Using a regular browser, the site is protected and behaves as it should. (The general public and anyone whose membership has not been moved to s2member_level1 can only see a limited set of pages.) However, when someone who is not logged in tries to go to http://site.com/foobar
, and there is a WP post called foobar-esque, I see the browser location briefly flicker with a http://site.com/foobar-esque
, then it forwards to the membership page.
The site is running up-to-date versions of WordPress, BuddyPress, BBPress, and s2Member. When I disabled all other plugins and returned to the default BP theme, the problem persisted. There is no inline content protection, only that provided by Restriction Options. Page and post ids are at Member Level 1, with the suggested BuddyPress URI restrictions also at Member Level 1.
When I am not logged in, there is still a way to view the entire site as if I were a logged-in user. Is this a normal behavior, and do I need to add inline content protection to all of the site templates?