PDF Embedder Secure is a Pro plan feature.
Upgrade your license to unlock PDF Embedder Secure and other powerful features.
Are you looking to protect your PDF files from being directly downloaded or accessed by URL? PDF Embedder comes with a Secure feature that you can use to enable advanced document protection, disable right-click menus, and configure encrypted caching.
This guide walks you through the PDF Secure settings in our PDF Embedder Premium plugin and explains what each option does.
Before you get started, if you are using any caching tools on the site, ensure you exclude the PDF Embedder plugins from those tools as described in our Using Caching or Minifying Plugins guide.
How it Works
When the Secure PDFs option is active, uploaded PDF files are stored in a protected directory (wp-content/uploads/securepdfs/) rather than the standard media uploads folder. Files in this directory are not directly accessible by URL. The plugin uses a server-side method to deliver the file contents to the embedded viewer without exposing the raw file path.
Enabling secure settings
To start securing your PDFs, you need to enable the secure option by heading to Settings > PDF Embedder > Secure in your WordPress admin.
The Secure PDFs checkbox is on by default. With it checked, every PDF uploaded after this point is stored in the /securepdfs/ directory. If you turn it off, subsequent uploads are stored in the standard location and served without protection.
Migrating existing PDFs after upgrading
If you recently upgraded to a Pro or Elite license and plan to use the Secure PDFs feature for existing PDFs, the PDFs need to be re-uploaded so they are stored in the new /wp-content/uploads/securepdfs/ folder. Any shortcodes or blocks pointing to those files also need updating with the new URLs.
You can see more details in our Upgrading Your Site to the Pro Version guide.
Disabling right-click
Check Disable Right Click to prevent users from right-clicking on the viewer. Some browsers include a “Save Image As” option in the right-click menu, which could allow users to save individual rendered pages. This setting applies globally to all secure embeds. To override it for a specific embed, add disablerightclick="on" or disablerightclick="off" to the shortcode.
Caching encrypted PDFs
Before a secure PDF is delivered to the browser, the plugin encrypts it. This process takes time. Enabling Cache encrypted PDFs stores the encrypted version alongside the original file so that subsequent views can be served from cache without re-encrypting. The cache is on by default. If the source PDF is changed, the plugin re-encrypts and updates the cache automatically.
Attachment pages for secure PDFs
By default, attachment pages are not generated for PDFs stored in secure mode. You can check the Auto-generate Attachment Pages for Secure PDFs option to enable WordPress attachment pages for files stored in the secure folder.
Non-standard server configurations
If your web server does not use Apache or an Apache-compatible server (such as OpenLiteSpeed or LiteSpeed), you may need to manually configure your server to block direct access to the /wp-content/uploads/securepdfs/ directory. See the following server-specific guides: