While I can filter a view using url parameters, like
hidden link
I was wondering if there is a more "safe" way to do that, and avoid people second guessing the id, by putting a random number as xxx.
Surely there're multiple ways, like adding a random string ID in a custom field, but it would be interesting to know if there's a kind of "security guideline" I can follow.
Thanks. Best.
If you're filtering by post ID, there's not much you can do to make the system more secure because post IDs are generated and dictated by WordPress in a somewhat predictable way. A more secure way to filter would be to create a custom field that contains something more complex, like a globally unique identifier, and add a URL filter based on that custom field value. PHP contains some methods you could use to programmatically generate such a unique id, like https://www.php.net/manual/en/function.uniqid.php
I don't really have much in the way of documentation available, as this is a fairly custom implementation, but we offer the Forms APIs if you want to generate a unique identifier programmatically when a post is created with Forms:
https://toolset.com/documentation/programmer-reference/cred-api/
Otherwise, for more security you could consider adding password-protection to individual posts. WordPress provides that capability by default. Even if someone guesses the ID, to access the post directly they would need to enter a password. Toolset Access also provides security features based on User role, so you could prevent direct access to some posts with post groups and Access controls.
