plugin-icon

Kipphard GDPR Web Fonts

Door kipphard·
Scans your rendered HTML for external requests (Google Fonts, Analytics, YouTube, Gravatar …) that transfer personal data, and provides GDPR fixes.
Versie
0.4.5
Laatst bijgewerkt
Jul 10, 2026
Kipphard GDPR Web Fonts

Kipphard GDPR Web Fonts is an honest audit tool for WordPress sites. It fetches the HTML your site actually delivers and detects external requests that transmit personal data — such as IP addresses — to third-party servers, including Google Fonts, Google Analytics, YouTube embeds, Google Maps, Gravatar, reCAPTCHA, Facebook Pixel, Hotjar, and common JavaScript CDNs.

The plugin groups findings by risk level with clear, actionable recommendations. Several common issues can be fixed directly through the plugin settings without touching code.

What this plugin does:

  • Scans your whole site: the homepage plus all published pages and posts (capped at 200 URLs per run purely as a performance safeguard)
  • Detects 14 categories of known external services: fonts, analytics/tracking, video embeds, maps, avatars, CAPTCHAs, social-media pixels, CDN scripts, and more
  • Classifies every finding by risk level (High / Medium / Low) with a concrete recommendation
  • Shows example URLs for each detected external request
  • Free quick fixes: remove Google Fonts (strips external <link> tags and @import rules — see the FAQ for the WordPress 6.9 requirement), disable WordPress emoji scripts (removes the s.w.org request), replace Gravatar with a local SVG placeholder
  • No tracking, no external requests from the plugin itself — everything runs locally on your server

What this plugin does NOT do:

This plugin is not a cookie-banner overlay and does not claim automatic GDPR compliance. The scan is static: requests triggered dynamically by JavaScript after page load may not appear in the delivered HTML and will therefore not be detected. A complete privacy audit additionally requires browser developer tools or a specialised service.

This plugin does not replace legal advice. Use it to identify and reduce external requests; have a lawyer or data-protection officer review your specific situation.

About the Google Fonts ruling: On 20 January 2022 the Munich Regional Court I (LG München I, Az. 3 O 17493/20) ruled that embedding Google Fonts without visitor consent violates the GDPR because the visitor’s IP address is transmitted to Google servers in the USA. This plugin helps you detect and remove such requests.

Hinweis (DE): Dieses Plugin ist ein ehrliches Datenschutz-Analyse-Werkzeug für WordPress-Seiten. Es scannt das gerenderte HTML auf externe Anfragen (Google Fonts, Analytics, YouTube, Gravatar u. v. m.), die personenbezogene Daten an Dritte übertragen, und bietet direkte Schnell-Maßnahmen. Die Benutzeroberfläche ist auf Deutsch verfügbar.

External services

This plugin does not connect to any third-party or external service, and it sends no data off your server.

To analyse your site it fetches your own published URLs over HTTP — restricted to your own host by an SSRF safeguard — and parses the returned HTML locally on your server. The service domains referenced in the plugin code (Google Fonts, Google Analytics, Facebook, jQuery/CDN hosts, Font Awesome, etc.) are detection signatures the scanner searches for inside your own HTML; the plugin never loads, embeds or contacts them.

Gratisvoor betaalde abonnementen
Door te installeren, ga je akkoord met de Servicevoorwaarden van WordPress.com en de voorwaarden voor plugins van derden.
Getest tot
WordPress 7.0.1
Deze plugin kan worden gedownload, zodat je hem op je kan gebruiken.