diff --git a/src/main/java/org/nrg/xnat/security/DisableInactiveUsers.java b/src/main/java/org/nrg/xnat/security/DisableInactiveUsers.java
index 8dc949b3aa9917a1088e90d939c7da7f36ce61fc..6db3c22168cbd557a4a9513b949e779990ddf6a9 100644
--- a/src/main/java/org/nrg/xnat/security/DisableInactiveUsers.java
+++ b/src/main/java/org/nrg/xnat/security/DisableInactiveUsers.java
@@ -64,7 +64,8 @@ public class DisableInactiveUsers implements Runnable {
final UserI u = Users.getUser(username);
// Fixes XNAT-2407. Only disable user if they have not been recently modified (enabled).
- if (!hasUserBeenModified(u, _inactivityBeforeLockout)) {
+ // Also do not disable the guest user.
+ if (!hasUserBeenModified(u, _inactivityBeforeLockout) && !username.equals("guest")) {
u.setEnabled("0");
u.setVerified("0");
Users.save(u, adminUser, false, EventUtils.newEventInstance(EventUtils.CATEGORY.SIDE_ADMIN, EventUtils.TYPE.PROCESS, "Disabled due to inactivity"));
diff --git a/src/main/java/org/nrg/xnat/security/XnatProviderManager.java b/src/main/java/org/nrg/xnat/security/XnatProviderManager.java
index dcd35888412581ed145c64a36e82cbaaee41e377..1bbc6848f2882f787f5080dc1f233a8bacdc5c3a 100644
--- a/src/main/java/org/nrg/xnat/security/XnatProviderManager.java
+++ b/src/main/java/org/nrg/xnat/security/XnatProviderManager.java
@@ -332,7 +332,7 @@ public class XnatProviderManager extends ProviderManager {
*/
private synchronized void addFailedLoginAttempt(final Authentication auth) throws SiteConfigurationException {
XdatUserAuth ua = _manager.getUserByAuth(auth);
- if (ua != null) {
+ if (ua != null && !ua.getXdatUsername().equals("guest")) {
if (XDAT.getSiteConfigPreferences().getMaxFailedLogins() > 0) {
ua.setFailedLoginAttempts(ua.getFailedLoginAttempts() + 1);
ua.setLastLoginAttempt(new Date());