Say hello to marketing automation simplicity! With a single login, your self-hosted WordPress installation will be securely connected with Pardot. With the selection of your campaign, you’ll be able to track visitors and work with forms and dynamic content without touching a single line of code. You can use the widget to place a form or dynamic content anywhere a sidebar appears, or embed them in a page or post using a shortcode or the Pardot button on the Visual Editor’s toolbar.


  • Settings area
  • Pardot button in the Classic Editor toolbar
  • Choose from any form or Dynamic Content
  • Use forms in a widget
  • Use dynamic content in a widget
  • A form widget on a page
  • A page can have two forms! Here, one is in the body and one in a widget.
  • Pardot block being added in the Block Editor.
  • Form block being edited in the Block Editor
  • Dynamic content block being edited in the Block Editor
  • Remove Form block in the Block Editor


This plugin provides 2 blocks.

  • Pardot Form Collect information about people visiting your site or landing page and help you turn anonymous visitors into identified prospects.
  • Pardot Dynamic Content Delivers targeted messaging to prospects. Content is displayed according to rules defined in Pardot based on the prospect’s data or attributes.


  1. Upload pardot-for-wordpress/trunk to your /wp-content/plugins/ directory or go to Plugins > Add New in your WordPress Admin area and search for Pardot.
  2. Activate the plugin through the ‘Plugins’ menu in WordPress.
  3. Go to Settings > Pardot Settings and authenticate with Salesforce SSO.
  4. Select your campaign (for tracking code usage).


How do I authenticate with Salesforce SSO?

In order to use Salesforce SSO authentication, you must create a connected application for the plugin in your Salesforce org.

  1. Navigate to App Manager.
  2. On the top right, click the “New Connected App” button.
  3. Enter an app name, API name, and contact email of your choice.
  4. Click the “Enable OAuth Settings” toggle.
  5. Enter a Callback URL to allow Salesforce to redirect users back to your Pardot plugin settings page. The URL should look similar to: https://[YourWordpressDomainHere]/wp-admin/options-general.php?page=pardot.
  6. Add “Access Pardot Services (pardot_api)” and “Perform requests on your behalf at any time (refresh_token, offline_access)” to your selected OAuth scopes.
  7. Save your connected application. A new page will appear with the Consumer Key and Consumer Secret.
  8. Enter your Consumer Key, Consumer Secret, and Pardot Business Unit ID into the Pardot WordPress settings screen. To find the Pardot Business Unit ID, go to Salesforce Setup and enter “Pardot Account Setup” in the Quick Find box. Your Pardot Business Unit ID begins with “0Uv” and is 18 characters long. If you cannot access the Pardot Account Setup information, ask your Salesforce Administrator to provide you with the Pardot Business Unit ID.
  9. Click “Save Settings”.
  10. When the page reloads, click “Authenticate with Salesforce”. Enter your Salesforce credentials in the popup that appears.

You should then see Authentication Status change from “Not Authenticated” to “Authenticated”.

How can I use the shortcodes without the Visual Editor?

Two simple shortcodes are available for use.

Form Shortcode

    [pardot-form id="{Form ID}" title="{Form Name}" class="" width="100%" height="500" querystring=""]

Use [pardot-form] with at least the id parameter. For instance, [pardot-form id="1" title="Title"] renders my Pardot form with an ID of 1.

Optional parameters:

The title parameter is included when using the toolbar button, but it’s not required for display. There is no default.

The class parameter allows you to add additonal classes to the iframe element. There is no default, but the class pardotform is now automatically added, regardless of any additional classes.

The width parameter will set the width of the iframe in pixels or percentage. For example, “500”, “500px”, and “80%” are all valid. The default is 100%.

The height parameter will set the height of the iframe in pixels only. For example, “500” or “500px” are valid. The default is 500px.

The querystring parameter appends an arbitrary string to the end of the form’s iframe source. This is helpful for passing data directly into the form. You can also do this with filters (see below).

Dynamic Content Shortcode

    [pardot-dynamic-content id="{Dynamic Content ID}" default="{Non-JavaScript Content}"]

Use [pardot-dynamic-content] with at least the id parameter.

The default parameter is used for accessibility. Whatever is placed here is wrapped in <noscript> tags and is shown only to users who have JavaScript disabled. By default, it will automatically be your “Default Content” as designated in Pardot. So,

    [pardot-dynamic-content id="1" default="My default content."]

would render something like:

<script type="text/javascript" src=""></script><noscript>My default content.</noscript>

…which would show the dynamic content to users with JavaScript enabled, and ‘My default content’ to users with it disabled. Note that, due to the way the WordPress Visual Editor works, HTML tags for the parameter will be URL encoded to avoid strange formatting.

How do I change my campaign?

Simply choose another campaign in Settings > Pardot Settings and click ‘Save Settings’.

Some of my form is cut off. What should I do?

Since every WordPress theme is different, embedded forms won’t always automatically fit. You’ll want to make a Pardot Layout Template specifically for your WordPress theme:

  1. Go to Forms in Pardot. Find and edit the form that needs updating.
  2. Click ahead to the ‘Look and Feel’ step of the wizard and select the ‘Styles’ tab.
  3. Set ‘Label Alignment’ to ‘Above’ and click ‘Confirm and Save.’.
  4. Click the link to the layout template being used by the form.
  5. Edit the layout template and add the following to the <head> section of the template:

    <style type=”text/css”>
    #pardot-form input.text, #pardot-form textarea {
    width: 150px;

A width of 150px is just a starting point. Adjust this value until it fits on your page and add additional styles as you see fit. For styling help, reference our Basic CSS for Forms page.

I just added a form or dynamic content, and it’s not showing up to select it yet.

Go to Settings > Pardot Settings and click ‘Reset Cache’. This should reinitialize and update your Pardot content.

The editor popup doesn’t work, and I know that my WordPress installation is a little different.

As of version 1.4, developers can now deal with various directory configurations that would previously cause the plugin to break. This is due to the plugin not being able to find wp-load.php.

To fix it, add a new file called pardot-custom-wp-load.php to the plugins/pardot/includes directory (this will never be overridden by updates). In that file, define a constant that gives the absolute path to your wp-load.php file. For instance:

define('PARDOT_WP_LOAD', '/path/to/wp-load.php');


pardot_form_embed_code_[Form ID]

Filter the entire embed code for a given form. A common usage for this is conditionally appending a query string. So, for instance, the following will filter the embed code for form #545 and append an arbitrary parameter along with the post ID of the page being viewed:

function pardot_custom_append_querystring($body_html) {
    return preg_replace( '/src="([^"]+)"/', 'src="$1?this=that&postID=' . get_the_ID() . '"', $body_html );

add_filter( 'pardot_form_embed_code_54796', 'pardot_custom_append_querystring' );

You can apply any conditional logic you want. For instance, this will append the same information, but only if you’re on the “About” page:

function pardot_custom_append_querystring($body_html) {
    if ( is_page('About') ) {
        $body_html = preg_replace( '/src="([^"]+)"/', 'src="$1?this=that&postID=' . get_the_ID() . '"', $body_html );
    return $body_html;

add_filter( 'pardot_form_embed_code_54796', 'pardot_custom_append_querystring' );


Filter the regular expression used to find URLs to be converted to This is only used when “Use HTTPS?” is checked in the settings. You may want to filter this regex if you find it’s not properly capturing and converting your URLs.

function pardot_custom_filter_https_regex() {
    return "/(http|https|ftp|ftps)\:\/\/[a-zA-Z0-9\-\.]+\.[a-zA-Z]{2,63}(\/\S[^'\"]*)?/";

add_filter( 'pardot_https_regex', 'pardot_custom_filter_https_regex' );


July 27, 2023
If you are a Pardot user, don't attempt to use this plugin, it no longer functions correctly.
July 21, 2023
Please pull this plugin unless you are going to put some real support behind it. This is the second time the plugin has completely crashed a client site.
May 8, 2023
Dear Support, WP version: 6.2PHP version: 8.1pardot: 2.0.0 We got notices and deprecation:1) Function WP_Scripts::localize was called incorrectly. The $l10n parameter must be an array. To pass arbitrary data to scripts, use the wp_add_inline_script() function instead. Please see Debugging in WordPress for more information. (This message was added in version 5.7.0.) wp-includes/functions.php:5865 WP_Scripts->localize()wp-includes/functions.wp-scripts.php:221 wp_localize_script()wp-content/plugins/pardot/pardot.php:94 pardot_init()wp-includes/class-wp-hook.php:308 do_action('init')wp-settings.php:623 2) ctype_print(): Argument of type bool will be interpreted as string in the future wp-content/plugins/pardot/includes/pardot-settings-class.php:1229 ctype_print()wp-content/plugins/pardot/includes/pardot-settings-class.php:1229 Pardot_Settings::get_settings()wp-content/plugins/pardot/includes/pardot-settings-class.php:701 Pardot_Settings::get_api()wp-content/plugins/pardot/includes/pardot-settings-class.php:349 Pardot_Settings::is_authenticated()wp-content/plugins/pardot/includes/pardot-settings-class.php:230 Pardot_Settings->admin_notices()wp-includes/class-wp-hook.php:308 do_action('admin_notices')wp-admin/admin-header.php:303 3) ctype_print(): Argument of type bool will be interpreted as string in the future wp-content/plugins/pardot/includes/pardot-settings-class.php:1238 ctype_print()wp-content/plugins/pardot/includes/pardot-settings-class.php:1238 Pardot_Settings::get_settings()wp-content/plugins/pardot/includes/pardot-settings-class.php:701 Pardot_Settings::get_api()wp-content/plugins/pardot/includes/pardot-settings-class.php:349 Pardot_Settings::is_authenticated()wp-content/plugins/pardot/includes/pardot-settings-class.php:230 Pardot_Settings->admin_notices()wp-includes/class-wp-hook.php:308 do_action('admin_notices')wp-admin/admin-header.php:303 4) ctype_print(): Argument of type bool will be interpreted as string in the future wp-content/plugins/pardot/includes/pardot-settings-class.php:1247 ctype_print()wp-content/plugins/pardot/includes/pardot-settings-class.php:1247 Pardot_Settings::get_settings()wp-content/plugins/pardot/includes/pardot-settings-class.php:701 Pardot_Settings::get_api()wp-content/plugins/pardot/includes/pardot-settings-class.php:349 Pardot_Settings::is_authenticated()wp-content/plugins/pardot/includes/pardot-settings-class.php:230 Pardot_Settings->admin_notices()wp-includes/class-wp-hook.php:308 do_action('admin_notices')wp-admin/admin-header.php:303
March 23, 2022
Please fix errors PHP Notice: Undefined index: auth_type in /wp-content/plugins/pardot/includes/pardot-api-class.php on line 450 PHP Notice: Undefined index: auth_type in /wp-content/plugins/pardot/includes/pardot-api-class.php on line 467
May 4, 2021
We've recently switched to Connected Campaigns inside of Pardot and SalesForce. Unfortunately- on this plugin's settings page, None of our Connected Campaigns show up- just unconnected ones. This is critical to our method of being more SF integrated.
March 15, 2021
Worked flawlessly with Pardot authentication but since the switch to Salesforce SSO it's been a nightmare - horrendous to configure and resetting itself every week. And now, as I write, it won't authenticate at all meaning all my lead forms are missing.
Read all 14 reviews

Contributors & Developers

“Pardot” is open source software. The following people have contributed to this plugin.


“Pardot” has been translated into 1 locale. Thank you to the translators for their contributions.

Translate “Pardot” into your language.

Interested in development?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.



  • Feature – Added support for the WordPress Block Editor
  • Fix – When “Always Use HTTPS” is enabled in the plugin settings, non-HTTPS content will be properly converted to HTTPS


  • Fix – Handled an issue that authentication failure (Pardot API Error Code 184: causes the settings page to be stuck in a loading state


  • Fix – Allow custom HTTPS tracker domains
  • Fix – Campaign dropdown now appears immediately after authentication
  • Improvement – Automatically update form & dynamic cached HTML after selection
  • Improvement – Eliminate Pardot Authentication Option (Not functional since February 2021)


  • Fix – Persist access token refreshes properly


  • Fix – Allow retrieving more than 200 assets when authing via Salesforce SSO


  • Fix – Enforce Https for Salesforce SSO Redirect URI


  • Fix – New response of invalid grant causes oauth to become invalidated


  • Fix – v3 Pardot API call that goes to appropriate endpoint


  • Fix – Handle recently added error codes (4xx) to prevent de-authorization


  • Maintenance – Added Salesforce SSO authentication in preparation of Pardot authentication being discontinued in February 2021
  • Improvement – Added authentication status indicator to settings page
  • Improvement – Users no longer need to refresh the settings page after resetting settings
  • Fix – Admin notices no longer overlap the Pardot logo on the settings page
  • Fix – “#cancel” button on popup when not authenticated now closes popup (also changed name to more descriptive “Close”)
  • Fix – PHP error no longer appears when initially adding widget


  • Fix – Prevents a potential error with loading functions from pluggable.php
  • Fix – Look for specific error messages and bail on auto-retrying authentication (to prevent loops)


  • Fix – Show title attribute on form iframe
  • Improvement – Improve encryption of stored strings


  • Improvement – Improve password handling on settings screen


  • Fix – Disable recursion bug that resulted in overloaded cache and transient rows (click Empty Cache button in settings or manually delete the _pardot_cache_keys and _pardot_transient_keys rows from your options table)


  • Fix – Set autoload to false when updating options to prevent large DB value from being loaded into memory
  • Maintenance – Move authorization to headers to conform with API docs (#27) Thanks @adelawalla!
  • Fix – Ensure proper counting when looping through assets (#25) Thanks @stefanwiebe!
  • Fix – Update settings screen text for finding API key
  • Fix – Remove undefined tb_close JS function causing console error


  • Fix – Show any authentication-related error messages returned by the Pardot API to the user, where possible, to aid troubleshooting [106707]


  • Fix – Restored some older cache-clearing code to help ensure Pardot data that preceded the 1.4.6 release is indeed cleared from the cache [104403]


  • Fix – Added support for OpenSSL-based protection of settings data, addressing the deprecation and removal of Mcrypt-support in PHP 7.x [90688]
  • Fix – Implemented changes to ensure the cache can successfully be cleared within environments that use persistent caching [88962]
  • Fix – Prevent PHP errors that would sometimes arise with empty campaign data, especially in PHP 7.0 and higher (props to @jimcin and @jarvizu for reporting this issue!) [102028]
  • Tweak – Resolved an issue that resulted in the display of duplicate confirmation notices when updating plugin settings [99848]
  • Tweak – “Reset All Settings” functionality altered to more reliably delete all settings [90688]
  • Tweak – Added filter hook pardot_get_setting [100888]


  • Fix – Fixed some layout issues when the Pardot shortcode-builder form is viewed in smaller browser sizes or mobile devices [89563]


  • Fix – Restored functionality of the Pardot button in the visual editor [86322]


  • Fixes a more obscure bug that would cause the plugin to become unauthenticated


  • Fixes a bug that would cause the plugin to become unauthenticated


  • Allow connection with API v4
  • Improve regex for HTTPS and add filtering


  • Add HTTPS option
  • Add “querystring” parameter in shortcode
  • Allow embed code to be filtered
  • Change “Pardot Settings” link to “Pardot”
  • Update branding
  • Allow override for wp-load.php in various installation configurations
  • Fixes errant notice on 404 pages


  • Improve WordPress 3.9 compatibility (Tiny popup titles; update Chosen)


  • Fixes a small bug with a JS library being called in the wrong place


  • Add Chosen selector to forms and dynamic content
  • Fix async DC bug
  • Enchance password authentication encoding


  • Add Chosen selector to campaign settings
  • Fix authentication issue


  • Adds support for 400+ campaigns, form, and dynamic content blocks
  • Updates branding


  • Fixed a bug where pardotform class might be applied to closing iframe tag (thanks palpatine1976!)
  • Optimize code to remove some debug messages
  • Improve campaign retrieval for over 200 campaigns


  • Fixed a bug where tracking code might show the wrong ID.


  • Accounts for a minor API change in the tracking code
  • Adds support for 200+ campaigns


  • Fixed a bug with shortcode_exists fatal error


  • Fixed a bug with has_shortcode fatal error


  • Use new asynchronous loading for Dynamic Content


  • Added ability to specify height, width, and class on the form
  • Added class ‘pardotform’ to every iframe for easier styling


  • Add some helpful links to the Reset Cache button
  • Minor UI tweaks
  • Updated the Pardot logos
  • Updated screenshots for 3.5


  • Fix TinyMCE modal bug when no forms or dynamic content is present
  • Support for 200+ forms and dynamic content items
  • Other minor checks


  • Checks for mcrypt and falls back safely if not (fixes blank admin screen bug)


  • Clear cache when resetting all settings
  • Be more forgiving with login whitespace
  • Make some security improvements


  • Make <noscript> default to Default Pardot Content


  • Added dynamic content shortcodes
  • Added title field to form widget
  • Added ‘Reset Cache’ option


  • Added form caching for faster rendering and less requests


  • Fix a caching issue that was causing the most recently-used form to render on all posts/pages
  • Extended API cache timeout


  • Fix bug with form order in content


  • Initial release.