diff --git a/doc/api/resources/orders.rst b/doc/api/resources/orders.rst
index 255fc6d6c2..b1a2cd315a 100644
--- a/doc/api/resources/orders.rst
+++ b/doc/api/resources/orders.rst
@@ -855,7 +855,7 @@ Generating new secrets
 
 .. http:post:: /api/v1/organizers/(organizer)/events/(event)/orders/(code)/regenerate_secrets/
 
-   Triggers generation of new ``secret`` attributes for both the order and all order positions.
+   Triggers generation of new ``secret`` and ``ẁeb_secret`` attributes for both the order and all order positions.
 
    **Example request**:
 
@@ -886,7 +886,7 @@ Generating new secrets
 
 .. http:post:: /api/v1/organizers/(organizer)/events/(event)/orderpositions/(id)/regenerate_secrets/
 
-   Triggers generation of a new ``secret`` attribute for a single order position.
+   Triggers generation of a new ``secret`` and ``web_secret`` attribute for a single order position.
 
    **Example request**:
 
diff --git a/src/pretix/api/views/order.py b/src/pretix/api/views/order.py
index 86df02891f..e01d951261 100644
--- a/src/pretix/api/views/order.py
+++ b/src/pretix/api/views/order.py
@@ -647,6 +647,8 @@ class EventOrderViewSet(OrderViewSetMixin, viewsets.ModelViewSet):
         order = self.get_object()
         order.secret = generate_secret()
         for op in order.all_positions.all():
+            op.web_secret = generate_secret()
+            op.save(update_fields=["web_secret"])
             assign_ticket_secret(
                 request.event, op, force_invalidate=True, save=True
             )
diff --git a/src/pretix/base/services/orders.py b/src/pretix/base/services/orders.py
index 1536756dcc..ab5fe52d1e 100644
--- a/src/pretix/base/services/orders.py
+++ b/src/pretix/base/services/orders.py
@@ -2425,6 +2425,8 @@ class OrderChangeManager:
             elif isinstance(op, self.SplitOperation):
                 split_positions.append(op.position)
             elif isinstance(op, self.RegenerateSecretOperation):
+                op.web_secret = generate_secret()
+                op.save(update_fields=["web_secret"])
                 assign_ticket_secret(
                     event=self.event, position=op.position, force_invalidate=True, save=True
                 )
@@ -2531,6 +2533,7 @@ class OrderChangeManager:
                 'new_order': split_order.code,
             })
             op.order = split_order
+            op.web_secret = generate_secret()
             assign_ticket_secret(
                 self.event, position=op, force_invalidate=True,
             )
diff --git a/src/pretix/control/forms/orders.py b/src/pretix/control/forms/orders.py
index e251d64ffd..8c6edda123 100644
--- a/src/pretix/control/forms/orders.py
+++ b/src/pretix/control/forms/orders.py
@@ -490,7 +490,9 @@ class OrderPositionChangeForm(forms.Form):
     )
     operation_secret = forms.BooleanField(
         required=False,
-        label=_('Generate a new secret')
+        label=_('Generate a new secret'),
+        help_text=_('This affects both the ticket secret (often used as a QR code) as well as the link used to '
+                    'individually access the ticket.')
     )
     operation_cancel = forms.BooleanField(
         required=False,
diff --git a/src/pretix/control/views/orders.py b/src/pretix/control/views/orders.py
index 1e00d7fcf8..079f0ce9ad 100644
--- a/src/pretix/control/views/orders.py
+++ b/src/pretix/control/views/orders.py
@@ -2241,6 +2241,8 @@ class OrderContactChange(OrderView):
                 changed = True
                 self.order.secret = generate_secret()
                 for op in self.order.all_positions.all():
+                    op.web_secret = generate_secret()
+                    op.save(update_fields=["web_secret"])
                     assign_ticket_secret(
                         self.request.event, position=op, force_invalidate=True, save=True
                     )
diff --git a/src/tests/api/test_order_change.py b/src/tests/api/test_order_change.py
index 39ad72dc67..b1c601a382 100644
--- a/src/tests/api/test_order_change.py
+++ b/src/tests/api/test_order_change.py
@@ -526,6 +526,7 @@ def test_order_regenerate_secrets(token_client, organizer, event, order):
     s = order.secret
     with scopes_disabled():
         ps = order.positions.first().secret
+        psw = order.positions.first().web_secret
     resp = token_client.post(
         '/api/v1/organizers/{}/events/{}/orders/{}/regenerate_secrets/'.format(
             organizer.slug, event.slug, order.code
@@ -536,6 +537,7 @@ def test_order_regenerate_secrets(token_client, organizer, event, order):
     assert s != order.secret
     with scopes_disabled():
         assert ps != order.positions.first().secret
+        assert psw != order.positions.first().web_secret
 
 
 @pytest.mark.django_db
@@ -543,6 +545,7 @@ def test_position_regenerate_secrets(token_client, organizer, event, order):
     with scopes_disabled():
         p = order.positions.first()
         ps = p.secret
+        psw = p.web_secret
     resp = token_client.post(
         '/api/v1/organizers/{}/events/{}/orderpositions/{}/regenerate_secrets/'.format(
             organizer.slug, event.slug, p.pk,
@@ -552,6 +555,7 @@ def test_position_regenerate_secrets(token_client, organizer, event, order):
     p.refresh_from_db()
     with scopes_disabled():
         assert ps != p.secret
+        assert psw != p.web_secret
 
 
 @pytest.mark.django_db