Login screen gets redirected to protected content

Good day,

Here’s a weird issue. When I click the Login link on my website, I get redirected to a page that is protected from the Visitor role, and thus get hit with a page that says “The content you are trying to access is only available to members. Sorry.”

I can see in the URL that after clicking the Login link and waiting for the login page to load, the URL gets redirected to a page that I have set to be only available to premium members, thus it would be protected from Visitors.

I see the URL has this type of structure, https://mydomain.com/protected/?redirect_to=https%3A%2F%2Fmydomain.com%2Fmembers-only-page%2F

I am glad the user gets the protected content page when the page tries to redirect to that Members Only Page in the URL structure.

But the user should be automatically redirected to that page AFTER he logs in. For some reason it seems like the site is bypassing the login screen and trying to go directly to that Members Only Page, which the user cannot access until after he logs in, but there is no login form to log into!

I also use the Theme My Login plugin to display the login form. And I just installed an SSL certificate on the site. The login form was working fine with the Theme My Login plugin before I installed the SSL, but now after I installed the SSL, I have the trouble I explained above.

It doesn’t seem to be SSL related though. Do you know why this behavior is happening?

I looked in the Access Levels and I am definitely allowins my Visitors to access the Login Page fine, but it seems like the Login page is being bypassed for some reason I am hoping you can help with!

I granted you access to look around as well.



  • Vinod Dalvi
    • WP Unicorn

    Hi Nick,

    Sorry to hear of the problem you are having.

    I have troubleshooted it on your site and found if i visit the page https://mydomain.com/wp-admin/ then the log in form is displaying fine but the protected content page is displaying on visiting the page https://mydomain.com/prem-login/

    The strange thing is this that the lost password page https://mydomain.com/prem-lostpassword/ is also accessible.

    Could you please just try deactivating theme my login plugin and check whether the log in page https://mydomain.com/prem-login/ is accessible or not?

    I will further troubleshoot the issue but in the meanwhile you can just temporary change the log in URL link to https://mydomain.com/wp-admin/ in the header of your site so that users can get the log in form.


    Vinod Dalvi

  • Nick
    • The Incredible Code Injector

    Thank you for your help. Just a quick thing…would you mind not using the domain name in your replies? That’s why I was using “mydomain.com” in my initial post. I don’t want the domain listed on a public forum as I troubleshoot.

    Everything you say I can confirm. I did notice that the login form for http://mydomain.com/wp-admin works fine and the Lost Password page works fine as well!

    On the http://mydomain.com/prem-login page, the only content on that page is the shortcode for Theme My Login: [theme-my-login]

    When I delete that shortcode from the prem-login page and just add text, like “This is the login page.” the page loads fine! No more Protected Content message!

    So it appears that I only get that Protected Content message on the prem-login page when I have the [theme-my-login] shortcode on the page. But I think the Protected Content message correctly appears because it looks like when going to http://mydomain.com/prem-login the user gets immediately sent to the Members Only” page, which should indeed be protected. I am using the WPMU Login Redirect plugin and have that set to http://mydomain.com/members-only upon login. But for some reason when going to the http://mydomain.com/prem-login page (which only contains the [theme-my-login] shortcode), the user is immediately sent to the page I set in the WPMU Login Redirect plugin, and completely bypassing the login form!

    I just tried placing the [theme-my-login] shortcode in between the [level-visitors] [/level-visitors] shortcode to see if that would allow the Visitor role to see the login form, but that didn’t work either.

    As you saw, for Visitors, the Theme My Login plugin works fine for the http://mydomain.com/wp-admin page because the login form is displayed within the website and not the standard WordPress login form. But for some reason, adding that shortcode to the page causes that Protected Content message for Visitors.

    I don’t think I want to make the login URL lead to http://mydomain.com/wp-admin because I really don’t want my visitors knowing about the wp-admin page.

    I could change the Login link to http://mydomain.com/wp-login.php. I initially had that page not available because it leads to the standard WordPress login page. But for now that works. But I do really want the login form contained within the website, which is why I created the http://mydomain.com/prem-login page and added that [theme-my-login] shortcode.

    Thank you again!

  • Jack Kitterhing
    • Code Norris

    Hi there @nick,

    Hope you’re well today and thanks for your question! :slight_smile:

    Also your settings look good, one way to get around this would be to switch to positive rules and then set a URL group for that URL and add it to the visitor level, which should then allow them to access it.

    Would that work for you?

    Thank you!

    Kind Regards


  • Nick
    • The Incredible Code Injector

    Hi everyone. I actually discovered the issue, and its something I never would have thought about.

    I have a membership site where a user registers for an account and then logs in to access special pages. If a user not registered and not logged in tries to access those special pages, they receive an error saying those pages are protected for members only. Once a user logs in, they get automatically redirected to the main membership page.

    I use the Theme My Login plugin to allow the login form to be within the website, not on the default WordPress login screen.

    I had a website with a subdomain, i.e. test.mydomain.com, with the Theme My Login plugin installed. This website was on a GoDaddy cPanel hosting plan. When I clicked on Login on this site, I was able to successfully see the login form within my website’s theme.

    I then migrated the website to the primary domain, i.e. mydomain.com, to a GoDaddy Managed WordPress Business hosting plan. This time, when I clicked on Login on the site (which was identical to the site with the subdomain on the cPanel hosting), I received an error about the content being protected. The URL shows the user was trying to be redirected to the main membership page…which one would get to AFTER logging in. But I never received the login form, so I was never able to login. The user being sent to the main membership page without logging in would result in that protected content error.

    For some reason, once I migrated the site from a subdomain on the GoDaddy cPanel hosting plan to the primary domain on the GoDaddy Managed WordPress Business plan, the Theme My Login plugin no longer worked. I tried deactivating, deleting, reinstalling, etc., but nothing works.

    So the Membership plugin works perfectly. And so does the Theme My Login plugin, as long as its not on a managed hosting plan.

    Hope that helps others.


  • Vinod Dalvi
    • WP Unicorn

    Hi Nick,

    Awesome, great to see you got that discovered and thanks for sharing the solution in the community.

    I hope the solution you have shared will help others facing the similar issue.

    Your help is really appreciated.

    Thank you for being a WPMU DEV member and have a great day!


    Vinod Dalvi

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.