diff --git a/www/shutdownRemoteFPP.php b/www/shutdownRemoteFPP.php
index 7f04db0a4..8db351c12 100644
--- a/www/shutdownRemoteFPP.php
+++ b/www/shutdownRemoteFPP.php
@@ -13,7 +13,8 @@
 $ip = $_GET['ip'];
 
 if(! filter_var($ip, FILTER_VALIDATE_IP)) {
-    echo "$ip is not a valid IP address\n";
+    $clean_ip = htmlspecialchars($ip, ENT_QUOTES, 'UTF-8');
+    echo "$clean_ip is not a valid IP address\n";
     exit(0);
 }