diff --git a/app/policies/user_policy.rb b/app/policies/user_policy.rb
index 2814fde68..0c9c0469c 100644
--- a/app/policies/user_policy.rb
+++ b/app/policies/user_policy.rb
@@ -1,6 +1,6 @@
 class UserPolicy < ApplicationPolicy
   def create?
-    !sockpuppet?
+    user.is_anonymous? && !sockpuppet?
   end
 
   def update?
diff --git a/test/functional/users_controller_test.rb b/test/functional/users_controller_test.rb
index 027d22ba8..c342a98a0 100644
--- a/test/functional/users_controller_test.rb
+++ b/test/functional/users_controller_test.rb
@@ -165,6 +165,11 @@ class UsersControllerTest < ActionDispatch::IntegrationTest
         assert_no_enqueued_emails
       end
 
+      should "not allow logged in users to create a new account" do
+        post_auth users_path, @user, params: { user: { name: "xxx", password: "xxxxx1", password_confirmation: "xxxxx1" }}
+        assert_response 403
+      end
+
       should "create a user with a valid email" do
         post users_path, params: { user: { name: "xxx", password: "xxxxx1", password_confirmation: "xxxxx1", email: "webmaster@danbooru.donmai.us" }}