diff --git a/public/language/en_GB/global.json b/public/language/en_GB/global.json
index eab8e045a9..5f77009ca0 100644
--- a/public/language/en_GB/global.json
+++ b/public/language/en_GB/global.json
@@ -3,7 +3,8 @@
 	"search": "Search",
 	"buttons.close": "Close",
 	"403.title": "Access Denied",
-	"403.message": "You seem to have stumbled upon a page that you do not have access to. Perhaps you should <a href='/login'>try logging in</a>?",
+	"403.message": "You seem to have stumbled upon a page that you do not have access to.",
+	"403.login": "Perhaps you should <a href='/login'>try logging in</a>?",
 	"404.title": "Not Found",
 	"404.message": "You seem to have stumbled upon a page that does not exist. Return to the <a href='/'>home page</a>.",
 	"500.title": "Internal error.",
diff --git a/public/src/ajaxify.js b/public/src/ajaxify.js
index 51a8d0a64d..a5cc3f0386 100644
--- a/public/src/ajaxify.js
+++ b/public/src/ajaxify.js
@@ -28,15 +28,12 @@ $(document).ready(function() {
 				textStatus = err.textStatus;
 
 			if (data) {
-				if (data.status === 404 || data.status === 500) {
+				if (data.status === 403 || data.status === 404 || data.status === 500) {
 					$('#footer, #content').removeClass('hide').addClass('ajaxifying');
 					return renderTemplate(url, data.status.toString(), data.responseJSON, (new Date()).getTime(), callback);
 				} else if (data.status === 401) {
 					app.alertError('[[global:please_log_in]]');
 					return ajaxify.go('login');
-				} else if (data.status === 403) {
-					$('#content, #footer').removeClass('ajaxifying');
-					app.alertError('[[error:no-privileges]]');
 				} else if (data.status === 302) {
 					return ajaxify.go(data.responseJSON.slice(1), callback, quiet);
 				}
@@ -70,7 +67,7 @@ $(document).ready(function() {
 			if (ajaxify.isTemplateAvailable(tpl_url) && !!!templatesModule.config.force_refresh[tpl_url]) {
 				ajaxify.currentPage = url;
 
-				if (window.history && window.history.pushState && url !== '404') {
+				if (window.history && window.history.pushState) {
 					window.history[!quiet ? 'pushState' : 'replaceState']({
 						url: url + hash
 					}, url, RELATIVE_PATH + '/' + url + hash);
@@ -219,7 +216,6 @@ $(document).ready(function() {
 				cache: false,
 				success: function(data) {
 					if (!data) {
-						ajaxify.go('404');
 						return;
 					}
 
diff --git a/src/controllers/helpers.js b/src/controllers/helpers.js
index 7d7c8f321d..bf668e07ad 100644
--- a/src/controllers/helpers.js
+++ b/src/controllers/helpers.js
@@ -12,14 +12,14 @@ helpers.notFound = function(req, res, error) {
 	}
 };
 
-helpers.notAllowed = function(req, res) {
+helpers.notAllowed = function(req, res, error) {
 	var uid = req.user ? req.user.uid : 0;
 
 	if (uid) {
 		if (res.locals.isAPI) {
-			res.status(403).json('not-allowed');
+			res.status(403).json({path: req.path.replace(/^\/api/, ''), loggedIn: !!uid, error: error});
 		} else {
-			res.status(403).render('403');
+			res.status(403).render('403', {path: req.path, loggedIn: !!uid, error: error});
 		}
 	} else {
 		if (res.locals.isAPI) {
diff --git a/src/middleware/admin.js b/src/middleware/admin.js
index 2c5acc16fb..ed39aa822f 100644
--- a/src/middleware/admin.js
+++ b/src/middleware/admin.js
@@ -10,27 +10,22 @@ var app,
 	plugins = require('../plugins'),
 
 	controllers = {
-		api: require('../controllers/api')
+		api: require('../controllers/api'),
+		helpers: require('../controllers/helpers')
 	};
 
 
 middleware.isAdmin = function(req, res, next) {
 	if (!req.user) {
-		return res.status(404).json({
-			error: 'not-found'
-		});
+		return controllers.helpers.notAllowed(req, res);
 	}
 
 	user.isAdministrator((req.user && req.user.uid) ? req.user.uid : 0, function (err, isAdmin) {
-		if (err) {
+		if (err || isAdmin) {
 			return next(err);
 		}
 
-		if (!isAdmin) {
-			res.status(403).redirect(nconf.get('relative_path') + '/403');
-		} else {
-			next();
-		}
+		controllers.helpers.notAllowed(req, res);
 	});
 };
 
diff --git a/src/routes/admin.js b/src/routes/admin.js
index ccda470788..aa8e20b676 100644
--- a/src/routes/admin.js
+++ b/src/routes/admin.js
@@ -22,9 +22,6 @@ function adminRouter(middleware, controllers) {
 	var router = express.Router();
 
 	router.use(middleware.applyCSRF);
-	router.use(middleware.admin.buildHeader);
-
-	router.get('/', controllers.admin.home);
 
 	addRoutes(router, middleware, controllers);
 
@@ -42,6 +39,7 @@ function apiRouter(middleware, controllers) {
 }
 
 function addRoutes(router, middleware, controllers) {
+	router.get('/', controllers.admin.home);
 	router.get('/general/dashboard', controllers.admin.home);
 	router.get('/general/languages', controllers.admin.languages.get);
 	router.get('/general/sounds', controllers.admin.sounds.get);
diff --git a/src/routes/index.js b/src/routes/index.js
index b9f9b70ff8..67553855c4 100644
--- a/src/routes/index.js
+++ b/src/routes/index.js
@@ -119,8 +119,8 @@ module.exports = function(app, middleware) {
 	app.use(middleware.maintenanceMode);
 
 	app.all(relativePath + '/api/?*', middleware.prepareAPI);
-	app.all(relativePath + '/api/admin/*', middleware.admin.isAdmin, middleware.prepareAPI);
-	app.all(relativePath + '/admin/?*', middleware.ensureLoggedIn, middleware.admin.isAdmin);
+	app.all(relativePath + '/api/admin/?*', middleware.admin.isAdmin, middleware.prepareAPI);
+	app.all(relativePath + '/admin/?*', middleware.ensureLoggedIn, middleware.buildHeader, middleware.admin.isAdmin);
 
 	adminRoutes(router, middleware, controllers);
 	metaRoutes(router, middleware, controllers);
diff --git a/src/views/403.tpl b/src/views/403.tpl
index 954637c16c..818cfd7d53 100644
--- a/src/views/403.tpl
+++ b/src/views/403.tpl
@@ -5,4 +5,8 @@
 	<!-- ELSE -->
 	<p>[[global:403.message]]</p>
 	<!-- ENDIF error -->
+
+	<!-- IF !loggedIn -->
+	<p>[[global:403.login]]</p>
+	<!-- ENDIF !loggedIn -->
 </div>
\ No newline at end of file