Can you make it easier to filter which themes are secure and private?

Hi,
I often come into a problem with certain themes, as I am required to use https and keep websites encrypted, as well as prevent third party calls for privacy. I get browser warnings, some uglier than others depending on the browser, quite often testing various themes from many places because of calls to google, wordpress codex, gravitar, etc. We usually weed these out pretty good and have disable plugins but some themes over-ride these to still call google fonts or apis.
I know you have helped me in the past with the code needed to get around these and quit these type of external calls on page loads.
Can you please consider allowing a "secure" option on themes to quickly get rid of all outside calls to anyone including wordpress codex or google, or a search filter maybe? These also risk slowing down page load times, as there have been rare times that slow calls to google fonts or apis slow down the website, though google usually has pretty good performance.
I totally understand if we are using a feature like google maps it needs to connect to them, but by default we don't want sites linking to google fonts, google apis, google maps, gstatic, etc. unless we use enable a specific feature or service requiring it. It would make workflow and theme testing quicker to filter by themes that do not include any external calls or maybe even a gui option to quickly just disable all such calls.
Thank you!

  • Aurelio

    Cool!
    For now, would you please help me with the code to remove all such calls from Scribe? I was testing it on an https site and noticed calls to google maps, fonts or apis, and I think gstatic on page loads when activated.
    I don't have the exact list of external connections seen handy right now but can you give me the code instructions please to remove all third party calls from scribe by default? I realize if I use features like maps or gstatic/google analytics, I'll have to re-enable the relevant calls. To start building from I would like to make it run with just local fonts and javascript from our server, no third party connections or calls. If that's a different ticket please let me know.
    Thank You

  • Michelle Shull

    Hi, Aurelio!

    I know, as you mentioned here, that we've provided you some pretty extensive custom code in the past, but I believe this request extends beyond just support and veers into a fairly extensive customization. Do to limitations in manpower, we will not be able to write code for you which will find and remove or replace or fix any external call in Scribe. If it's critical, you're free to seek a professional, independent developer from our Jobs Board, here: https://premium.wpmudev.org/wordpress-development/

    As much as we would love to be able to help everyone with every issue, including complex (and fun!) project like yours, we can't do that and meet the support needs of all our members in a timely manner.

    Thanks for your ongoing support, and we certainly appreciate your feedback on Scribe.

  • Aurelio

    Hi Michelle,
    I don't think themes should be calling data from third parties by default at all, as they show up a privacy issues in some browsers and privacy guards. Also, it sacrifices performance a lot of times.
    I do realize scribe may be built on a framework that requires pulling data from third parties on page loads, and the work may be extensive to change this. Also I realize this may not be everybody's preference.
    I think I will wait and see how scribe evolves, and for now, leave this as a feature request then, to allow browsing or filtering by which themes are private and secure by default (don't make calls to pull google fonts, APIs, or gstatic analytics, wordpress codecs or any other third parties by default on user page loads). For some of the sites I manage, they can range from HIPAA sensitive to personal privacy positions, so being able to easily filter which themes do not make calls to third parties by default would make testing themes much easier. I know for some, it's as simple as over-riding the google font call to force it to use local fonts.
    I'm not sure how many other members care about this sort of thing though, so I'll see what people think. I generally try to get a site running "clean" so that it does not show any google, gravitar or other third party calls before I start adding in features, as each call to a third party risks slowing down performance too. google usually has pretty good performance but I've seen the occasional google burp freeze page loads using google font or api calls, sometimes at pretty embarassing or inconvient times, like demoing something, so I try to use them on an as-needed basis if possible, and generally never at the basic theme level, only upon enabling certain plugins and features.
    Thank you!

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.