Considering you use login system for your users, and they have roles and groups, you can limit the access to the content by defining who have permission to view it, and when someone tries to view it compare his role/group to the permitted roles/groups.
If he have permission, show the content.
If he don't, show something else like message that says that he is not allowed to view the content.
For security you should at least do both: create a .htacces file AND check if the user visiting the page is allowed to perform the actions he is about to perform (by, for example, matching his user rank - which was set when he logged in - against the user rank that is required to perform the action).
if user logged in she'll have an 'id' and 'level' in session vars. Just check against these. Redirect away from the page if 'level' isn't high enough.
Using get and post - just as vulnerable as each other. They can't be trusted, so you should always treat them as if they're suspect.
Another method I've used on occasion, is to use a confirmation hash.