How to share & sell PDF files securely using WordPress
How to share and sell PDF files securely using WordPress without using passwords. Prevent downloading, printing, copying, and editing, enforce expiry and track use.
WordPress is the most popular content management system (CMS) in the world, powering over 40% of the internet’s most popular sites. It enables users to easily create, customize and manage a website from which they can share or sell content – including PDF files.
Delivering a PDF file via a WordPress website offers an intuitive user experience and less reliance on third-party retailers or cloud storage providers. However, it’s important to remember that WordPress does not offer any file sharing protection by default. It is trivial for unauthorized users to share uploaded PDFs with others, whether the purpose is piracy or to leak sensitive information.
It’s clear that more configuration is needed before WordPress can be used to securely share PDF files or sell ebooks and PDF files online. So what are the options in WordPress for the secure selling and sharing of PDF files with clients, customers, and teams, and are PDF secure plugins for WordPress effective?
WordPress: The options for secure sharing of PDF files
The numerous plugins and customization options WordPress offer enable various ways to protect PDF documents on your site. Quantity, however, does not necessarily equal quality. We’ll discuss the available options and how much protection you can expect them to offer in the real world.
Protecting WordPress pages
There’s a distinct possibility that you already have a lot of content uploaded to the WordPress media library. It makes sense to first look at ways to protect their download page or URL, as this could save you a lot of busy work. There are two main options for web page access security in WordPress.
Password protect page
Passwords are easily the most popular authentication method, and WordPress is no exception. Many people’s first point of call when it comes to protect a PDF from being shared is locking a page or post with the PDF embedded behind a password. WordPress even has the functionality to password protect a page built in.
This isn’t a bad idea if all you want to do is stop people who randomly come across the webpage from accessing it. However, if you are using it as a method to prevent ebook piracy or share sensitive PDFs, you should think again. The major flaw with password protection is that passwords can easily be shared. WordPress only lets you set one password per page, so it only takes one person sharing the password for your security to fall apart.
One way to address this is by setting the page as private and requiring users to log in with a WordPress account to view it. This is better than per-page protection, but users can still just share their account credentials with others. Additionally, it is a simple matter to download PDFs from most page embeds, even if the download function is disabled. A simple workaround for example is to print the PDF (CTRL + P) to a PDF file. Users can then share that file with whoever they like.
PDF download link that expires or changes
Another popular way to add security to WordPress PDF sharing is by sharing a PDF as a link and making PDF links valid only for a short period using a plugin or third-party site. The idea is that once a user or a certain number of users download your document, the URL of the PDF file changes. This helps to prevent mass PDF link sharing and can be combined with other restrictions such as only allowing one download per IP address.
However, you should be asking yourself what good preventing PDF file link sharing does. You might stop website visitors from sharing a file via its URL, but that’s not how most people share files anyway. They’ll just upload PDF files they have downloaded to a messaging platform or file-sharing service and share it that way. You lose out on accurate pageview statistics for no real benefit.
Protecting the file itself
As you might have gathered, while it would be nice to restrict access to a webpage or a link to a PDF and be done with it, this invariably fails as a sharing prevention method. You can’t stop users from sharing downloaded files, and it’s very difficult to prevent users from downloading in the first place – see common myths about stopping PDF sharing. The only way to use WordPress for the secure sharing of PDF files is to protect them before they are added to live pages.
Password protecting PDF files
Passwords are the most common way to protect PDF files when sharing or selling them. You even can install a WordPress plugin that will enable you to easily add a password to every PDF file you upload. However, this isn’t any better than protecting your webpage URL or download link:
- Users can just share the password to open the PDF
- You usually need a paid version to utilize the security features
- PDF passwords to stop editing, copying, and printing can be removed in seconds with freely available tools
- You can only set one password per PDF file, so it only takes one person sharing the password for your security to fall apart
- Once a user opens a password protected PDF, they can remove the protection and share the unprotected file
In other words, it is pretty much useless.
PDF embedder plugins
There are three major problems with this approach:
- The controls do not work
- It requires users to always be online
If you are selling ebooks or other PDF products, your users are not going to be happy that they can only access their PDF when they have an internet connection and when your website is available.
- WordPress plugins are not always safe
Many PDF embedder plugins (even the most popular ones) have fallen foul of cross-site scripting vulnerabilities and even flaws that allow attackers to distribute malicious code. It’s important to remember that the security of WordPress plugins is not verified by the WordPress Foundation and that anyone can publish them.
Ultimately, the always-online requirement of this method is too inconvenient to justify the poor PDF protection it provides.
PDF DRM solutions
PDF DRM solutions are a better choice for those who are serious about:
- preventing the sharing of PDF files on their WordPress website.
- preventing piracy of PDF documents or ebooks that they sell.
A good DRM solution will not rely on passwords for protection, will ensure that users can only open documents on authorized devices, and stop copy-pasting, printing, screenshots, and editing.
The downside is that you must protect your PDF files locally before you upload them to your WordPress site. As you’ll see shortly, however, this is a fast and simple process that will not significantly affect your workflow. And it is more secure, since unprotected files never leave your domain. You can additionally use command-line tools to batch-protect files and an API to automatically grant document access.
How to protect your WordPress PDF files with Locklizard
Locklizard Safeguard is a PDF DRM solution that uses a combination of encryption, DRM controls, transparent licensing, and secure key transfer to prevent PDF sharing. A Locklizard protected PDF file can be distributed via any means, including on a WordPress website, without worry of piracy, unauthorized sharing or leaks.
Here’s a step-by-step guide for secure sharing of PDF files:
- Right-click on a PDF file on your computer and press “Make Secure PDF”, then choose the DRM controls you want to enforce in Safeguard Writer. Optionally, add a dynamic watermark that will display the user’s name. This will deter them from taking pictures of the screen with a secondary device.
- When you press “Publish”, your secured PDF document is saved to your disk as an encrypted file, and a document record is created on the Admin System.
- You create a user account for each user you want to view your secured PDF by pressing “Add” in the “Customers” tab of your admin system. An email is automatically sent to the user with a link to the Viewer and their license file. You can also automate customer adding and document access using our API and integrate this into your WordPress site. This is useful if you plan to sell PDF files on WordPress.
- Once the Viewer is installed and the license file activated (clicked on) it is locked to that device and cannot be registered elsewhere (unless otherwise specified).
- You control from the Admin System which secured PDF each user can access.
- Open your WordPress page or blog post. Press the insert button (+) in your WordPress editor and choose the file block. Select the .pdc file on your computer to add it to the WordPress upload window.
Only those who you have authorized can view the secured file and only on the device they installed their license file on.
The best way to sell & share WordPress PDF files securely
Locklizard PDF DRM gives WordPress site admins modular control over who can open their PDF files and what they can do with them after that point:
- When you protect a PDF, you choose whether you want to allow printing, and if so, how many copies and whether it is in color, greyscale or black & white.
- You can choose what information to include in your dynamic watermarks, including the user’s name and email address. This helps to deter sharing if users take a picture of their screen or scan a printed copy.
- Define locations and IP addresses a PDF can be opened from to limit use to an office, particular countries, etc.
- Choose the number of times a document can be opened or how long it can be used before it expires to enable free trials, secure time sensitive documents, etc.
- A simple web-based admin system allows you to manually assign users to documents. Simple management reduces or eliminates training costs while allowing changes to be made quickly to large groups of users and documents.
- You can revoke both documents and users at any point using the admin system, regardless of where the PDF is stored. This eliminates the need to track down backups and other digital copies.
- Track opens and prints to discern how often your products are used or create an audit trail.
- Use our API and command-line tools to automate PDF protection and integrate with e-commerce systems.
In combination with an existing WordPress website, Locklizard’s DRM software enables secure and convenient delivery, management, and tracking of PDF files without per-document pricing or complex setup.
Start selling and sharing PDF files from your WordPress site securely today by taking your 15-day free trial.
How do I share a PDF from Google Drive to WordPress?
Technically, you can just hit share, and paste the link into your WordPress posts. However, as we have covered in depth in Google Drive encryption, document controls are easily bypassed. If you choose this route you must be aware that users will be able to copy and paste from, print, and download your PDF files. We recommend that you protect PDFs with a PDF DRM solution before adding them to your media library or uploading as a block in the WordPress editor.
How do I restrict a PDF to logged in users in WordPress?
You can restrict access to pages with PDF file embeds by changing their visibility to “Private” in the page options. However, users with the direct link to the file in the WordPress media library will still be able to access it. You can fix this with plugins such as PDF Embedder or add some code to your theme’s functions.php file, but that won’t stop somebody from sharing their account login or downloading PDFs to share outside the WordPress environment.
The bottom line is if you want to restrict access to PDF files and prevent download, printing and copying, then you need to use a DRM solution.
How do I secure a PDF on my WordPress website?
By protecting it with a DRM solution first. This way, unauthorized users will be unable to open or edit it even if they manage to download it.
Does Locklizard work best for private client sharing or team file sharing?
Locklizard works best for both private client file sharing and team file sharing. You can use Locklizard DRM with your WordPress website to share files with clients securely, sell content securely, and provide secure team file sharing.
Can I embed Locklizard protected PDF files in WordPress blog posts?
Just like you can upload PDF files, you can FTP upload a PDC file to your WordPress site’s server and then provide a link to it (either directly or as a link in a post or page). You can see this live on our secure PDF Viewer demo page.
Alternatively, you can use file block in the WordPress Gutenberg editor to display the downloadable .pdc file in your blog posts. If you choose this method then you will have to modify or your wpconfig or install a file upload plugin before WordPress will allow you to upload .pdc files.
Does Locklizard protect HTML or Microsoft Office files in WordPress?
No, we only support PDF files. If you want to prevent Excel, PowerPoint and Word files from being shared then you have to convert them to PDF first.
Does Locklizard prevent download of PDF files from WordPress?
No, it does not need to since the files that are downloadable are already protected and can only be viewed by authorized users that have a valid license. Locklizard protected PDF files can only be opened on authorized devices and are locked to those devices to prevent them from being shared.
Preventing PDF download is a waste of time since there are easy ways to bypass this in the browser and an authorized user can distribute a downloaded file easily to others.