diff --git a/post.php b/post.php
index 51141725..ae1361ce 100644
--- a/post.php
+++ b/post.php
@@ -512,8 +512,8 @@ function handle_delete()
 
             if (
                 $password != ''
-                && $post['password'] != $password
-                && (!$thread || $thread['password'] != $password)
+                && !hash_equals($post['password'], $password)
+                && (!$thread || !hash_equals($thread['password'], $password))
                 && !$is_mod
             ) {
                 error($config['error']['invalidpassword']);