diff --git a/app/env.js b/app/env.js
index 1630f68..930d4d1 100644
--- a/app/env.js
+++ b/app/env.js
@@ -2,6 +2,10 @@ module.exports = {
 	cookiePassword: "0x000000000019d6689c085ae165831e934ff763ae46a2a6c172b3f1b60a8ce26f",
 	debug: false,
 
+	rpcBlacklist:[
+		"stop"
+	],
+
 	// Uncomment "bitcoind" below to automatically connect via RPC.
 	// Otherwise, you can manually connect via the UI.
 
diff --git a/routes/baseActionsRouter.js b/routes/baseActionsRouter.js
index e0fa594..64c6b7c 100644
--- a/routes/baseActionsRouter.js
+++ b/routes/baseActionsRouter.js
@@ -412,6 +412,14 @@ router.post("/rpc-terminal", function(req, res) {
 		}
 	});
 
+	if (env.rpcBlacklist.includes(cmd)) {
+		res.write("Sorry, that RPC command is blacklisted. If this is your server, you may allow this command by removing it from the 'rpcBlacklist' setting in env.js.", function() {
+			res.end();
+		});
+
+		return;
+	}
+
 	client.cmd([{method:cmd, params:parsedParams}], function(err, result, resHeaders) {
 		console.log("Result[1]: " + JSON.stringify(result, null, 4));
 		console.log("Error[2]: " + JSON.stringify(err, null, 4));
@@ -483,6 +491,14 @@ router.get("/rpc-browser", function(req, res) {
 
 					res.locals.argValues = argValues;
 
+					if (env.rpcBlacklist.includes(req.query.method)) {
+						res.locals.methodResult = "Sorry, that RPC command is blacklisted. If this is your server, you may allow this command by removing it from the 'rpcBlacklist' setting in env.js.";
+
+						res.render("browser");
+
+						return;
+					}
+
 					client.cmd([{method:req.query.method, params:argValues}], function(err3, result3, resHeaders3) {
 						if (err3) {
 							res.locals.methodResult = err3;