diff --git a/src/trunk/ajax_handlers/delete_file.php b/src/trunk/ajax_handlers/delete_file.php
index 37a3bf4..9bc8eea 100644
--- a/src/trunk/ajax_handlers/delete_file.php
+++ b/src/trunk/ajax_handlers/delete_file.php
@@ -15,7 +15,7 @@ function callback() {
         if($_SERVER['REQUEST_METHOD'] === 'GET') {
             $filename = $_GET["name"];
 
-            if (str_contains($filename, "/uploads/surveyjs")) {
+            if (str_contains($filename, "/uploads/surveyjs") && current_user_can( 'administrator' ) ) {
                 $uploadpath = substr($filename, strpos($filename, "/surveyjs"));
                 $upload_dir=wp_upload_dir();
                 $fullname = $upload_dir['basedir'] . $uploadpath;