Enable Enhanced Security: the secret attribute for shortcodes

Views have an “Enable Enhanced Security” setting that forces the use of a secret   attribute on shortcodes. The “secret” is a type of password that prevents unauthorized users from guessing the View ID and accessing potentially-sensitive data. Read more about why we added the `secret` attribute.

The View Settings box, with Permissions tab activated, showing Enable Enhanced Security checked. There is a red box in the screenshot to highlight the setting.

Auto-enabled for new Views

This setting will be auto-enabled for new Views, and you can enable it manually for existing Views. The secret   attribute is automatically generated, and is unique to each View.

Enabling or Disabling Enhanced Security

⚠️ Before you disable Enhanced Security, ask yourself:

  • Does this View show any sensitive information?
  • Would you be concerned if another editor on your site were able to view full contents of the View?

How to modify the Enable Enhanced Security setting:

  1. Edit the View, 
  2. Go to the Settings box,
  3. Select Permissions
  4. Uncheck the "Enable Enhanced Security" setting. 
  5. Update the View

When enabled, shortcodes showing data from the View require the secret   attribute

When this setting is enabled, all shortcode instances of [gvfield]   and [gventry]   based on a View with this setting enabled will also require the secret attribute.

GravityView blocks in the WordPress Block Editor automatically use the secret; no additional configuration is required.

What happens when Views require a secret, but the shortcode doesn't have one

If the Enable Enhanced Security setting is enabled and the embedded View, block, or shortcode doesn't contain the secret   attribute, the content won't be displayed. Instead, this message will appear instead on the page (only visible to Administrators):

The [gravityview] shortcode is missing or has an invalid "secret" attribute. Update the shortcode with the following attribute: secret="abcde12f3gh4"  

To resolve, edit the page and update the shortcode to include the secret, as shown in the message.

How to find a View's secret

The secret will be automatically generated for each View and can be copied from the Publish metabox inside the View editor.

Embed shortcode for published post with secret attribute highlighted. Clicking the Embed Shortcode box copies the full embed code.
Click the Embed Shortcode input to copy the full shortcode, including the secret.

It can also be found on the Shortcode column inside the All Views page for Views where this setting is enabled:

Shortcode examples with optional secret attribute for enhanced security
The Shortcode column on the All Views screen.

FAQs

Is there a way to change the View’s secret?

That's possible, but not built-in. If you know your secret has been exposed to a user on your website whom you don't want to have access to your contact, it is a good idea to change the secret. Contact support to learn how.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us