diff --git a/lib/admin_constraint.rb b/lib/admin_constraint.rb
index db5c0e73b64..1d0291cd7f1 100644
--- a/lib/admin_constraint.rb
+++ b/lib/admin_constraint.rb
@@ -9,9 +9,17 @@ class AdminConstraint
   def matches?(request)
     return false if @require_master && RailsMultisite::ConnectionManagement.current_db != "default"
     provider = Discourse.current_user_provider.new(request.env)
-    provider.current_user && provider.current_user.admin?
+    provider.current_user &&
+      provider.current_user.admin? &&
+      custom_admin_check(request)
   rescue Discourse::InvalidAccess
     false
   end
 
+  # Extensibility point: plugins can overwrite this to add additional checks
+  # if they require.
+  def custom_admin_check(request)
+    true
+  end
+
 end