I have a site with several thousand public pages that use randomly generated slugs for their pretty urls. The content is public in the sense that if someone knows the URL, they can see the content. I’m looking to prevent someone from just hammering the server with /?p=XXXX incrementally to view all the pages.
I’ve added remove_action('wp_head', 'wp_shortlink_wp_head', 10, 0); to prevent the site from publishing the shortlinks in the page’s head. But it doesn’t take a genius to see the site is run by WordPress and thus try incrementally increasing a post number to scrape all the content.
Is there a way to use something like if( isset( $_GET["p"] ) ) { ... } to disable accessing shortlinks while still allowing the pretty urls to resolve?