diff --git a/src/middleware/basicAuth.js b/src/middleware/basicAuth.js
index 4022132a0..b18db1209 100644
--- a/src/middleware/basicAuth.js
+++ b/src/middleware/basicAuth.js
@@ -36,12 +36,12 @@ const basicAuthMiddleware = async function (request, response, callback) {
     } else if (PER_USER_BASIC_AUTH) {
         const userHandles = await getAllUserHandles();
         for (const userHandle of userHandles) {
-            if (username == userHandle) {
+            if (username === userHandle) {
                 const user = await storage.getItem(toKey(userHandle));
-                if (user && (user.password && user.password === getPasswordHash(password, user.salt))) {
+                if (user && user.enabled && (user.password && user.password === getPasswordHash(password, user.salt))) {
                     return callback();
                 }
-                else if (user && !user.password && !password) {
+                else if (user && user.enabled && !user.password && !password) {
                     // Login to an account without password
                     return callback();
                 }
diff --git a/src/users.js b/src/users.js
index c3a98e02e..8c3c19749 100644
--- a/src/users.js
+++ b/src/users.js
@@ -636,7 +636,7 @@ async function autheliaUserLogin(request) {
     for (const userHandle of userHandles) {
         if (remoteUser == userHandle) {
             const user = await storage.getItem(toKey(userHandle));
-            if (user) {
+            if (user && user.enabled) {
                 request.session.handle = userHandle;
                 return true;
             }