For users of our PDF Embedder Secure plugin.
If your web server is using the NGINX software at its heart (most WordPress installations run under Apache instead), then you will probably need to take extra steps to secure your /securepdfs/
folder so that the PDF Embedder Secure plugin can do its job fully.
For example, if your shortcodes show something like this:
[pdf-embedder url="https://example.com/wp-content/uploads/securepdfs/2015/01/Plan-Summary.pdf"]
Code language: JSON / JSON with Comments (json)
Try entering the url in your web browser directly. You should not be allowed to download the PDF directly.
Your web host should be able to help protect the /securepdfs/
folder from direct access. An example configuration is as follows:
location ~ ^/(wp-content/uploads/securepdfs) {
allow 127.0.0.1;
deny all;
proxy_pass http://127.0.0.1:6776;
return 403;
location ~ "\.(jpg|png|gif|mp3|ogg)$" {
allow all;
}
}
Code language: Nginx (nginx)
This should be added to the appropriate server {}
config. As you can see, it returns 403 error for everything inside the /securepdfs/
directory except certain images file types and mp3/ogg audio files. This is the similar config we ship with the plugin for Apache2-powered servers.