WordPress 6.2’s Openverse integration is getting some last minute changes after contributors expressed concerns about it hotlinking images by default. The new feature allows users to quickly insert free, openly-licensed media into their content. It also allows users to upload external images through a button in the block toolbar, but this creates an extra step in the process and is easy to miss in the UI.
Several contributors cited GDPR and privacy concerns in the ticket that called for uploading the images by default. They also noted that hotlinked images can pose problems for users who want further manipulate the images by cropping, rotating, and filtering, and for developers managing site migrations. Some went as far as to say the feature belongs in a canonical plugin, which would likely have had a less rushed implementation and better testing prior to landing in core.
“I am deeply uncomfortable with any integration of Openverse into core,” WordPress contributor Peter Shaw said. “Philosophically WordPress is a personal publishing platform so it should be avoiding external APIs and dependencies. The only external calls it should make (by default) is to check for updates.
“No issue with the service itself though (I like it) but it should be a canonical plugin that site owners consciously install. Either way images must be on the local server though.”
As the hotlinking drew more attention, WordPress contributors chimed in on the ticket to call for the feature not to be shipped in its current implementation.
“This cannot ship this way, or it will get unknowing users sued,” Yoast founder Joost de Valk said. “Next to that it has negative performance implications, as you can’t do srcset
or loading
attributes on images loaded from remote. Sideload really should be the default, and in fact IMHO, only way.”
Gutenberg contributor Nik Tsekouras jumped in with a quick PR that changes the implementation to upload the Openverse images when they are inserted, wherever possible.
“We definitely want to upload to the site library for this flow and should treat this as a bug,” Gutenberg Lead Architect Matias Ventura said. “There’s work going on in parallel to upload by default on other actions (like pasting) that are not as straightforward or general enough (hence the need for something like #46014) but this one should be straightforward.”
Tsekouras’ PR ensures that any images inserted from Openverse are uploaded. If they cannot be uploaded to media library due to CORS issues, WordPress inserts the Image block with the external URL and a warning about legal compliance and privacy issues. Here’s an example of a successful upload:
WordPress 6.2 Beta 4 was delayed this morning until March 1, due to an unrelated regression introduced in 6.2. Tsekouras cherry-picked the Openverse PR to the wp/6.2 branch to get it included in the next release, so the next beta should ship with the updated implementation.