diff --git a/app/controllers/admin/users_controller.rb b/app/controllers/admin/users_controller.rb
index b9a24b38fd5..c43a3e8f05f 100644
--- a/app/controllers/admin/users_controller.rb
+++ b/app/controllers/admin/users_controller.rb
@@ -382,7 +382,7 @@ class Admin::UsersController < Admin::AdminController
         render json: {
           deleted: false,
           message: "User #{user.username} has #{user.post_count} posts, so they can't be deleted."
-        }
+        }, status: 403
       end
     end
   end
diff --git a/spec/controllers/admin/users_controller_spec.rb b/spec/controllers/admin/users_controller_spec.rb
index 9fb6329fc77..d026d7bfb53 100644
--- a/spec/controllers/admin/users_controller_spec.rb
+++ b/spec/controllers/admin/users_controller_spec.rb
@@ -531,7 +531,7 @@ describe Admin::UsersController do
 
         it "returns an api response that the user can't be deleted because it has posts" do
           delete :destroy, params: { id: delete_me.id }, format: :json
-          expect(response).to be_success
+          expect(response).to be_forbidden
           json = ::JSON.parse(response.body)
           expect(json['deleted']).to eq(false)
         end