You finished the course. The client's site runs on WordPress. So you do the obvious thing — drag the SCORM .zipinto the Media Library — and nothing useful happens. Maybe it uploads as a dead file. Maybe the page offers a download link to a zip no human can open. Either way, the module doesn't run.
Here's the fix, and it's simpler than every "best SCORM plugin for WordPress" listicle wants you to believe: you don't need a plugin. You need one good link.
WordPress is a CMS, not a SCORM runtime. It can show your course. It can't run it.— the whole article in one line
Host it first, then embed.
A SCORM package is a .zip that expects to talk to a JavaScript runtime — the thing that calls LMSInitialize() and records completion, score, and bookmarking. WordPress serves files; it does not provide that runtime. So the move is always two steps: host the package somewhere that runs it, then point WordPress at the URL.
Publish from Storyline, Rise, or Captivate, upload the package to a host that serves the player (Training OS gives you a stable HTTPS launch URL), and — before you touch WordPress — open that URL in a plain browser tab. If audio, completion, and resume work there, they'll work embedded. If they don't, fix it at the host first; WordPress can't fix a broken launch.
One prerequisite: your WordPress site must be on HTTPS. An HTTP page embedding an HTTPS player throws mixed-content warnings, and some browsers block it outright.
Test the raw launch URL in an incognito tab before you wire up a single button. Most "the embed is broken" tickets are actually "the course was never working" — you just hadn't looked at it outside your own logged-in session.
Two ways to put it on the page.
Once the URL works, you have exactly two good options. Ranked by how rarely they break:
A button that opens the module in a new tab.
Best for: portfolios, client demos, any theme you don't control
In the Block Editor, drop a Buttonblock, paste your launch URL, and set it to open in a new tab. Write real CTA copy — "Launch the module," not a naked URL. This is the option that still works after the client installs three plugins and changes themes twice.
What's good
- Survives security plugins, page builders, and theme updates
- Full-window playback — how Storyline and Rise expect to run
- One Button block, zero HTML
What's not
- Leaves your WordPress page for the module
- Not an inline-on-the-page feel
An inline iframe.
Best for: course landing pages where the demo should live on the page
Add a Custom HTML block and paste an iframe pointing at your launch URL. Give it room — full width, at least 600px tall (700–800px for tall players), and allow="fullscreen" if your authoring tool needs it.
What's good
- Module feels like part of the page
- Good for long-form pages with an inline demo
What's not
- Security and caching plugins love to break it
- Page builders strip raw HTML on save
- Cramped on narrow mobile themes
<iframe src="https://app.trainingos.com/m/your-module" width="100%" height="760" allow="fullscreen" title="Compliance refresher — interactive module" ></iframe>
Where WordPress fights you.
If the iframe misbehaves, it's almost always one of three WordPress-specific things — in order of how often I see them:
1. A security plugin is blocking the frame.
Wordfence, iThemes, and friends sometimes refuse to render external iframes. Whitelist your host's domain in the plugin's content-security settings — or just use the new-tab button and move on with your day.
2. The editor ate your iframe.
Page builders and "sanitize HTML" settings strip <iframe> tags on save. If your embed vanishes after you hit Update, use a block that explicitly allows raw HTML — or, again, the button.
3. A caching plugin is serving a stale page.
WP Rocket, LiteSpeed, and co. cache aggressively. Exclude the page from full-page cache while you're testing, or you'll swear you fixed something that the cache is quietly hiding.
Editing the embed while logged in, seeing it work, and shipping. Your admin session bypasses the cache and some plugin rules. Always verify logged out, in an incognito window— that's the only view that matches what a learner or a hiring manager actually sees.
Before you hit publish.
Run this once, from a logged-out incognito window:
- The button or iframe loads the module — not a download prompt.
- Audio plays, completion fires, and resume works if your package relies on them.
- It looks right on a phone — narrow themes crush iframes; bump the height or fall back to the button.
- Re-check after any theme or plugin update; updates love to re-tighten allowed HTML.
Frequently asked questions.
Do I need a SCORM plugin for WordPress?
Not for hosted playback. A plugin only matters if you want SCORM completion data stored inside WordPress itself. For portfolio demos and most training launches, a link or iframe to a hosted module is all you need.
Why does my embedded course show a blank box?
Almost always a security plugin, a content-security-policy rule, or a Custom HTML block that stripped the iframe. Open the browser console, look for a blocked-frame error, and confirm the raw launch URL works in a new tab.
Should I use a link or an iframe?
Default to a new-tab button — it survives plugins, page builders, and theme changes. Reach for an iframe only when the demo needs to live inline on a page whose theme you control and have tested.
/06 Try it for free
Drop a SCORM file. See it live in 11 minutes.
Free for 3 modules. No card. Lifetime is $149 once. You read the article, you know how this is supposed to work — see it in your own browser.
About the author
Jon Vig · Ex-LMS engineer · founder, Training OS.
How to host a SCORM file (without an LMS).
Tutorial · 14 min read
How to actually host a SCORM file. Without an LMS.
Free SCORM hosting that actually works in 2026.
Tutorial · 8 min read
The five "free SCORM hosting" tools, ranked.
21 instructional designer portfolio examples we steal from.
Examples · 12 min read