Protected content throwing 404 error instead of 'No Access' page

Hi, I'm having trouble with a very minimal Membership setup. Basically, what's happening is that my protected content pages are throwing 404 errors instead of showing the 'No Access' page I've defined in the Membership settings.

My configuration:
Wordpress v3.2.1
Membership v2.0.7
Two membership levels: Visitor, Premium
Stranger setting: Visitor

Level settings:
Visitor - one negative restriction. Cannot view the page "Studio"
Premium - no restrictions

I've created a page called "No Access." This page is visible to Visitors and Premium members both, no problem. This page is set as the Protected Content Page in the Membership options.

Created a page called "Studio." As mentioned above, Visitors are barred from viewing this page. Logged in Members are able to view the page fine. When a Visitor attempts to view the page, I'd expect the 'No Access' page to be shown -- instead a 404 error page is being returned.

I've tried both settings for "Override 404 with protected content page" -- no change.

I've tried changing the permalink settings back to defaults.

I've tried creating whole new "Studio" and "No Access" pages, and reassigning them in the Membership options. Same problem.

No PHP errors being thrown to error.log. Here are the two lines from access.log:

For a logged in member: - teleotic [27/Jul/2011:22:24:39 -0700] "GET /changemaking/studio HTTP/1.1" 200 4315 "" "Mozilla/5.0 (X11; Linux x86_64; rv:5.0) Gecko/20100101 Firefox/5.0"

For a visitor: - - [27/Jul/2011:22:29:28 -0700] "GET /changemaking/studio/ HTTP/1.1" 301 611 "" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.124 Safari/534.30" - - [27/Jul/2011:22:29:28 -0700] "GET /changemaking/2011/07/studio/ HTTP/1.1" 404 3904 "" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.124 Safari/534.30"

So what it looks like to me is that the Membership plugin is throwing a redirect, but instead of sending the Visitor to the 'No Access' page, it's sending them to what would be the permalink if it was a post instead of a page.

For good measure, here's my .htaccess:
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /changemaking/
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /changemaking/index.php [L]

# END WordPress

Halp! Any assistance would be appreciated.


  • beturgo
    • Flash Drive

    Hey Tim,

    I recently had a similar problem with membership. Two things you should do

    First disable all other plugins aside from Membership in case their is a conflict.
    Second navigate directly to the no access page when you are there as a visitor.

    If it comes up as a 404 again when you try to access it directly that probably means there is a problem in the page permissions.

    It took me a couple of hours to sort this same thing out last weekend.

    Good luck and I hope it helps,


  • teleotic
    • New Recruit

    Thanks. As I said above, the 'No Access' page is visible to Visitors and Premium both if you go there directly, but I just double checked on your advice -- and it shows correctly.

    Also, just tried disabling all plugins except Membership and WPMU Update -- still getting the 404.


  • teleotic
    • New Recruit

    Aye, that'll get unwieldy fast. But I tried it out on your suggestion -- and the same problem occurs. :disappointed: The 404 is still popping up for the one page I didn't specifically allow. Same redirect to an incorrect URL, too.

  • beturgo
    • Flash Drive

    I was actually able to replicate the same thing you are seeing, and figured out why it hadn't affected me before.

    URL Groups will protect content and generate the right error.

    I have a bbpress forum that I'm using membership to protect and I just protected the whole forum using a regular expression


    puts up the no access page to every url that starts with ^

    Hope this one finally gets it working for you.

  • Charles
    • Design Lord, Child of Thor

    I was going through this same problem a couple weeks ago. I tried everything the folks here suggested but it didn't work. With mine I think the problem was that my theme redirected from the 404.php file to something like not_found.php. Instead of messing around anymore I just changed the text in that file so the error page said what I wanted it to. If all else fails you might just want to take that approach.

  • teleotic
    • New Recruit

    Hi Phil,

    You can't add both positive and negative rules of the same type to one Level at the same time, as far as I can tell. (So you can't add Pages as both a Negative and a Positive.) The Visitor level *can* see the "No Access" page if I put the link to it straight into my browser.

    Like Charles, I thought this might be a theme issue, so I switched back to the 2011 theme, but the error still happens.

    Dan, thanks for the URL Groups suggestion. That does work. But when I eventually hand this site off to my client, I know they'll find it easier to checkmark some boxes than struggle with regular expressions. :slight_smile:

    Phil, when I use Dan's suggestion of URL groups, restricted content gets redirected to "/changemaking/no-access" -- the "No Access" page I set up. As it should. So this has to be a bug with how the Membership plugin redirects people when processing Page rules.


  • Barry
    • DEV MAN’s Mascot

    When a Visitor attempts to view the page, I'd expect the 'No Access' page to be shown -- instead a 404 error page is being returned.

    It's actually the behaviour i would expect as, as far as that user is concerned, the page doesn't exist so WordPress is returning a correct 404.

    If you want to force *all* 404's to go to your no access page (before we get 2.1 out of the door) you need to setup a 404 template in your theme that redirects to the no access page.

  • teleotic
    • New Recruit

    Hey Barry, thanks for the reply. I get what you're saying there, and it does make a certain sense, but if that's the case, why does content protected by a URL Group regex redirect to the "No Access" page correctly? - - [28/Jul/2011:10:48:55 -0700] "GET /changemaking/studio HTTP/1.1" 302 435 "" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.124 Safari/534.30" - - [28/Jul/2011:10:48:55 -0700] "GET /changemaking/no-access HTTP/1.1" 200 4511 "" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.124 Safari/534.30"

    That seems inconsistent.

    Also, the "No Access" page has an encouragement to sign up for Premium access. I don't think I'd want every 404 error to return that same content. It seems important to differentiate between pages that are restricted and pages that actually don't exist.

  • teleotic
    • New Recruit

    OK, I've delved into the Membership plugin internals and figured this out.

    Basically, the plugin filters out restricted content by removing the given page's ID from wp_query. This works fine for a loop of posts -- the given post magically disappears from the list of posts displayed. But if we're looking at one page, which by definition only contains one item, and we filter out that item, wp_query returns no results and so a 404 is thrown up.

    So I've modified the plugin to check for pages and redirect instead. Yay open source! I've modified the add_unviewable_pages function in /membership/membershipincludes/includes/default.rules.php (starts at line 235):

    function add_unviewable_pages($wp_query) {
    		if(!in_array($wp_query->query_vars['post_type'], array('page','')) || empty($wp_query->query_vars['pagename'])) {
    		foreach( (array) $this->data as $key => $value ) {
    			if ( is_page( $value ) ) {
    				global $M_options;
    				$url = get_permalink( (int) $M_options['nocontent_page'] );
    				wp_safe_redirect( $url );
    			$wp_query->query_vars['post__not_in'][] = $value;
    		$wp_query->query_vars['post__not_in'] = array_unique($wp_query->query_vars['post__not_in']);

    The redirect code block is from the redirect() function used by URL Groups. Might be a more efficient way to code this, but hey, it works. I will likely make a similar change to the relevant Posts rule, to account for single posts (like permalink pages).

    Is there any way some similar functionality might be put in the official plugin?


  • Barry
    • DEV MAN’s Mascot

    I get what you're saying there, and it does make a certain sense, but if that's the case, why does content protected by a URL Group regex redirect to the "No Access" page correctly?

    Because it uses a different method of protection.

  • James Farmer
    • CEO (of WPMU DEV, honest)

    Hi Teleotic,

    As we haven't heard back from you we're going to assume the problem was sorted out and mark this thread as resolved.

    If it wasn't resolved, or you have any more questions related to this thread please feel free to post them below and tick the 'Mark as Not Resolved (re-open)' box below the post area (or else we'll miss it!)

    Otherwise, thanks for using the forums, and, as always, for being a member of WPMU DEV, it's a pleasure to help you out and we look forward to being of assistance in the future.

    Cheers, James

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.