diff --git a/server/controllers/StatsController.js b/server/controllers/StatsController.js
index 36df4330..32ed1973 100644
--- a/server/controllers/StatsController.js
+++ b/server/controllers/StatsController.js
@@ -65,7 +65,7 @@ class StatsController {
    */
   async middleware(req, res, next) {
     if (!req.user.isAdminOrUp) {
-      Logger.error(`[StatsController] Non-root user "${req.user.username}" attempted to access stats route`)
+      Logger.error(`[StatsController] Non-admin user "${req.user.username}" attempted to access stats route`)
       return res.sendStatus(403)
     }
 
diff --git a/server/routers/ApiRouter.js b/server/routers/ApiRouter.js
index 67a2ffbc..ecb1555f 100644
--- a/server/routers/ApiRouter.js
+++ b/server/routers/ApiRouter.js
@@ -322,8 +322,8 @@ class ApiRouter {
     //
     // Stats Routes
     //
-    this.router.get('/stats/year/:year', StatsController.getAdminStatsForYear.bind(this))
-    this.router.get('/stats/server', StatsController.getServerStats.bind(this))
+    this.router.get('/stats/year/:year', StatsController.middleware.bind(this), StatsController.getAdminStatsForYear.bind(this))
+    this.router.get('/stats/server', StatsController.middleware.bind(this), StatsController.getServerStats.bind(this))
 
     //
     // Misc Routes