diff --git a/server/boot/user.js b/server/boot/user.js
index b0d059306c..ad08bee719 100644
--- a/server/boot/user.js
+++ b/server/boot/user.js
@@ -336,7 +336,7 @@ module.exports = function(app) {
             return data;
           }, {});
 
-        if (userPortfolio.isCheater) {
+        if (userPortfolio.isCheater && !user) {
           req.flash('errors', {
             msg: dedent`
               Upon review, this account has been flagged for academic
diff --git a/server/middleware.json b/server/middleware.json
index 1ec30ef11b..1ee88d4cb6 100644
--- a/server/middleware.json
+++ b/server/middleware.json
@@ -49,7 +49,8 @@
     "./middlewares/jade-helpers": {},
     "./middlewares/global-locals": {},
     "./middlewares/revision-helpers": {},
-    "./middlewares/migrate-completed-challenges": {}
+    "./middlewares/migrate-completed-challenges": {},
+    "./middlewares/flash-cheaters": {}
   },
   "routes": {
   },
diff --git a/server/middlewares/flash-cheaters.js b/server/middlewares/flash-cheaters.js
new file mode 100644
index 0000000000..7e882f1e6b
--- /dev/null
+++ b/server/middlewares/flash-cheaters.js
@@ -0,0 +1,29 @@
+import dedent from 'dedent';
+
+const ALLOWED_METHODS = ['GET'];
+const EXCLUDED_PATHS = [
+  '/api/flyers/findOne',
+  '/challenges/current-challenge',
+  '/challenges/next-challenge',
+  '/map-aside',
+  '/signout'
+];
+
+export default function flashCheaters() {
+  return function(req, res, next) {
+    if (
+      ALLOWED_METHODS.indexOf(req.method) !== -1 &&
+      EXCLUDED_PATHS.indexOf(req.path) === -1 &&
+      req.user && req.url !== '/' && req.user.isCheater
+    ) {
+      req.flash('errors', {
+        msg: dedent`
+          Upon review, this account has been flagged for academic
+          dishonesty. If you’re the owner of this account contact
+          team@freecodecamp.com for details.
+        `
+      });
+    }
+    return next();
+  };
+}