Tips & Tricks

How to Protect a PDF Before Sending It to an External Partner

Sending a PDF to an external partner, a client, a vendor, or a contractor means the document leaves your control. The recipient can forward it, copy it, print it, or extract content from it. Password protection, editing restrictions, and metadata removal are the three controls that determine what the recipient can do with the file after it arrives. Applying the right combination of controls before sending protects the document without making it difficult for the intended recipient to use.

This guide covers the three protection layers and when to apply each. Not every document needs all three. Applying protections that are not needed makes the document harder for the recipient to work with. Applying too few protections exposes the document to misuse. The right combination depends on the document's content and its relationship to the recipient.

According to a 2025 report by the data security firm Varonis, 41 percent of companies had at least one incident in the previous year where a document shared with an external party was accessed or distributed in a way that violated the intended sharing terms (Varonis, "External Data Sharing Risk Report," 2025). Most of those incidents were not malicious. They were the result of recipients not understanding what they were and were not permitted to do with a document that had no explicit restrictions applied.

How to Protect a PDF Before Sending It to an External Partner

Layer One: Password Protection

A user password, sometimes called an open password, prevents anyone from opening the PDF without entering it. Apply this when the document contains information that should only be seen by the specific recipient. The password should be communicated through a different channel than the file. If you email the PDF, text or call with the password. This way, an intercepted email contains either the file or the password, not both.

An owner password restricts specific actions like editing, printing, and copying text without preventing the document from being opened. Apply this when the document should be viewable but not modifiable. The PDF Password should be shared along with the file so the recipient can open it, but the permissions restrictions prevent casual modification.

WukongPDF

Try Protect PDF

No installation needed. Works directly in your browser.

Get Started โ†’

Layer Two: Permission Restrictions

Even without a password, you can restrict what recipients can do with the PDF. Disable printing if the document is intended for screen viewing only. Disable content copying to prevent text and images from being extracted. Disable page extraction to prevent the document from being split apart. These restrictions are enforced by the PDF reader, not by encryption, which means a determined recipient can bypass them with the right tools. They protect against casual misuse, not against deliberate extraction.

The PDF Encryption that underlies permission restrictions is designed to set expectations, not to provide military-grade security. A recipient who is determined to bypass editing restrictions will find a way. The restrictions communicate that the document is not intended to be modified, which is sufficient for the vast majority of business relationships where the recipient is acting in good faith.

Layer Three: Metadata and Hidden Data Removal

Before sending a PDF to an external party, check what hidden data it carries. Author names, revision history, comments, and embedded file paths can reveal internal information that the visible document does not. Remove or clean this data. The recipient should see only what the document's visible pages show, not the editorial history or internal file paths embedded in the document structure.

WukongPDF's PDF Security tools cover all three protection layers. Apply password protection, configure permission restrictions, and clean metadata before sending. The document that arrives in the recipient's inbox contains exactly what you intend to share, with restrictions that match the sensitivity of the content and the trust level of the recipient relationship.

Verifying Protection Before Sending

After applying protections, open the protected PDF in a reader and confirm the restrictions are working. Try to copy text. Try to print. Verify that the password prompt appears if you set one. This verification takes thirty seconds and catches configuration errors before the document reaches the recipient. A protection setting that you thought you applied but did not actually apply provides no protection at all.

WukongPDF

Try Protect PDF

No installation needed. Works directly in your browser.

Get Started โ†’