diff --git a/src/constants.js b/src/constants.js
index e3f4936dc..ef092e61c 100644
--- a/src/constants.js
+++ b/src/constants.js
@@ -20,6 +20,6 @@ exports = module.exports = {
 
     DEFAULT_MEMORY_LIMIT: (256 * 1024 * 1024), // see also client.js
 
-    DEMO_USER_ID: 'cloudron'
+    DEMO_USERNAME: 'cloudron'
 };
 
diff --git a/src/user.js b/src/user.js
index 5f259e31b..23f002fa6 100644
--- a/src/user.js
+++ b/src/user.js
@@ -262,11 +262,11 @@ function removeUser(userId, auditSource, callback) {
     assert.strictEqual(typeof auditSource, 'object');
     assert.strictEqual(typeof callback, 'function');
 
-    if (config.isDemo() && userId === constants.DEMO_USER_ID) return callback(new UserError(UserError.BAD_FIELD, 'Not allowed in demo mode'));
-
     getUser(userId, function (error, user) {
         if (error) return callback(error);
 
+        if (config.isDemo() && user.username === constants.DEMO_USERNAME) return callback(new UserError(UserError.BAD_FIELD, 'Not allowed in demo mode'));
+
         userdb.del(userId, function (error) {
             if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new UserError(UserError.NOT_FOUND));
             if (error) return callback(new UserError(UserError.INTERNAL_ERROR, error));
@@ -349,8 +349,6 @@ function updateUser(userId, data, auditSource, callback) {
 
     if (_.isEmpty(data)) return callback();
 
-    if (config.isDemo() && userId === constants.DEMO_USER_ID) return callback(new UserError(UserError.BAD_FIELD, 'Not allowed in demo mode'));
-
     if (data.username) {
         data.username = data.username.toLowerCase();
         error = validateUsername(data.username);
@@ -447,12 +445,12 @@ function setPassword(userId, newPassword, callback) {
     var error = validatePassword(newPassword);
     if (error) return callback(new UserError(UserError.BAD_FIELD, error.message));
 
-    if (config.isDemo() && userId === constants.DEMO_USER_ID) return callback(new UserError(UserError.BAD_FIELD, 'Not allowed in demo mode'));
-
     userdb.get(userId, function (error, user) {
         if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new UserError(UserError.NOT_FOUND));
         if (error) return callback(new UserError(UserError.INTERNAL_ERROR, error));
 
+        if (config.isDemo() && user.username === constants.DEMO_USERNAME) return callback(new UserError(UserError.BAD_FIELD, 'Not allowed in demo mode'));
+
         var saltBuffer = new Buffer(user.salt, 'hex');
         crypto.pbkdf2(newPassword, saltBuffer, CRYPTO_ITERATIONS, CRYPTO_KEY_LENGTH, function (error, derivedKey) {
             if (error) return callback(new UserError(UserError.INTERNAL_ERROR, error));