diff --git a/src/main/java/run/halo/app/config/HaloConfiguration.java b/src/main/java/run/halo/app/config/HaloConfiguration.java
index b67f36e14..a76026ca2 100644
--- a/src/main/java/run/halo/app/config/HaloConfiguration.java
+++ b/src/main/java/run/halo/app/config/HaloConfiguration.java
@@ -21,6 +21,7 @@ import run.halo.app.security.filter.AdminAuthenticationFilter;
 import run.halo.app.security.filter.ApiAuthenticationFilter;
 import run.halo.app.security.handler.AdminAuthenticationFailureHandler;
 import run.halo.app.security.handler.DefaultAuthenticationFailureHandler;
+import run.halo.app.service.OptionService;
 import run.halo.app.service.UserService;
 import run.halo.app.utils.HttpClientUtils;
 
@@ -113,8 +114,9 @@ public class HaloConfiguration {
     public FilterRegistrationBean<AdminAuthenticationFilter> adminAuthenticationFilter(StringCacheStore cacheStore,
                                                                                        UserService userService,
                                                                                        HaloProperties haloProperties,
-                                                                                       ObjectMapper objectMapper) {
-        AdminAuthenticationFilter adminAuthenticationFilter = new AdminAuthenticationFilter(cacheStore, userService, haloProperties);
+                                                                                       ObjectMapper objectMapper,
+                                                                                       OptionService optionService) {
+        AdminAuthenticationFilter adminAuthenticationFilter = new AdminAuthenticationFilter(cacheStore, userService, haloProperties, optionService);
 
         AdminAuthenticationFailureHandler failureHandler = new AdminAuthenticationFailureHandler();
         failureHandler.setProductionEnv(haloProperties.isProductionEnv());
diff --git a/src/main/java/run/halo/app/controller/admin/api/AdminController.java b/src/main/java/run/halo/app/controller/admin/api/AdminController.java
index b6457ca1c..f9b1e3261 100644
--- a/src/main/java/run/halo/app/controller/admin/api/AdminController.java
+++ b/src/main/java/run/halo/app/controller/admin/api/AdminController.java
@@ -39,8 +39,9 @@ public class AdminController {
         return adminService.getCount();
     }
 
-    @PostMapping("auth/login")
+    @PostMapping("login")
     @ApiOperation("Login")
+    @CacheLock
     public AuthToken auth(@RequestBody @Valid LoginParam loginParam) {
         return adminService.authenticate(loginParam);
     }
diff --git a/src/main/java/run/halo/app/exception/NotInstallException.java b/src/main/java/run/halo/app/exception/NotInstallException.java
new file mode 100644
index 000000000..0a0e54d52
--- /dev/null
+++ b/src/main/java/run/halo/app/exception/NotInstallException.java
@@ -0,0 +1,18 @@
+package run.halo.app.exception;
+
+/**
+ * Not install exception.
+ *
+ * @author johnniang
+ * @date 19-4-29
+ */
+public class NotInstallException extends BadRequestException {
+
+    public NotInstallException(String message) {
+        super(message);
+    }
+
+    public NotInstallException(String message, Throwable cause) {
+        super(message, cause);
+    }
+}
diff --git a/src/main/java/run/halo/app/security/filter/AdminAuthenticationFilter.java b/src/main/java/run/halo/app/security/filter/AdminAuthenticationFilter.java
index 54d38cb4d..2c08c318e 100644
--- a/src/main/java/run/halo/app/security/filter/AdminAuthenticationFilter.java
+++ b/src/main/java/run/halo/app/security/filter/AdminAuthenticationFilter.java
@@ -9,12 +9,15 @@ import org.springframework.util.Assert;
 import run.halo.app.cache.StringCacheStore;
 import run.halo.app.config.properties.HaloProperties;
 import run.halo.app.exception.AuthenticationException;
+import run.halo.app.exception.NotInstallException;
 import run.halo.app.model.entity.User;
+import run.halo.app.model.properties.PrimaryProperties;
 import run.halo.app.security.authentication.AuthenticationImpl;
 import run.halo.app.security.context.SecurityContextHolder;
 import run.halo.app.security.context.SecurityContextImpl;
 import run.halo.app.security.support.UserDetail;
 import run.halo.app.security.util.SecurityUtils;
+import run.halo.app.service.OptionService;
 import run.halo.app.service.UserService;
 
 import javax.servlet.FilterChain;
@@ -22,7 +25,6 @@ import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
-import java.util.List;
 import java.util.Optional;
 
 /**
@@ -64,25 +66,35 @@ public class AdminAuthenticationFilter extends AbstractAuthenticationFilter {
 
     private final UserService userService;
 
+    private final OptionService optionService;
+
     public AdminAuthenticationFilter(StringCacheStore cacheStore,
                                      UserService userService,
-                                     HaloProperties haloProperties) {
+                                     HaloProperties haloProperties,
+                                     OptionService optionService) {
         super(haloProperties);
         this.cacheStore = cacheStore;
         this.userService = userService;
         this.haloProperties = haloProperties;
+        this.optionService = optionService;
     }
 
     @Override
     protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
 
-        if (!haloProperties.isProductionEnv()) {
-            List<User> users = userService.listAll();
-            if (!users.isEmpty()) {
-                // Set security context
-                User user = users.get(0);
-                SecurityContextHolder.setContext(new SecurityContextImpl(new AuthenticationImpl(new UserDetail(user))));
-            }
+        // Check whether the blog is installed or not
+        Boolean isInstalled = optionService.getByPropertyOrDefault(PrimaryProperties.IS_INSTALLED, Boolean.class, false);
+
+        if (!isInstalled) {
+            // If not installed
+            getFailureHandler().onFailure(request, response, new NotInstallException("The blog has not been initialized yet!"));
+            return;
+        }
+
+        if (!haloProperties.isAuthEnabled()) {
+            userService.getCurrentUser().ifPresent(user ->
+                    SecurityContextHolder.setContext(new SecurityContextImpl(new AuthenticationImpl(new UserDetail(user)))));
+
             // If authentication disabled
             filterChain.doFilter(request, response);
             return;
@@ -141,6 +153,10 @@ public class AdminAuthenticationFilter extends AbstractAuthenticationFilter {
         // Get from param
         if (StringUtils.isBlank(token)) {
             token = request.getParameter(ADMIN_TOKEN_PARAM_NAME);
+
+            log.debug("Got token from parameter: [{}: {}]", ADMIN_TOKEN_PARAM_NAME, token);
+        } else {
+            log.debug("Got token from header: [{}: {}]", ADMIN_TOKEN_HEADER_NAME, token);
         }
 
         return token;
diff --git a/src/main/java/run/halo/app/service/impl/AdminServiceImpl.java b/src/main/java/run/halo/app/service/impl/AdminServiceImpl.java
index 6dc4fdc26..2c5782412 100644
--- a/src/main/java/run/halo/app/service/impl/AdminServiceImpl.java
+++ b/src/main/java/run/halo/app/service/impl/AdminServiceImpl.java
@@ -78,7 +78,7 @@ public class AdminServiceImpl implements AdminService {
 
         if (SecurityContextHolder.getContext().isAuthenticated()) {
             // If the user has been logged in
-            throw new BadRequestException("您已经登录，无需重复登录");
+            throw new BadRequestException("You have been logged in, do not log in repeatedly please");
         }
 
         String username = loginParam.getUsername();