For installation and setup instructions, please start with the PDF Embedder Premium instructions.
Make sure that you have PDF Embedder Free installed and activated.
This page explains how to use the extra functionality provided by the Pro and Elite license levels (formerly Secure) version only.
Important: If you are using any caching tools on the site either by the hosting provider or third-party plugin such as Autoptimize, WP Rocket, etc. please ensure you take the steps to exclude the PDF Embedder plugins from the caching tools. Full instructions here: FAQ on using caching / minifying tools.
Secure PDFs
This option is checked by default, and it means that all uploaded PDF documents will all be treated as secure and moved t the wp-content/uploads/securepdfs directory on your server.
If you turn it off then any subsequent uploaded PDFs will be ‘non-secure’ when viewed. Use this if you don’t always want to use ‘secure mode’ on all PDFs, e.g. for performance reasons.
If you are using the Premium Pro+ Plan (or legacy Secure) version of the plugin – which makes it difficult for users to obtain the original PDF directly – all your PDF uploads after upgrading to the secure version should be ‘secure’ by default. That is, they should be uploaded to a /securepdfs/ sub-folder of your uploads area. These files should not be accessible directly, and the plugin provides a backdoor method for the embedded viewer to obtain the file contents.
To check whether an embedded document is displaying securely, log in to your WordPress site as an administrator and visit the page containing the embed. The toolbar should display the word ‘Secure’ if the secure mode is on. The word ‘Secure’ will not display to ordinary users or if you are not logged in to your site.
Certain non-standard WordPress configurations may cause the download protection to fail, so for your first attempt at a secure embed, please also visit the 'url' contained in the shortcode. E.g. https://example.com/wp-content/uploads/securepdfs/2015/01/Doc.pdf. You should be unable to download the PDF.
If your web server is not using Apache or other Apache-compatible server (like OpenLiteSpeed or LiteSpeed), you may need to protect the /wp-content/uploads/securepdfs/ directory from direct access. For example, here is an Nginx example configuration, and here you can read Caddy config changes.
Please contact support if you have any questions about your WordPress configuration.
Disable Right Click
Check this to prevent the user from being able to right-click on the viewer. In some browsers, right-click mouse menus include a ‘Save Image As’ function, which is probably not desired if you’re trying to protect your PDF from being downloaded. The option in settings will act globally on all secure embeds as a default; it can be overridden for any specific embed by adding disablerightclick="on" (or "off") to the shortcode, or using block options.
Cache encrypted PDFs
Before transmission to the user’s browser, a ‘secure’ PDF is first encrypted. This takes time, so this option can speed up subsequent displays of the document if the encrypted version is cached. Then on future views, the encrypted data is ready to be sent straight to the browser. The cache is on by default and places files alongside the original PDF. The PDF will be encrypted again if the source PDF is altered.
Attachment Pages
Check this box to enable Attachment Pages to be generated for Secure PDFs. These offers a way to automatically generate a WordPress page that contains an embedded viewer of the PDF. Find out more about Attachment Pages here.
Starting from WordPress 6.4 attachment pages are disabled by default for all attachment files uploaded to the WordPress Media library, but this option overwrites this global WordPress option on a per file basis – and is applied specifically to secure PDF files only.