MemberPress rules are the foundation of any membership site, determining which users can access which content based on their active subscriptions. When configured correctly, unauthorized users should be redirected to a login page or see a custom access denied message. However, sometimes rules seem to have no effect at all, and protected content remains accessible to everyone, including visitors who are not logged in and have no active membership.
This problem can be a serious security issue, especially if the protected content includes premium courses, exclusive downloads, or sensitive member data. The issue may affect all rules or only specific ones, and it may appear suddenly after updating MemberPress, changing the WordPress theme, or installing a new caching plugin. Understanding why MemberPress rules fail to protect content is essential for maintaining a secure membership site.
The most common cause of this problem is that rules are being overridden by other rules with higher priority, or that the content is being cached and served to all users regardless of their membership status. Another cause is that the MemberPress rules have not been built correctly after being added, or that the WordPress rewrite rules need to be flushed.
Why MemberPress rules fail to protect content
MemberPress rules are evaluated in order of priority, with more specific rules taking precedence over general rules. If a general rule grants access to all content (like a rule for the entire site) and a more specific rule restricts access to a particular page, the general rule will win. This is a common configuration mistake where site owners add a broad “allow all” rule and then wonder why their restrictive rules are not working.
Another common cause is that caching plugins are serving cached versions of protected pages to all visitors. When a page is cached, the HTML is stored and served without checking the user’s membership status. This means that the first visitor to load the page (who may be an admin or a paying member) generates a cached version that is then served to everyone, including unauthorized users. Excluding protected pages from caching is essential for proper rule enforcement .
MemberPress rules may also need to be rebuilt after being added or modified. The MemberPress tools menu includes a “Build Rules” option that regenerates the rewrite rules for all protected content. Failing to run this after making changes can result in rules that do not take effect. Additionally, changes to WordPress permalinks or the addition of new custom post types may require the rules to be rebuilt.
How to check if a MemberPress rule is being applied correctly
Go to MemberPress → Rules and locate the rule that should be protecting the content. Check the “Priority” column to see where it falls in the order of evaluation. Rules with lower numbers (higher priority) are evaluated first. If a rule with higher priority (lower number) grants access, it will override more restrictive rules. You can drag and drop rules to reorder them, placing more restrictive rules at the top of the list.
Step by step guide to fixing MemberPress rule problems
Follow these steps in order to restore proper content protection in MemberPress. Start with the simplest solutions before moving to more advanced troubleshooting steps.
- Check the order of your rules and ensure restrictive rules have higher priority (lower numbers)
- Go to MemberPress → Settings → Tools and click the “Build Rules” button to regenerate rewrite rules
- Clear all caches including plugin cache, CDN cache, and browser cache completely
- Exclude all protected pages from caching plugins (add URLs to never-cache lists)
- Test the protected content in an incognito browser window (not logged in) to verify protection
- Temporarily disable all other plugins to test for conflicts with MemberPress rules
- Switch to a default WordPress theme to test if the theme interferes with rule evaluation
- Go to Settings → Permalinks and click “Save Changes” to flush WordPress rewrite rules
- Update MemberPress to the latest version available from the official website
- Contact MemberPress support with specific details about which rules are not working
How to exclude protected pages from caching plugins
In WP Rocket, navigate to Settings → WP Rocket → Advanced → Never Cache URLs and add the URLs of all protected pages. Use wildcards like /members/* and /protected/* to cover entire sections. In LiteSpeed Cache, go to Cache → Excludes → Do Not Cache URIs and add the same patterns. In W3 Total Cache, go to Performance → Page Cache → Advanced → Never cache the following pages and add the URL patterns. After adding these exclusions, clear all caches and test content protection again.
MemberPress rule troubleshooting reference table
Here is a reference table for diagnosing rule problems in MemberPress based on specific symptoms you might encounter.
| Symptom | Most likely cause | Recommended solution | Protected content accessible to all visitors | General rule overriding restrictive rules | Reorder rules so restrictive rules have higher priority | Content protected but logged-in members also blocked | Rule condition not matching member’s subscription | Check that the member has the correct active membership | Protection works sometimes, fails other times | Caching serving protected content to all users | Exclude protected pages from caching | New rules not taking effect at all | Rewrite rules not built or not flushed | Build rules in MemberPress tools and save permalinks |
|---|
For more information about MemberPress rule configuration, visit the MemberPress page on wpwizzy.com.
Preventing MemberPress rule problems in the future
Always plan your rule hierarchy before creating rules, placing more restrictive rules at the top of the priority list. After adding or modifying any rule, always rebuild rules from the MemberPress tools menu and flush permalinks by saving the permalink settings. Exclude all protected pages from caching plugins as soon as the site is launched, and test content protection after every plugin or theme update to catch issues early.
Use a staging website to test major changes before applying them to the live production site, and regularly review your rules to ensure they still match your membership structure. Document the rule hierarchy for future reference, and keep MemberPress and all other plugins updated to their latest versions on a regular schedule. Consider using a security plugin that can detect and report unauthorized access attempts.