Membership 2 Pro URL Rule Writing

I had part of this in another thread, but this seems best in it's own thread completely. I migrated to membership 2 pro because I was having some other issues and support recommended I get to the new version so I don't have to repeat the work again later, which made sense, but I am struggling to figure out how to do what I need done.

I only have 2 levels - free and members. Free needs to be able to see the members page (which is called therapists in this install) and be able to view each of their profiles, nothing else beyond that.

I was able to do this relatively easily in the earlier membership plugin, but for whatever reason I can't figure it out and there is no detailed documentation on how you can use URL restrictions in a more advanced manner.

So this is what I have to have done/tested, or some at least, but I have tried a lot of things. - open to members and free. This is a buddypress page for members, and needs to be, so that already seems to cause some challenges using the BuddyPress piece. - open to members and free both.

Everything below the profile (or username like above) I need blocked. Then I need all the standard stuff blocked, which really doesn't represent a problem.

I have a staging environment (and I am adjusting the URL accordingly) and I am seeing some REALLY strange stuff. For example I can add just the straight up therapists directory but it blocks for everyone, even if I add in both groups for access.

Also it isn't accepting any of the variables I used to use in the previous version, or ones I have looked up using standard regex commands (which maybe it isn't supposed t0, but one ticket referenced that).

Given there could be some issues doing it in staging, but I tried at first in production and was having so many issues I didn't want to keep doing it in production, so can anyone give me the rules to make this work? Really this should be pretty easy, as long as I can get the username variable excepted.

So just block access here to free users - - ideally everything below it, but worst case I can enter the five main directories below this to block.

Then I can easily block the rest with URLs.

And last, what would be ideal is to use the built in BuddyPress rules, and then have a rule read before it that allows the access I need. I wasn't sure if these rules were read in order and/or how it gives precedence if two rules contradict (I assume deny wins, which is why this might not work). But the BuddyPress rules, although are nice, I wish were a bit more granular.

Anyway, help would be appreciated. I searched the forums and only saw one ticket that was somewhat similar, but still didn't provide quite enough - in fact I found it pretty confusing looking at the syntax when I review other syntax online that I thought might apply.

Ok, sorry for the long question! Thanks, David

  • Vinod Dalvi

    Hi David,

    I hope you are well today and thank you for your detailed question.

    In the Membership 2 Pro plugins you can use "BuddyPress Integration" and "URL Protection " add-ons as displayed in the attached screenshot to protect BuddyPress pages and individual URLs.

    URL Protection rule overrides all other rules, so use it carefully. URL protection includes regular expression support, so you can drill down into specific content as much as you need.

    I don't think the Membership 2 Pro plugin supports variables in the URL protection rule but to confirm it i have notified our plugin developer to get his valuable reply here.

    He will reply here ASAP but please keep in mind though that plugin developers have a lot of responsibilities so this might take a bit longer than a normal ticket.

    If the variables don't support then we will try to achieve this creating regex.

    If you have created any regex previously to achieve this then please share it.

    Kind Regards,
    Vinod Dalvi

  • David

    Thanks - and yes these are the two I have been testing for hours. Here is an interesting fact I didn't mention. If you look at the BuddyPress bottom option, it reads exactly as I am trying to have work.

    "Member listing
    Only members can see the BuddyPress Member Directory and Member Profiles."

    But I have tried this, with adding both groups for access, removing both and leaving at everyone, but all it does is let me see the main directory, but the moment I click to see the full profile I get an access error. But maybe it isn't meant to work that deep.

    The other challenge is it isn't an option to use the full URL, without some variable option I would have to put in 340 URLs and then every new member do the same. So hopefully I can hear soon if this is even going to work because I have to roll back asap if it isn't. I can't imagine this isn't something many users want and use, but maybe not. Anyway, thanks.


  • Tyler Postle

    Hey David,

    Thanks for your patience here. Working alongside Vinod on this.

    I was testing this on my site and I did notice that there is an issue with the BuddyPress Member protection option as for me it protects profiles but not the members directory itself. I will let the developer know about this :slight_smile:

    With that said, when I used the url protection and entered in:

    Then added my memberships to it, it worked exactly how I think you're wanting it too. It protected the members list page and also the profile pages from visitors. Only users who had memberships that I assigned access to that url were able to see them.

    Is that still not working properly for you? If not, would you mind granting support access and we could have a closer look? :slight_smile:

    You can grant support access via WPMU DEV > Support > Support Access > Grant Access.

    Look forward to hearing back!

    All the best,

  • David

    I would love to have you look at it - you can see my staging environment which was copied over yesterday, so will be great to look at.

    You will see the members directory is actually therapists - so if you click on the therapists you get the whole list, which is the members page for BuddyPress. Then I need the free level to be able to access the actual profile page, but nothing else (seeing the sites, therapists, groups, etc is all fine, but they must get the protected content message if click on it).

    The two groups setup are:
    DTN - which is the free level
    Registered Therapists - which is the members.

    So I did so much testing yesterday it is a bit of a blur, but in testing now, and looking at my notes I swear I am seeing something different. Now when I have the member listing under BuddyPress unchecked everyone can get to the whole therapist list, the profile, AND all the other content after (groups, etc). Unless I am completely wrong, I was getting blocked at the profile page before.

    Regardless that means the fix would be simple. Find a way to block all content after the profile page. However that would require the use of some sort of variable, like the username variable. Or we would have a heck of a challenge adding a separate ULR for all 340 therapists.

    What I can't get working is anything out of a straight URL AND all of the sub-content - I can't figure out any syntax to get just one directory open and not the child directories, etc.

    I will send you the credentials now, just let me know if you have any questions.

    Thanks! David

  • Tyler Postle

    Hey David,

    Thanks for the detailed reply and granting support access. I've just taken a look at your site and I think I may be misunderstanding something here and it seems to be working how I thought you wanted it too.

    The /therapists/ page is accessible by everyone, but the profile pages are blocked and only accessible by the members of the "Registered therapists" group, or are you wanting visitors/free members to be able to view the profiles as well?

    Talk to you soon!


  • David

    Yes, visitors have to be able to see the profiles. Think of it this way. You are a visitor coming to this site to find a therapist, so you want to view their whole profile, but not be able to see anything else about them, like the therapy groups, activity, etc - so with the old plugin I just used the URL rules to block everything past the username (profile), and I need to find a way to do the same thing.

  • Tyler Postle

    Hey David,

    Sorry about that - I totally misunderstood in the first place.

    If you look at the BuddyPress bottom option, it reads exactly as I am trying to have work.

    "Member listing
    Only members can see the BuddyPress Member Directory and Member Profiles."

    That part there threw me off I think :smiley: thought you wanted both protected.

    Anyways, I've been testing it out and doesn't look like M2 actually supports regular expressions right now. It automatically protects the url and all of it's children. Vinod already flagged the dev so he should be by soon and we'll see if there is a custom way we can do this for you :slight_smile:

    In the meantime, let us know if you have any further questions.


  • Philipp Stracker

    Hi David,

    as Tyler mentioned, currently M2 does not support regular expressions in URL Protection rules.

    But it is very easy to add you own, custom URL Protection logic via a small plugin, like this one:

     * Plugin Name: M2 Custom URL Protection
     * Description: Applies custom protection logic to URL Protection
     * Version:     1.0.0
    add_filter( 'ms_rule_url_model_check_url_expression_match', 'my_regex_check', 10, 3 );
    function my_regex_check( $result, $real_url, $patterns ) {
      foreach ( $patterns as $pattern ) {
        if ( $result ) { break; }
        // Example of custom logic:
        // Create 2 URL-rules for ":profile-home:" and ":profile-details:"
        if ( ':profile-home:' == $pattern ) {
          // Checks if the URL ends after the username.
          if ( preg_match( '!/therapists/\w+/?$!', $real_url ) ) {
            $result = true;
        } elseif ( ':profile-details:' == $pattern ) {
          // Checks if the URL contains text after the username.
          if ( preg_match( '!/therapists/\w+/.+!', $real_url ) ) {
            $result = true;
      return $result;

    This is the most flexible way to protect your URLs as you can add custom code/conditions in there and check for anything you want.

    I hope this helps, else let us know :wink: Philipp

  • David

    Ok, thanks. I think I will just roll back to the last plugin. I think you should do a better job communicating the limitations of the replacement plugin though, as I can't imagine I am the only one that is going to run into these challenges. I sure wish the first ticket I opened addressed this as I actually brought up the need of custom URL protection - would have saved me now probably 7 hours of work and time.

  • David

    Thanks for writing this plugin - it is an interesting solution and might be easier. But I am a bit confused on what exactly to do. I did get it added and recognized as a plugin, but are you saying this actually will add this functionality to the membership 2 plugin so it will now recognize a regex? And if so I guess in reviewing this it isn't real clear what I am adding to the rules to make this work.

    So add these two rules - first one give permission to everyone


    And second one will just apply to the free user (essentially blocking?)


    Thanks for taking the time to put this together! And staging is updated with this plugin, and I granted access, if that is easier to show me on staging. Thanks!

  • David

    Okay, I get it. Use the "":profile-details:" - that is sweet. And it seems to work. However in staging, and I need to test in production, but I realize one thing that keeps causing confusion, and would be interesting to hear if this is affecting you as well.

    It seems that URL restriction AWAYS restricts - no matter what group I list having access. Because when I add the profile-details rule it blocked all the stuff I wanted for free users, but the moment I add the other rule in, and give the free user access (so in theory should allow free user to see the profile), it blocked it.

    However, making this more confusing, when I have the rule profile-details included, and no one access, it doesn't stop the logged in user from seeing details, which I expected it would.

    So as I see this I realize in my testing I was seeing a lot of strange results too, that seem inconsistent, so you might want to test some of this. Regardless I still think I can make this work, even if what I am seeing is accurate. Thanks.

  • David

    Here are a few more details. First, all the work/testing since you provided the custom fix has been with the updated membership plugin (looks like that updated today at some point?), and I am using that version in staging as well.

    I did notice another strange issue as a user contacted me, which might be new to this version, but not sure. BuddyPress successfully blocks and allows access to but NOT - if there is no trailing / it blocked access. Or as I write this it could be related to a page rule I had and that defaults to groups/ but regardless I had a custom link set without the trailing dash and it was failing, and maybe I should have clued in sooner, but with all the testing I have been doing it took me forever to realize this was just because of the trailing "/" on the url missing in the custom link.
    Thanks, David

  • David

    So I really have no idea and this will all need tested on a clean site, because in part by doing so much testing before upgrading the plugin to now has created even more confusion, but I think there are some challenges with this plugin (or my site).

    I just found another strange issue. With BuddyPress membership on (and only other thing is pages and menu, no URL put in), if I leave the Member Listing rule in BuddyPress set to EVERYONE - meaning I don't explicitly add the membership group, it actually stops a logged in user from looking at profiles, which means "everyone" is not really everyone, but once I add in that membership level all is fine and the logged in user works again.

  • Vinod Dalvi

    Hi David,

    Thank you for your replies.

    I think one thing that was creating some issue is caching of credentials.

    Cache plugins can often interfere with Membership plugin functionality. If your users are not being assigned memberships after successfully paying and logging into your site, check if you have object cache enabled in your cache plugin. If so, add the following to the non-persistent fields/groups


    Not sure if that simple as I would have to go back, but it does seem to be working with the custom URL plugin now.

    So is everything regarding URL protection working fine with you now using custom URL plugin?

    Vinod Dalvi

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.