diff --git a/docs/changelog/6.x.x.txt b/docs/changelog/6.x.x.txt
index 7e3799bf7..a296502eb 100644
--- a/docs/changelog/6.x.x.txt
+++ b/docs/changelog/6.x.x.txt
@@ -50,6 +50,9 @@
  - fixed a bug where uploaded files would give an Auth Required regardless of
    the user being in the view group or not (Martin Kamerbeek / Procolix)
  - fix [ 1411210 ] HttpProxy Error (Thanks to Eric Kennedy for the patch)
+ - fixed a serious security bug that would allow user account creation
+   using a well crafted url when anonymous registration is set to off.
+   (Thanks to Luke Bartholemy for the patch)
 
 6.8.5
  - fix [ 1396957 ] Insufficient privileges check on the DataForm
diff --git a/lib/WebGUI/Auth/WebGUI.pm b/lib/WebGUI/Auth/WebGUI.pm
index 8941277b0..51ecdbe49 100644
--- a/lib/WebGUI/Auth/WebGUI.pm
+++ b/lib/WebGUI/Auth/WebGUI.pm
@@ -194,15 +194,21 @@ sub createAccount {
 #-------------------------------------------------------------------
 sub createAccountSave {
    my $self = shift;
-   
-   return $self->displayAccount if ($self->session->user->userId ne "1");
-   
+   my $i18n = WebGUI::International->new($self->session);
+ 
+  return $self->displayAccount if ($self->session->user->userId ne "1");
+
+   #Make sure anonymous registration is enabled 
+   unless ($self->session->setting->get("anonymousRegistration")) {    
+     $self->session->errorHandler->security($i18n->get("no registration hack", "AuthWebGUI"));
+     return $self->displayLogin;
+   }
    my $username = $self->session->form->process('authWebGUI.username');
    my $password = $self->session->form->process('authWebGUI.identifier');
    my $passConfirm = $self->session->form->process('authWebGUI.identifierConfirm');
    
    my $error;
-	my $i18n = WebGUI::International->new($self->session);
+	
    $error = $self->error unless($self->validUsername($username));
 	if ($self->session->setting->get("webguiUseCaptcha")) {
 		unless ($self->session->form->process('authWebGUI.captcha.validation') eq Digest::MD5::md5_base64(lc($self->session->form->process('authWebGUI.captcha')))) {
diff --git a/lib/WebGUI/i18n/English/AuthWebGUI.pm b/lib/WebGUI/i18n/English/AuthWebGUI.pm
index 7d8cc613a..93866a1af 100644
--- a/lib/WebGUI/i18n/English/AuthWebGUI.pm
+++ b/lib/WebGUI/i18n/English/AuthWebGUI.pm
@@ -1,6 +1,11 @@
 package WebGUI::i18n::English::AuthWebGUI;
 
 our $I18N = {
+	'no registration hack' => {
+		message => q|complete anonymous registration by calling createAccountSave directly from the URL.|,
+		lastUpdated => 1078852836
+	
+	},
 	'account template' => {
 		message => q|Account Template|,
 		lastUpdated => 1078852836