Wednesday, May 18th, 2022

Permalinks – Make posts inaccessible without a unique ID in the URL

I have created a custom post type for creating and sending proposals. I password protected the posts, the password is the client’s email address (the value of a custom field).

Even though it’s already a pretty good security, one can still guess the post. Especially since the URL structure is (12345 being the post ID). I’d rather post something completely untraceable by someone who doesn’t have a direct link.

I managed to create a function that generates a custom token upon post creation and saves it to the custom field of the post.

Is there a way to make posts accessible only (with password) via URL+token?

Of course this means that the post is fully accessible (404?) via a normal URL (even with a password).

Another solution would be to modify the post url structure, adding that unique token at the end. But my fear is that the url+token will be made searchable by google for example.

Thanks in advance for any input!

Source link