From the Knowledgebase

Serving Protected Files under Nginx

For users of our PDF Embedder Secure plugin.

If your web server is using the NGINX software at its heart (most WordPress installations run under Apache instead), then you will probably need to take extra steps to secure your /securepdfs/ folder so that the PDF Embedder Secure plugin can do its job fully.

For example, if your shortcodes show something like this:

[pdf-embedder url=""]Code language: JSON / JSON with Comments (json)

Try entering the url in your web browser directly. You should not be allowed to download the PDF directly.

Your web host should be able to help protect the /securepdfs/ folder from direct access. An example configuration is as follows:

location ~ ^/(wp-content/uploads/securepdfs) {
    deny all;
}Code language: Nginx (nginx)