diff --git a/install/install.php b/install/install.php
index 1b55a3dae6724dd3cf8b124f197c133c93ab6017..50e19e943e66f3e00a36bdc86396c7c527a71b4f 100644
--- a/install/install.php
+++ b/install/install.php
@@ -551,8 +551,9 @@ if($install_mode == 'standard' || strtolower($inst->simple_query('Install ISPCon
 
 	//** Customise the port ISPConfig runs on
 	$ispconfig_vhost_port = $inst->free_query('ISPConfig Port', '8080','ispconfig_port');
-	$conf['interface_password'] = $inst->free_query('Admin password', 'admin','ispconfig_admin_password');
-	if($conf['interface_password'] != 'admin') {
+	$temp_admin_password = str_shuffle(bin2hex(openssl_random_pseudo_bytes(4)));
+	$conf['interface_password'] = $inst->free_query('Admin password', $temp_admin_password, 'ispconfig_admin_password');
+	if($conf['interface_password'] != $temp_admin_password) {
 		$check = false;
 		do {
 			unset($temp_password);
@@ -563,6 +564,7 @@ if($install_mode == 'standard' || strtolower($inst->simple_query('Install ISPCon
 	}
 	unset($check);
 	unset($temp_password);
+	unset($temp_admin_password);
 	if($conf['apache']['installed'] == true) $conf['apache']['vhost_port']  = $ispconfig_vhost_port;
 	if($conf['nginx']['installed'] == true) $conf['nginx']['vhost_port']  = $ispconfig_vhost_port;
 	unset($ispconfig_vhost_port);
diff --git a/install/sql/incremental/upd_dev_collection.sql b/install/sql/incremental/upd_dev_collection.sql
index 8b137891791fe96927ad78e64b0aad7bded08bdc..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391 100644
--- a/install/sql/incremental/upd_dev_collection.sql
+++ b/install/sql/incremental/upd_dev_collection.sql
@@ -1 +0,0 @@
-
diff --git a/interface/web/remote/json.php b/interface/web/remote/json.php
index a7bad846c347f2f38925e6b3aa11245e2ed0e5b0..17bc41cd3b94c2ab09f0e4666716d5f2ca2bf73d 100644
--- a/interface/web/remote/json.php
+++ b/interface/web/remote/json.php
@@ -4,7 +4,13 @@ require_once '../../lib/config.inc.php';
 $conf['start_session'] = false;
 require_once '../../lib/app.inc.php';
 
-$app->load('json_handler');
+if($conf['demo_mode'] == true) $app->error('This function is disabled in demo mode.');
+
+$app->load('json_handler,getconf');
+
+$security_config = $app->getconf->get_security_config('permissions');
+if($security_config['remote_api_allowed'] != 'yes') die('Remote API is disabled in security settings.');
+
 $json_handler = new ISPConfigJSONHandler();
 $json_handler->run();