diff --git a/tests/simpletest/username_enumeration_prevention.test b/tests/simpletest/username_enumeration_prevention.test
index 86bee48af09e44b12a989ee660bdf84d235f73f8..2ce5df8b87e279bbf4ef29e2214e70feff53e9bc 100644
--- a/tests/simpletest/username_enumeration_prevention.test
+++ b/tests/simpletest/username_enumeration_prevention.test
@@ -104,4 +104,24 @@ class UsernameEnumerationPreventionTestCase extends DrupalWebTestCase {
     return $email;
   }
 
+  /**
+   * Submit the password reset form and check for resulting messaging.
+   */
+  public function testUserPageEnum() {
+    // Add some fake uids.
+    $uids = [13, 22, 1098];
+
+    // Create some real users.
+    for ($i = 0; $i < 5; $i++) {
+      $user = $this->drupalCreateUser();
+      $uids[] = $user->uid;
+    }
+
+    foreach ($uids as $uid) {
+      // Hit user/[uid] and ensure a 404.
+      $this->drupalGet(sprintf("user/%d", $uid));
+      $this->assertResponse(404, t('Page not found error returned when viewing user profile pages.'));
+    }
+  }
+
 }
diff --git a/username_enumeration_prevention.module b/username_enumeration_prevention.module
index 490569ee38c0ed7ca378158a2b00a8ad8ea2a600..ffbd3820f79d2b18a29fd0f46dfb886761767c5d 100644
--- a/username_enumeration_prevention.module
+++ b/username_enumeration_prevention.module
@@ -9,6 +9,23 @@
  * only for users with the access user profiles permission.
  */
 
+/**
+ * Implements hook_menu_alter().
+ */
+function username_enumeration_prevention_menu_alter(&$items) {
+  $items['user/%user']['delivery callback'] = 'username_enumeration_prevention_delivery_wrapper';
+}
+
+/**
+ * Converts 403 Access Denied responses to 404 Not Found on user profiles.
+ */
+function username_enumeration_prevention_delivery_wrapper($page_callback_result) {
+  if ($page_callback_result == MENU_ACCESS_DENIED) {
+    $page_callback_result = MENU_NOT_FOUND;
+  }
+  drupal_deliver_html_page($page_callback_result);
+}
+
 /**
  * Implements hook_form_FORM_ID_alter().
  *