Local Google Fonts Security & Risk Analysis

wordpress.org/plugins/local-google-fonts

Host your used Google fonts on your server and make your site more GDPR compliant 💯.

100K active installs v0.24.0 PHP 7.4+ WP 4.6+ Updated May 1, 2025
fontfontsgdprgooglegooglefonts
92
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Local Google Fonts Safe to Use in 2026?

Generally Safe

Score 92/100

Local Google Fonts has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago
Risk Assessment

The 'local-google-fonts' plugin v0.24.0 exhibits a generally strong security posture based on the provided static analysis. The absence of dangerous functions, SQL injection vulnerabilities, and improperly escaped output are significant strengths. The plugin also demonstrates good practices by exclusively using prepared statements for SQL queries and incorporating nonce and capability checks, indicating an awareness of common WordPress security pitfalls. The very limited attack surface and the lack of recorded vulnerabilities in its history further contribute to a positive security outlook.

Key Concerns

  • Two external HTTP requests detected
  • Four nonce checks present, but could be more
  • One capability check present, but could be more
Vulnerabilities
None known

Local Google Fonts Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Local Google Fonts Release Timeline

v0.24.0Current
v0.23.0
v0.22.0
v0.21.0
v0.20.0
v0.19
v0.18
v0.17
v0.16
v0.15
v0.14
v0.13
v0.12
v0.11
v0.10
v0.9
v0.8
v0.7
v0.6
v0.5
Code Analysis
Analyzed Mar 16, 2026

Local Google Fonts Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
0
47 escaped
Nonce Checks
4
Capability Checks
1
File Operations
0
External Requests
2
Bundled Libraries
0

Output Escaping

100% escaped47 total outputs
Attack Surface

Local Google Fonts Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 12
filteradmin_initincludes\class-local-google-fonts-admin.php:24
actionadmin_menuincludes\class-local-google-fonts-admin.php:25
actionadmin_footer_textincludes\class-local-google-fonts-admin.php:58
filterupgrader_pre_installincludes\class-local-google-fonts-upgrade.php:15
filterupgrader_post_installincludes\class-local-google-fonts-upgrade.php:33
filterstyle_loader_srcincludes\class-local-google-fonts.php:15
filterswitch_themeincludes\class-local-google-fonts.php:16
filterwp_resource_hintsincludes\class-local-google-fonts.php:17
filterlocal_google_fonts_replace_in_contentincludes\class-local-google-fonts.php:19
filterlocal_google_fonts_replace_urlincludes\class-local-google-fonts.php:20
actionadmin_noticesincludes\class-local-google-fonts.php:22
filterplugin_action_linksincludes\class-local-google-fonts.php:24
Maintenance & Trust

Local Google Fonts Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedMay 1, 2025
PHP min version7.4
Downloads791K

Community Trust

Rating92/100
Number of ratings83
Active installs100K
Developer Profile

Local Google Fonts Developer Profile

EverPress

28 plugins · 120K total installs

69
trust score
Avg Security Score
86/100
Avg Patch Time
255 days
View full developer profile
Detection Fingerprints

How We Detect Local Google Fonts

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/local-google-fonts/assets/admin.css/wp-content/plugins/local-google-fonts/assets/admin.js
Script Paths
/wp-content/plugins/local-google-fonts/assets/admin.js
Version Parameters
local-google-fonts/assets/admin.js?ver=local-google-fonts/assets/admin.css?ver=

HTML / DOM Fingerprints

FAQ

Frequently Asked Questions about Local Google Fonts