diff --git a/src/Controller/Security.php b/src/Controller/Security.php
index 10b9d6618b..c4833632a9 100644
--- a/src/Controller/Security.php
+++ b/src/Controller/Security.php
@@ -82,11 +82,14 @@ class Security extends Controller
             }
 
             $actor = GSActor::create(['nickname' => $data['nickname']]);
-            $user  = LocalUser::create(['nickname' => $data['nickname'], 'email' => $data['email'], 'password' => $data['password']]);
+            $user  = LocalUser::create([
+                'nickname' => $data['nickname'],
+                'email'    => $data['email'],
+                'password' => LocalUser::hashPassword($data['password']),
+            ]);
 
             DB::persist($user);
             DB::persist($actor);
-            DB::flush();
 
             // generate a signed url and email it to the user
             if (Common::config('site', 'use_email')) {
@@ -103,6 +106,8 @@ class Security extends Controller
                 $user->setIsEmailVerified(true);
             }
 
+            DB::flush();
+
             return $guard_handler->authenticateUserAndHandleSuccess(
                 $user,
                 $request,
diff --git a/src/Entity/LocalUser.php b/src/Entity/LocalUser.php
index 9110e379a8..e9f415a533 100644
--- a/src/Entity/LocalUser.php
+++ b/src/Entity/LocalUser.php
@@ -306,12 +306,12 @@ class LocalUser extends Entity implements UserInterface
     public function changePassword(string $new_password, bool $override = false): void
     {
         if ($override || $this->checkPassword($new_password)) {
-            $this->setPassword($this->hashPassword($new_password));
+            $this->setPassword(self::hashPassword($new_password));
             DB::flush();
         }
     }
 
-    public function hashPassword(string $password)
+    public static function hashPassword(string $password)
     {
         $algorithm = self::algoNameToConstant(Common::config('security', 'algorithm'));
         $options   = Common::config('security', 'options');