diff --git a/config-sample.json b/config-sample.json
index 4c5fcc774f388da0a88e321a1a844b1d8b254570..825f83972228cc3535417dc38bc782fd424aa52d 100644
--- a/config-sample.json
+++ b/config-sample.json
@@ -1,4 +1,5 @@
 {
+  "command_user"  : "",
   "wp_endpoint"   : "",
   "wp_username"   : "",
   "wp_password"   : "",
diff --git a/index.js b/index.js
index 59190bb1177beb043bfbe8e129495e8b1e4744c4..d73db6037f72a410b58534f617530eebd5b1c782 100644
--- a/index.js
+++ b/index.js
@@ -28,7 +28,22 @@ app.get( '/', function( req, res ) {
 app.post( '/log', function( req, res ) {
 	// Don't bother if there's nothing to record
 	if ( 'undefined' === typeof req.body || 'undefined' === typeof req.body.text || ! req.body.text.length ) {
-		return res.sendStatus( 400 );
+		var response = {
+			"response_type": "ephemeral",
+			"text": "Please provide something to record."
+		};
+
+		return res.status( 400 ).send( response );
+	}
+
+	// Limit who can trigger the command
+	if ( 'undefined' === typeof req.body.user_name || config.command_user !== req.body.user_name ) {
+		var response = {
+			"response_type": "ephemeral",
+			"text": "Sorry, you can't record completed tasks."
+		};
+
+		return res.status( 403 ).send( response );
 	}
 
 	// Massage the title
@@ -58,7 +73,7 @@ app.post( '/log', function( req, res ) {
 			"text": "**Entry recorded (**ID #" + resp.id + ", <" + resp.link + ">**)**\n" + resp.title.rendered
 		};
 
-		res.send( response);
+		res.send( response );
 	} );
 } );