I want to prevent users from dynamically viewing any random portlet that they wish to, on the existing layouts....

Steps to reproduce:
1 Register a new user.
2 Login as that user.
3 After logging in, place the following url:
http://localhost:8080/portal/web/guest/home?p_p_id=3&p_p_state=maximized&_3_struts_action=%2Fsearch%2Fsearch&_3_keywords=&_3_groupId=0

In this example, any user who has logged in, can view the search portlet with this link (layout: /web/guest/home).
As a security requirement, I need to prevent this access, since they can then do some manipulations on the url to get user information/upload documents.

In my case, the new users log into a private guest layout (as site members) and it is a security risk.

I checked that I can set <add-default-resource> to false in liferay-portlet-ext.xml ..... then new users are not able to add the portlet to the page...
But I will then have to do that for around 98 portlets and a few of my own.....

Is there anything that I can do at the portal level (or in the 2 layouts in my private guest site: /portal/group/guest/welcome and /portal/group/guest/myprofile) that would prevent users from manipulating the urls.