Font Type Tester is a powerful WordPress plugin designed for designers, developers, and typography enthusiasts who need to test and preview static fonts with precision control over typography settings.
Key Features:
- Font Upload & Management - Upload TTF, OTF, WOFF, and WOFF2 font files
- Real-time Typography Controls - Adjust font size, line height, letter spacing, and word spacing with intuitive sliders
- Font Source Protection - Automatic obfuscation of font filenames to protect original sources
- Custom Sample Text - Test fonts with your own content
- Responsive Interface - Works perfectly on desktop and mobile devices
- Secure File Handling - Validates file types and implements security measures
- Easy Integration - Simple shortcode implementation
Perfect for:
- Web designers testing fonts for client projects
- Typography enthusiasts exploring font characteristics
- Developers needing font preview functionality
- Anyone who wants to test fonts without revealing source files
Privacy & Security:
The plugin automatically renames uploaded font files with random strings, ensuring that the original font source remains protected. This is particularly useful when testing premium fonts or when you need to share font previews without exposing the actual font files.
Automatic Installation:
- Log in to your WordPress admin panel
- Go to Plugins > Add New
- Search for "Font Type Tester"
- Click "Install Now" and then "Activate"
Manual Installation:
- Download the plugin files
- Upload the
font-type-tester folder to /wp-content/plugins/ directory
- Activate the plugin through the 'Plugins' menu in WordPress
- The plugin will automatically create necessary directories and database tables
Usage:
- Admin Side:
Go to Settings → Font Tester in WordPress admin
Upload fonts with optional custom names
Manage (view/delete) uploaded fonts
Copy the shortcode [fotyte_font_tester] for use
- Front-end:
Add [fotyte_font_tester] shortcode to any page/post
Users can select from available fonts via dropdown
Full typography controls remain available
No upload interface visible to regular users
1.1.12
- Security Enhancements
- Added proper nonce verification for all form submissions and GET parameters
- Implemented comprehensive input validation and sanitization for file uploads
- Added isset() checks for all $_FILES array access to prevent undefined index errors
- Enhanced file validation with binary signature checking for font files
- WordPress Standards Compliance
- Replaced direct filesystem operations with WP_Filesystem API methods
- Replaced move_uploaded_file() with WP_Filesystem::put_contents()
- Replaced unlink() with wp_delete_file() for file deletion
- Removed direct chmod() calls in favor of WP_Filesystem permissions
- Added translators comments for all internationalized strings with placeholders
- Database Improvements
- Implemented proper database query caching with wp_cache_get/set
- Added phpcs:ignore comments for necessary direct database queries
- Enhanced error handling for database operations with automatic file cleanup
- File Upload Security
- Added file size validation (10MB limit for font files)
- Implemented binary signature verification for TTF, OTF, WOFF, and WOFF2 files
- Enhanced filename sanitization and unique filename generation
- Added comprehensive error messages for various upload failure scenarios
- Performance Optimizations
- Implemented font data caching with 1-hour expiration
- Added cache invalidation on font upload/delete operations
- Optimized database queries with proper prepared statements
- Bug Fixes
- Fixed undefined array index warnings for $_FILES superglobal
- Resolved file permission issues with proper WordPress filesystem handling
- Fixed potential XSS vulnerabilities in admin interface
- Corrected improper sanitization of temporary file paths
1.1.11
- Implemented custom font upload handler bypassing WordPress MIME restrictions
- Added binary file signature validation for TTF, OTF, WOFF, and WOFF2 formats
- Enhanced security with multi-layer file validation (extension + signature + size)
- Improved error handling with specific error messages and file cleanup
- Added upload success notifications with font name display
- Increased maximum upload size from 5MB to 10MB
1.1.10
Security & Code Quality Release
- SECURITY FIX: Properly sanitized file upload inputs to prevent potential security vulnerabilities
- SECURITY FIX: Eliminated unprepared SQL statements and improved database query security
- SECURITY FIX: Removed intermediate SQL variables that could pose security risks
- CODE QUALITY: Updated database queries to follow WordPress coding standards (PHPCS compliance)
- CODE QUALITY: Improved prepared statement handling for better security practices
- PERFORMANCE: Maintained existing caching functionality while improving query security
- COMPATIBILITY: No breaking changes - fully backward compatible with previous versions
1.1.9
- SECURITY UPDATE: Fixed all WordPress Coding Standards warnings and security vulnerabilities
- Implemented proper input sanitization for $_FILES['font_file'] using wp_check_filetype() and wp_handle_upload()
- Fixed SQL injection vulnerabilities by properly escaping table names with backticks in prepared statements
- Replaced direct database queries with WordPress built-in methods ($wpdb->insert(), $wpdb->delete())
- Enhanced caching implementation with wp_cache_get(), wp_cache_set(), and proper cache invalidation
- Added comprehensive nonce verification and capability checks for all admin functions
- Implemented secure file upload handling with MIME type validation
- Added proper error handling and user feedback for upload/delete operations
- Enhanced input validation using sanitize_text_field(), wp_unslash(), and absint()
- Improved database query performance with object caching (3600 second cache timeout)
- Fixed WordPress.Security.ValidatedSanitizedInput.InputNotSanitized warnings
- Fixed WordPress.DB.PreparedSQL.InterpolatedNotPrepared warnings
- Fixed WordPress.DB.DirectDatabaseQuery.DirectQuery and NoCaching warnings
1.1.8
- Sanitized all
$_POST and $_FILES inputs with sanitize_text_field() and wp_unslash()
- Added
isset() and is_numeric() guards for all external input
- Used proper
$wpdb->prepare() syntax — avoided direct string interpolation and removed unsafe $table placeholders
- Implemented WP object caching via
wp_cache_get() and wp_cache_set() for font listing and lookup
- Used
wp_cache_delete() on upload/delete to invalidate cache
- Added version parameters (
'1.1.8') to all styles/scripts to fix browser cache busting
- Passed PHPCS codesniffing standards with WordPress-Extra + WordPress-Docs + WordPress-VIP rules
1.1.7
- Fixed
$wpdb query interpolation warnings
- Sanitized inputs and replaced
rename() with WP_Filesystem->move()
- Implemented object caching pattern for all fetching queries
- Fixed database queries to use
$wpdb->prepare() — no raw variable interpolation
- Improved sanitization and validation for
$_POST['font_name'] using isset() and wp_unslash()
- Validated and sanitized
$_FILES['font_file'] input properly
- Replaced
rename() with $wp_filesystem->move() per WPCoding standards
- Added
version to all uses of wp_register_style() and wp_register_script() to fix browser cache busting
- Added object caching (
wp_cache_get, wp_cache_set) to SELECT queries
- Invalidated caches on insert/delete using
wp_cache_delete()
- Retained backwards-compatible shortcode:
[fotyte_font_tester]
1.1.6
- Residual use of heredoc syntax cleaned
1.1.5
- Fully prefixed all functions, actions, shortcodes, and handles with
fotyte_
1.1.4
- Switched from writing JS/CSS files to using
wp_add_inline_style and wp_add_inline_script
1.1.3
- Prepend function names with unique characters fotyte_
1.1.2
- Rearrange UI to put Font Preview on top
1.1.1
1.1.0
-
Admin Interface Added
New admin menu item under Settings → Font Tester
Clean admin interface for font upload and management
Table view of all uploaded fonts with delete functionality
Usage instructions for the shortcode
-
Front-end Changes
Removed font upload form completely
Simplified interface focusing only on font testing
Users can only select from fonts uploaded by administrators
Shows message when no fonts are available
- Security Improvements
Added capability checks (manage_options) for all admin functions
Only administrators can upload and delete fonts
Enhanced permission validation
- New Files Created
The plugin now creates 4 files:
font-tester.css - Front-end styles
font-tester.js - Front-end JavaScript
font-tester-admin.css - Admin interface styles
font-tester-admin.js - Admin interface JavaScript
- Enhanced Functionality
Better caching system
Improved database queries with prepared statements
Cleaner admin interface with WordPress styling
Automatic page reload after font upload for immediate feedback