diff --git a/CTFd/auth.py b/CTFd/auth.py
index 870799f0..aacea14b 100644
--- a/CTFd/auth.py
+++ b/CTFd/auth.py
@@ -189,6 +189,14 @@ def register():
     if current_user.authed():
         return redirect(url_for("challenges.listing"))
 
+    num_users_limit = int(get_config("num_users", default=0))
+    num_users = Users.query.filter_by(banned=False, hidden=False).count()
+    if num_users_limit and num_users >= num_users_limit:
+        abort(
+            403,
+            description=f"Reached the maximum number of users ({num_users_limit}).",
+        )
+
     if request.method == "POST":
         name = request.form.get("name", "").strip()
         email_address = request.form.get("email", "").strip().lower()
@@ -211,14 +219,6 @@ def register():
         valid_email = validators.validate_email(email_address)
         team_name_email_check = validators.validate_email(name)
 
-        num_users_limit = int(get_config("num_users", default=0))
-        num_users = Users.query.filter_by(banned=False, hidden=False).count()
-        if num_users_limit and num_users >= num_users_limit:
-            abort(
-                403,
-                description=f"Reached the maximum number of users ({num_users_limit}).",
-            )
-
         if get_config("registration_code"):
             if (
                 registration_code.lower()
diff --git a/tests/users/test_users.py b/tests/users/test_users.py
index 3419843b..22e3c883 100644
--- a/tests/users/test_users.py
+++ b/tests/users/test_users.py
@@ -2,6 +2,7 @@
 # -*- coding: utf-8 -*-
 
 from CTFd.models import Users
+from CTFd.utils import set_config
 from tests.helpers import (
     create_ctfd,
     destroy_ctfd,
@@ -107,3 +108,44 @@ def test_hidden_user_visibility():
             response = r.get_data(as_text=True)
             assert user_name in response
     destroy_ctfd(app)
+
+
+def test_num_users_limit():
+    """Only num_users users can be created"""
+    app = create_ctfd()
+    with app.app_context():
+        set_config("num_users", 1)
+
+        register_user(app)
+        with app.test_client() as client:
+            r = client.get("/register")
+            assert r.status_code == 403
+
+            # team should be blocked from creation
+            with client.session_transaction() as sess:
+                data = {
+                    "name": "user",
+                    "email": "user@examplectf.com",
+                    "password": "password",
+                    "nonce": sess.get("nonce"),
+                }
+            r = client.post("/register", data=data)
+            resp = r.get_data(as_text=True)
+            # This number is 2 to account for the admin and the registered user
+            assert Users.query.count() == 2
+            assert "Reached the maximum number of users" in resp
+
+            # Can the team be created after the num has been bumped
+            set_config("num_users", 2)
+            with client.session_transaction() as sess:
+                data = {
+                    "name": "user1",
+                    "email": "user1@examplectf.com",
+                    "password": "password",
+                    "nonce": sess.get("nonce"),
+                }
+            r = client.post("/register", data=data)
+            resp = r.get_data(as_text=True)
+            assert r.status_code == 302
+            assert Users.query.count() == 3
+    destroy_ctfd(app)