diff --git a/app/controllers/stats_controller.rb b/app/controllers/stats_controller.rb
index c33f6843e..1e76feb42 100644
--- a/app/controllers/stats_controller.rb
+++ b/app/controllers/stats_controller.rb
@@ -1,5 +1,14 @@
 class StatsController < ApplicationController
+  skip_authorization_check
+  before_action :verify_administrator
+
   def show
     @event_types = Ahoy::Event.select(:name).uniq.pluck(:name)
   end
+
+  private
+
+    def verify_administrator
+      raise CanCan::AccessDenied unless current_user.try(:administrator?)
+    end
 end