diff --git a/edit/password_protect.php b/edit/password_protect.php
index 7aab606..f9890cb 100644
--- a/edit/password_protect.php
+++ b/edit/password_protect.php
@@ -8,7 +8,12 @@
 // Load settings
 
 // Demand HTTPS
-if (!isset($_SERVER['HTTPS']) or $_SERVER['HTTPS'] != 'on') header("Location: ../");
+if (!isset($_SERVER['HTTPS']) or $_SERVER['HTTPS'] != 'on') {
+    header("Location: ../"); exit;
+}
+
+// Ensure file for user settings is 0644.
+if (substr(sprintf('%o', fileperms(__DIR__ . '/../data/users.json')), -4) != 0600) chmod(__DIR__ . '/../data/users.json', 0600);
 
 // Get available login information
 
@@ -72,6 +77,8 @@ function logout() {
  */
 function logLogin() {
     file_put_contents(loginLogFile, $_SESSION['username'].'|'.date("Y-m-d H:i:s").PHP_EOL, FILE_APPEND | LOCK_EX);
+    // Ensure file for user settings is 0644.
+    if (substr(sprintf('%o', fileperms(loginLogFile)), -4) != 0600) chmod(loginLogFile, 0600);
 }
 
 /**