diff --git a/sanity_check.php b/sanity_check.php
index 322aa9bf1..21fc08199 100644
--- a/sanity_check.php
+++ b/sanity_check.php
@@ -12,4 +12,11 @@
 		subdirectory of TT-RSS tree.";
 		exit;
 	}
+
+	if (file_exists("xml-export.php") || file_exists("xml-import.php")) {
+		print "<b>Fatal Error</b>: XML Import/Export tools (<b>xml-export.php</b>
+		and <b>xml-import.php</b>) could be used maliciously. Please remove them 
+		from your TT-RSS instance.";
+		exit;
+	}
 ?>
diff --git a/xml-export.php b/utils/xml-export.php
similarity index 100%
rename from xml-export.php
rename to utils/xml-export.php
diff --git a/xml-import.php b/utils/xml-import.php
similarity index 100%
rename from xml-import.php
rename to utils/xml-import.php