Fallback
If for some reason the PDF cannot be manipulated (for example, server error), do you want to send a copy of the original PDF out to your customer/user? Check this box to allow a “fallback.”
If this box is left unchecked and something goes wrong during the download, the download will fail with an error message. This prevents the end user from receiving a PDF which is not watermarked or passworded.
Encryption Level
Protecting a PDF with limited permissions and/or passwords requires encryption. Encryption can increase the processing time and possibly cause a PHP time-out in some cases, especially if the PDF contains images, HTML or embedded fonts.
Your server must have OpenSSL installed to encrypt PDFs. We recommend you perform testing with encryption before launching to ensure your server can handle the load.
Unfortunately, FPDF only has RC440 and RC4128 level encryption. Luckily, PDF Ink also ships with TCPDF included, and it supports all four levels of encryption. RC440 encryption can be used to get the ball rolling with passwords and permissions on your PDF, but be aware it is no longer considered secure and has fallen out of favor. On the other end of the spectrum, 256-bit encryption is very resource-hungry. If you have shared hosting and a large PDF file, anticipate PHP timeouts if trying to encrypt with 256-bit.
Encrypting PDF Meta Data
If you are using SetaPDF Stamper, at least 128 bit encryption and wish to also encrypt your PDF’s metadata, that can be done with one line of code.
If you are using WordPress, the following line of code would go in your child theme functions.php file or you can add it using the Code Snippets WP plugin.
add_filter( 'pdfink_filter_setapdf_core_sechandler_encrypt_metadata', '__return_true' );If you are not using PDF Ink with WordPress and want to encrypt your PDF metadata, use the following code instead:
function pdfink_filter_setapdf_core_sechandler_encrypt_metadata( $bool ) {
return true;
}Neither of the above two sets of code will work to encrypt PDF metadata unless you are using SetaPDF Stamper with PDF Ink.
Document Permissions
Encrypting a PDF allows permissions to be set. Permissions can be changed in the plugin settings as long as encryption is turned on.
The permission array is composed of values taken from the following:
- print : Print the document
- copy : Copy or otherwise extract text and graphics from the document
- modify : Modify the contents of the document by operations other than those controlled by ‘fill-forms’, ‘extract’ and ‘assemble’
- annot‑forms : Add or modify text annotations, fill in interactive form fields, and, if ‘modify’ is also set, create or modify interactive form fields (including signature fields)
- fill‑forms : Fill in existing interactive form fields (including signature fields), even if ‘annot-forms’ is not specified
- assemble : Assemble or merge the document (insert, rotate, or delete pages and create bookmarks or thumbnail images), even if ‘modify’ is not set.
- print‑high : Print the document to a representation from which a faithful digital copy of the PDF content could be generated. When this is not set, printing is limited to a low-level representation of the appearance, possibly of degraded quality.
- extract : Extract text and graphics (in support of accessibility to users with disabilities or for other purposes).
128-bit encryption is required for permissions fill-forms, assemble, print-high, and extract.
We recommend you allow copy and extract. If not allowed, the PDF will not be readable by humans who rely on screen readers instead of their eyes to read. Keep it accessible!
TCPDF uses SetProtection() and FPDI Protection uses something similar. More information about TCPDF SetProtection() here and here.
The ‘pdfink_filter_permissions’ filter hook allows you later control of your file permissions, maybe based settings passed in parameters. Keep in mind, this hook will override any general settings or per-product settings. You can take advantage of the filter as follows (preferably in your child theme functions.php file or a custom plugin):
function pdfink_filter_permissions( $permissions, $settings ) {
$permissions = array( 'modify', 'copy' ); // maybe add any others you may want to block here, in the array
return $permissions;
}Also, understand that permissions are adhered to by apps on an “honor system.” You will find that some applications honor the permissions you set, and others do not. Please understand this is outside anyone’s control but the people who write the applications.
User Password
PDF Ink allows you to set two types of password: user and owner. If you don’t set any password, the document will open as usual.
If you set a user password, the PDF viewer will ask for it before displaying the document. Typing the word “email” into the settings password field will force the end user to open the PDF with the downloader’s email address (if collected by anticipated means, WooCommerce/EDD/DLM). The word email works magic in this case, but must be lowercase and without punctuation. If you type the magic tag “[EMAIL]” into the settings password field, the password to open the PDF will be [EMAIL] (the magic tag does not work magic in the password field — it’s just wrong).
Similarly, if you type the word “phone” (lowercase) into the settings password field, a phone number (IF COLLECTED during checkout) will be set as password.
Keep your sanity — here are some ideas to consider before selling passworded PDFs.
Alternatively the ‘pdfink_filter_password’ hook can be used to programmatically set a different password (based on unique $_POST data, for example) if desired.
add_filter( 'pdfink_filter_password', 'my_own_password_function', 10, 2 );
function my_own_password_function( $password, $settings ) {
try {
$order = wc_get_order( $settings['uid'] );
$order_data = $order->get_data();
$phone = $order_data['billing']['phone']; // might be wise to set up a fallback in case this is empty
// maybe remove any non-digit character from phone number
$password = preg_replace('/D+/', '', $phone);
// return phone as password
} catch ( Exception $e ) {
error_log( 'Unable to get a WooCommerce order object from UID in settings array.' );
}
return $password;
}The example above uses the customer’s billing phone. It would be important in this instance to require a phone number from your customers!
Owner Password
Most people do not know the owner password for their PDFs, and nobody else should know the owner password for your PDFs. If someone has your PDF owner password, they can remove all protections and “own” full control over the PDF content.
With the creation of each PDF, an owner password is generated for you if one is not set here. One must be set, so we recommend you set something good and un-guessable here.
If a (correct) original/open password is set, then the owner password will be re-set to the original after manipulation.
Both the owner password and original/open password are stored encrypted and are not viewable/copy-able from the settings screens. We recommend you copy/paste the value to ensure you have typed it correctly in the settings field because the only way to verify you have stored it correctly is to later test that it successfully opens the PDF or not.
Unlock with User Password
This setting completely unlocks the PDF for your customer with their user password, as if it were an owner password. We don’t recommend turning this on in 99.9% of cases, but if you have a use for it, go for it.
Original/open Password
(TCPDF/SetaPDF-Stamper) If this is set to the correct original owner password and not over-written by the owner password setting, the PDF owner password will remain unchanged after manipulation.
(SetaPDF-Stamper only) Usually all PDFs must be un-encrypted (no passwords, no protections) in order for PDF manipulation libraries to interact with them. If your PDF is passworded and you want for it to stay passworded on the server, you can put the password here and SetaPDF Core will unlock the PDF before manipulation. The password is obfuscated when stored in your WordPress database.