diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md
index 38870b2bd4..16b20ad155 100644
--- a/docs/CHANGELOG.md
+++ b/docs/CHANGELOG.md
@@ -6,6 +6,7 @@
 
 * Split search items in WebUI into optgroup categories
 * Add en_AU as a locale
+* Require confirmation on enable/disable user links
 
 ### Changed
 
diff --git a/public/admin/users.php b/public/admin/users.php
index 3ca5d06db0..fbd02237d7 100644
--- a/public/admin/users.php
+++ b/public/admin/users.php
@@ -25,6 +25,8 @@
 
 use Ampache\Module\Application\Admin\User\AddUserAction;
 use Ampache\Module\Application\Admin\User\ConfirmDeleteAction;
+use Ampache\Module\Application\Admin\User\ConfirmDisableAction;
+use Ampache\Module\Application\Admin\User\ConfirmEnableAction;
 use Ampache\Module\Application\Admin\User\DeleteAction;
 use Ampache\Module\Application\Admin\User\DeleteAvatarAction;
 use Ampache\Module\Application\Admin\User\DisableAction;
@@ -64,7 +66,9 @@
         ConfirmDeleteAction::REQUEST_KEY => ConfirmDeleteAction::class,
         ShowEditAction::REQUEST_KEY => ShowEditAction::class,
         DisableAction::REQUEST_KEY => DisableAction::class,
+        ConfirmDisableAction::REQUEST_KEY => ConfirmDisableAction::class,
         EnableAction::REQUEST_KEY => EnableAction::class,
+        ConfirmEnableAction::REQUEST_KEY => ConfirmEnableAction::class,
         AddUserAction::REQUEST_KEY => AddUserAction::class,
         UpdateUserAction::REQUEST_KEY => UpdateUserAction::class,
     ],
diff --git a/src/Module/Application/Admin/User/ConfirmDeleteAction.php b/src/Module/Application/Admin/User/ConfirmDeleteAction.php
index ef59237f18..1b284905fe 100644
--- a/src/Module/Application/Admin/User/ConfirmDeleteAction.php
+++ b/src/Module/Application/Admin/User/ConfirmDeleteAction.php
@@ -81,7 +81,6 @@ protected function handle(ServerRequestInterface $request): ?ResponseInterface
             );
         }
 
-
         $this->ui->showQueryStats();
         $this->ui->showFooter();
 
diff --git a/src/Module/Application/Admin/User/ConfirmDisableAction.php b/src/Module/Application/Admin/User/ConfirmDisableAction.php
new file mode 100644
index 0000000000..fb34977b4b
--- /dev/null
+++ b/src/Module/Application/Admin/User/ConfirmDisableAction.php
@@ -0,0 +1,94 @@
+<?php
+/*
+ * vim:set softtabstop=4 shiftwidth=4 expandtab:
+ *
+ * LICENSE: GNU Affero General Public License, version 3 (AGPL-3.0-or-later)
+ * Copyright 2001 - 2020 Ampache.org
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ *
+ */
+
+declare(strict_types=0);
+
+namespace Ampache\Module\Application\Admin\User;
+
+use Ampache\Config\ConfigContainerInterface;
+use Ampache\Config\ConfigurationKeyEnum;
+use Ampache\Module\User\UserStateTogglerInterface;
+use Ampache\Repository\Model\ModelFactoryInterface;
+use Ampache\Module\Application\Exception\AccessDeniedException;
+use Ampache\Module\System\Core;
+use Ampache\Module\Util\UiInterface;
+use Psr\Http\Message\ResponseInterface;
+use Psr\Http\Message\ServerRequestInterface;
+
+final class ConfirmDisableAction extends AbstractUserAction
+{
+    public const REQUEST_KEY = 'confirm_disable';
+
+    private UiInterface $ui;
+
+    private ModelFactoryInterface $modelFactory;
+
+    private ConfigContainerInterface $configContainer;
+
+    private UserStateTogglerInterface $userStateToggler;
+
+    public function __construct(
+        UiInterface $ui,
+        ModelFactoryInterface $modelFactory,
+        ConfigContainerInterface $configContainer,
+        UserStateTogglerInterface $userStateToggler
+    ) {
+        $this->ui               = $ui;
+        $this->modelFactory     = $modelFactory;
+        $this->configContainer  = $configContainer;
+        $this->userStateToggler = $userStateToggler;
+    }
+
+    protected function handle(ServerRequestInterface $request): ?ResponseInterface
+    {
+        if ($this->configContainer->isFeatureEnabled(ConfigurationKeyEnum::DEMO_MODE) === true) {
+            return null;
+        }
+
+        if (!Core::form_verify('disable_user')) {
+            throw new AccessDeniedException();
+        }
+        $this->ui->showHeader();
+
+        $user = $this->modelFactory->createUser((int) Core::get_request('user_id'));
+
+        if ($this->userStateToggler->disable($user) === true) {
+            $this->ui->showConfirmation(
+                T_('No Problem'),
+                /* HINT: Username and fullname together: Username (fullname) */
+                sprintf(T_('%s (%s) has been disabled'), $user->username, $user->fullname),
+                'admin/users.php'
+            );
+        } else {
+            $this->ui->showConfirmation(
+                T_('There Was a Problem'),
+                T_('You need at least one active Administrator account'),
+                'admin/users.php'
+            );
+        }
+
+        $this->ui->showQueryStats();
+        $this->ui->showFooter();
+
+        return null;
+    }
+}
diff --git a/src/Module/Application/Admin/User/ConfirmEnableAction.php b/src/Module/Application/Admin/User/ConfirmEnableAction.php
new file mode 100644
index 0000000000..dde9e7d5db
--- /dev/null
+++ b/src/Module/Application/Admin/User/ConfirmEnableAction.php
@@ -0,0 +1,88 @@
+<?php
+/*
+ * vim:set softtabstop=4 shiftwidth=4 expandtab:
+ *
+ * LICENSE: GNU Affero General Public License, version 3 (AGPL-3.0-or-later)
+ * Copyright 2001 - 2020 Ampache.org
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ *
+ */
+
+declare(strict_types=0);
+
+namespace Ampache\Module\Application\Admin\User;
+
+use Ampache\Config\ConfigContainerInterface;
+use Ampache\Config\ConfigurationKeyEnum;
+use Ampache\Module\User\UserStateTogglerInterface;
+use Ampache\Repository\Model\ModelFactoryInterface;
+use Ampache\Module\Application\Exception\AccessDeniedException;
+use Ampache\Module\System\Core;
+use Ampache\Module\Util\UiInterface;
+use Psr\Http\Message\ResponseInterface;
+use Psr\Http\Message\ServerRequestInterface;
+
+final class ConfirmEnableAction extends AbstractUserAction
+{
+    public const REQUEST_KEY = 'confirm_enable';
+
+    private UiInterface $ui;
+
+    private ModelFactoryInterface $modelFactory;
+
+    private ConfigContainerInterface $configContainer;
+
+    private UserStateTogglerInterface $userStateToggler;
+
+    public function __construct(
+        UiInterface $ui,
+        ModelFactoryInterface $modelFactory,
+        ConfigContainerInterface $configContainer,
+        UserStateTogglerInterface $userStateToggler
+    ) {
+        $this->ui               = $ui;
+        $this->modelFactory     = $modelFactory;
+        $this->configContainer  = $configContainer;
+        $this->userStateToggler = $userStateToggler;
+    }
+
+    protected function handle(ServerRequestInterface $request): ?ResponseInterface
+    {
+        if ($this->configContainer->isFeatureEnabled(ConfigurationKeyEnum::DEMO_MODE) === true) {
+            return null;
+        }
+
+        if (!Core::form_verify('enable_user')) {
+            throw new AccessDeniedException();
+        }
+        $this->ui->showHeader();
+
+        $user = $this->modelFactory->createUser((int) Core::get_request('user_id'));
+
+        $this->userStateToggler->enable($user);
+
+        $this->ui->showConfirmation(
+            T_('No Problem'),
+            /* HINT: Username and fullname together: Username (fullname) */
+            sprintf(T_('%s (%s) has been enabled'), $user->username, $user->fullname),
+            'admin/users.php'
+        );
+
+        $this->ui->showQueryStats();
+        $this->ui->showFooter();
+
+        return null;
+    }
+}
diff --git a/src/Module/Application/Admin/User/DisableAction.php b/src/Module/Application/Admin/User/DisableAction.php
index 3db9088d33..1fba8b954c 100644
--- a/src/Module/Application/Admin/User/DisableAction.php
+++ b/src/Module/Application/Admin/User/DisableAction.php
@@ -25,7 +25,6 @@
 namespace Ampache\Module\Application\Admin\User;
 
 use Ampache\Repository\Model\ModelFactoryInterface;
-use Ampache\Module\User\UserStateTogglerInterface;
 use Ampache\Module\Util\UiInterface;
 use Psr\Http\Message\ResponseInterface;
 use Psr\Http\Message\ServerRequestInterface;
@@ -38,16 +37,12 @@ final class DisableAction extends AbstractUserAction
 
     private ModelFactoryInterface $modelFactory;
 
-    private UserStateTogglerInterface $userStateToggler;
-
     public function __construct(
         UiInterface $ui,
-        ModelFactoryInterface $modelFactory,
-        UserStateTogglerInterface $userStateToggler
+        ModelFactoryInterface $modelFactory
     ) {
         $this->ui               = $ui;
         $this->modelFactory     = $modelFactory;
-        $this->userStateToggler = $userStateToggler;
     }
 
     protected function handle(ServerRequestInterface $request): ?ResponseInterface
@@ -55,21 +50,17 @@ protected function handle(ServerRequestInterface $request): ?ResponseInterface
         $this->ui->showHeader();
 
         $user = $this->modelFactory->createUser((int) $request->getQueryParams()['user_id'] ?? 0);
-
-        if ($this->userStateToggler->disable($user) === true) {
-            $this->ui->showConfirmation(
-                T_('No Problem'),
-                /* HINT: Username and fullname together: Username (fullname) */
-                sprintf(T_('%s (%s) has been disabled'), $user->username, $user->fullname),
-                'admin/users.php'
-            );
-        } else {
-            $this->ui->showConfirmation(
-                T_('There Was a Problem'),
-                T_('You need at least one active Administrator account'),
-                'admin/users.php'
-            );
-        }
+        $this->ui->showConfirmation(
+            T_('Are You Sure?'),
+            /* HINT: User Fullname */
+            sprintf(T_('This will disable the user "%s"'), $user->fullname),
+            sprintf(
+                'admin/users.php?action=confirm_disable&amp;user_id=%s',
+                $user->id
+            ),
+            1,
+            'disable_user'
+        );
 
         $this->ui->showQueryStats();
         $this->ui->showFooter();
diff --git a/src/Module/Application/Admin/User/EnableAction.php b/src/Module/Application/Admin/User/EnableAction.php
index 9c5f2bd839..6d99e3c44c 100644
--- a/src/Module/Application/Admin/User/EnableAction.php
+++ b/src/Module/Application/Admin/User/EnableAction.php
@@ -60,14 +60,16 @@ protected function handle(ServerRequestInterface $request): ?ResponseInterface
         $this->ui->showHeader();
 
         $user = $this->modelFactory->createUser((int) $request->getQueryParams()['user_id'] ?? 0);
-
-        $this->userStateToggler->enable($user);
-
         $this->ui->showConfirmation(
-            T_('No Problem'),
-            /* HINT: Username and fullname together: Username (fullname) */
-            sprintf(T_('%s (%s) has been enabled'), $user->username, $user->fullname),
-            'admin/users.php'
+            T_('Are You Sure?'),
+            /* HINT: User Fullname */
+            sprintf(T_('This will enable the user "%s"'), $user->fullname),
+            sprintf(
+                'admin/users.php?action=confirm_enable&amp;user_id=%s',
+                $user->id
+            ),
+            1,
+            'enable_user'
         );
 
         $this->ui->showQueryStats();