diff --git a/src/website/admin.go b/src/website/admin.go
index 29c14c8..ef19ef2 100644
--- a/src/website/admin.go
+++ b/src/website/admin.go
@@ -345,6 +345,10 @@ func AdminApprovalQueueSubmit(c *RequestContext) ResponseData {
 		if err != nil {
 			return c.ErrorResponse(http.StatusInternalServerError, oops.New(err, "failed to delete spammer's projects"))
 		}
+		err = deleteAllSnippetsForUser(c, c.Conn, user.ID)
+		if err != nil {
+			return c.ErrorResponse(http.StatusInternalServerError, oops.New(err, "failed to delete spammer's snippets"))
+		}
 		whatHappened = fmt.Sprintf("%s banned successfully", user.Username)
 	} else {
 		whatHappened = fmt.Sprintf("Unrecognized action: %s", action)
@@ -537,3 +541,17 @@ func deleteAllProjectsForUser(ctx context.Context, conn *pgxpool.Pool, userId in
 
 	return nil
 }
+
+func deleteAllSnippetsForUser(ctx context.Context, conn *pgxpool.Pool, userId int) error {
+	_, err := conn.Exec(ctx,
+		`
+		DELETE FROM snippet
+		WHERE owner_id = $1
+		`,
+		userId,
+	)
+	if err != nil {
+		return oops.New(err, "failed to delete snippets for user")
+	}
+	return nil
+}
diff --git a/src/website/auth.go b/src/website/auth.go
index 2412d51..acfd179 100644
--- a/src/website/auth.go
+++ b/src/website/auth.go
@@ -471,7 +471,7 @@ func RequestPasswordResetSubmit(c *RequestContext) ResponseData {
 		}
 	}
 
-	if user != nil {
+	if user != nil && user.Status != models.UserStatusBanned {
 		c.Perf.StartBlock("SQL", "Fetching existing token")
 		resetToken, err := db.QueryOne[models.OneTimeToken](c, c.Conn,
 			`
@@ -679,6 +679,10 @@ func DoPasswordResetSubmit(c *RequestContext) ResponseData {
 }
 
 func tryLogin(c *RequestContext, user *models.User, password string) (bool, error) {
+	if user.Status == models.UserStatusBanned {
+		return false, nil
+	}
+
 	c.Perf.StartBlock("AUTH", "Checking password")
 	defer c.Perf.EndBlock()
 	hashed, err := auth.ParsePasswordString(user.Password)