diff --git a/src/pretix/control/context.py b/src/pretix/control/context.py
index 0b98224923..0a8a9014e4 100644
--- a/src/pretix/control/context.py
+++ b/src/pretix/control/context.py
@@ -1,3 +1,4 @@
+import sys
from django.conf import settings
from django.core.urlresolvers import Resolver404, get_script_prefix, resolve
@@ -46,4 +47,9 @@ def contextprocessor(request):
ctx['js_date_format'] = get_javascript_format('DATE_INPUT_FORMATS')
ctx['js_locale'] = get_moment_locale()
+ if settings.DEBUG and 'runserver' not in sys.argv:
+ ctx['debug_warning'] = True
+ elif 'runserver' in sys.argv:
+ ctx['development_warning'] = True
+
return ctx
diff --git a/src/pretix/control/templates/pretixcontrol/base.html b/src/pretix/control/templates/pretixcontrol/base.html
index 1fdab732f8..bf1d4f4fef 100644
--- a/src/pretix/control/templates/pretixcontrol/base.html
+++ b/src/pretix/control/templates/pretixcontrol/base.html
@@ -174,6 +174,12 @@
{% endfor %}
{% endif %}
+ {% if debug_warning %}
+
+ {% trans "pretix is running in debug mode. For security reasons, please never run debug mode on a production instance." %}
+
+ {% endif %}
+
{% block content %}
{% endblock %}