diff --git a/classes/controller.php b/classes/controller.php
index 2fcad937..8fe6177c 100644
--- a/classes/controller.php
+++ b/classes/controller.php
@@ -86,12 +86,20 @@ class AdminController
      */
     public function execute()
     {
-        if (strtolower($_SERVER['REQUEST_METHOD']) == 'post') {
-            if (method_exists('Grav\Common\Utils', 'getNonce')) {
+        if (method_exists('Grav\Common\Utils', 'getNonce')) {
+            if (strtolower($_SERVER['REQUEST_METHOD']) == 'post') {
                 if (!isset($this->post['admin-nonce']) || !Utils::verifyNonce($this->post['admin-nonce'], 'admin-form')) {
                     $this->admin->setMessage('Unauthorized', 'error');
                     return false;
                 }
+            } else {
+               if ($this->task == 'logout') {
+                    $nonce = $this->grav['uri']->param('logout-nonce');
+                    $nonce = str_replace('SLASH', '/', $nonce);
+                    if (!isset($nonce) || !Utils::verifyNonce($nonce, 'logout-form')) {
+                        return;
+                    }
+                }
             }
         }
 
diff --git a/themes/grav/templates/partials/nav.html.twig b/themes/grav/templates/partials/nav.html.twig
index b1252f64..6777aeaf 100644
--- a/themes/grav/templates/partials/nav.html.twig
+++ b/themes/grav/templates/partials/nav.html.twig
@@ -81,7 +81,7 @@
             </a>
         </li> -->
         <li>
-            <a href="{{ base_url_relative }}/task{{ config.system.param_sep }}logout"><i class="fa fa-fw fa-sign-out"></i> {{ "PLUGIN_ADMIN.LOGOUT"|tu }}</a>
+            <a href="{{ uri.addNonce(base_url_relative ~ '/task' ~ config.system.param_sep ~ 'logout', 'logout-form', 'logout-nonce') }}"><i class="fa fa-fw fa-sign-out"></i> {{ "PLUGIN_ADMIN.LOGOUT"|tu }}</a>
         </li>
     </ul>
 </nav>