection
Improved: Better error handling for edge cases

1.0.1

Added: Top-level admin menu (moved from Settings submenu)
Added: Link to SafeFonts.com in upgrade notice
Added: MIME type filter for font uploads
Fixed: Font upload validation issues
Improved: Better admin menu organization for future expansion

1.0.0

Initial release
Individual font file uploads (woff2, woff, ttf, otf)
Security-focused validation (magic bytes, MIME types, file hashing)
Custom database storage for performance
Automatic Gutenberg integration
WordPress 6.5+ Font Library support
Font preview in admin interface
Configurable file size limits
Multiple font weight and style support

Hide ChangeLog