diff --git a/moztrap/model/mtadmin.py b/moztrap/model/mtadmin.py
index d249488e..6886f63e 100644
--- a/moztrap/model/mtadmin.py
+++ b/moztrap/model/mtadmin.py
@@ -7,6 +7,7 @@
 
 from django.conf import settings
 from django.forms.models import BaseInlineFormSet
+from django.shortcuts import redirect
 from django.views.decorators.cache import never_cache
 
 from django.contrib import admin, messages
@@ -38,6 +39,18 @@ def login(self, request, extra_context=None):
             )
 
 
+    @never_cache
+    def logout(self, request, extra_context=None):
+        """
+        Make admin 'logout' a no-op.
+
+        We replace the link with a "back to MozTrap" link.
+
+        The default AdminSite.logout implementation exposes us to logout CSRF.
+
+        """
+        return redirect("home")
+
 
 site = MTAdminSite()
 
diff --git a/templates/admin/base_site.html b/templates/admin/base_site.html
new file mode 100644
index 00000000..96232362
--- /dev/null
+++ b/templates/admin/base_site.html
@@ -0,0 +1,15 @@
+{% extends "admin/base.html" %}
+{% load url from future %}
+{% load i18n %}
+
+{% block title %}{{ title }} | {% trans 'MozTrap admin' %}{% endblock %}
+
+{% block branding %}
+<h1 id="site-name">{% trans 'MozTrap administration' %}</h1>
+{% endblock %}
+
+{% block nav-global %}{% endblock %}
+
+{% block userlinks %}
+  [ <a href="{% url 'home' %}">{% trans 'Back to MozTrap' %}</a> ]
+{% endblock %}
diff --git a/templates/users/set_username_form.html b/templates/users/set_username_form.html
index 62a2267d..9059ab98 100644
--- a/templates/users/set_username_form.html
+++ b/templates/users/set_username_form.html
@@ -6,7 +6,7 @@
 <section id="setusername">
   <h2>Welcome! Please choose a username</h2>
 
-  <p>We keep your email private, but we need a username to publicly identify
+  <p>We keep your email private, so we need a username to publicly identify
   you on the site.</p>
 
   <form method="POST" id="setusernameform">
diff --git a/tests/model/test_mtadmin.py b/tests/model/test_mtadmin.py
index 2de761ff..a1cfda38 100644
--- a/tests/model/test_mtadmin.py
+++ b/tests/model/test_mtadmin.py
@@ -32,6 +32,27 @@ def test_login_redirect_message(self):
         res.follow().mustcontain("have permission")
 
 
+    def test_logout_doesnt(self):
+        """
+        Admin 'logout' view just redirects to home.
+
+        The default version exposes us to logout CSRF. We remove the admin
+        logout link to, but we still need to neuter the actual view since
+        removing it from the url patterns is a pain.
+
+        """
+        from django.contrib.auth.signals import user_logged_out
+        def handler(*args, **kwargs):
+            self.fail("User logged out, should not have been.")
+        user_logged_out.connect(handler, weak=True)
+
+        user = self.F.UserFactory.create(is_staff=True)
+
+        res = self.app.get(reverse("admin:logout"), user=user)
+
+        self.assertRedirects(res, "/")
+
+
 
 class TeamModelAdminTest(case.DBTestCase):
     """Tests of TeamModelAdmin."""