diff --git a/public/include/classes/worker.class.php b/public/include/classes/worker.class.php
index 0caa9f4b..66a14365 100644
--- a/public/include/classes/worker.class.php
+++ b/public/include/classes/worker.class.php
@@ -21,14 +21,19 @@ class Worker extends Base {
     $username = $this->user->getUserName($account_id);
     $iFailed = 0;
     foreach ($data as $key => $value) {
-      if ('' === $value['username'] || '' === $value['password']) {
+    if ('' === $value['username'] || '' === $value['password']) {
+      $iFailed++;
+    } else {
+      // Check worker name first
+      if (! preg_match("/^[0-9a-zA-Z_\-]*$/", $value['username'])) {
+        $iFailed++;
+        continue;
+      }
+      // Prefix the WebUser to Worker name
+      $value['username'] = "$username." . $value['username'];
+      $stmt = $this->mysqli->prepare("UPDATE $this->table SET password = ?, username = ?, monitor = ? WHERE account_id = ? AND id = ?");
+      if ( ! ( $this->checkStmt($stmt) && $stmt->bind_param('ssiii', $value['password'], $value['username'], $value['monitor'], $account_id, $key) && $stmt->execute()) )
         $iFailed++;
-      } else {
-        // Prefix the WebUser to Worker name
-        $value['username'] = "$username." . $value['username'];
-        $stmt = $this->mysqli->prepare("UPDATE $this->table SET password = ?, username = ?, monitor = ? WHERE account_id = ? AND id = ?");
-        if ( ! ( $this->checkStmt($stmt) && $stmt->bind_param('ssiii', $value['password'], $value['username'], $value['monitor'], $account_id, $key) && $stmt->execute()) )
-          $iFailed++;
       }
     }
     if ($iFailed == 0)
@@ -225,8 +230,16 @@ class Worker extends Base {
       $this->setErrorMessage($this->getErrorMsg('E0058'));
       return false;
     }
+    if (!preg_match("/^[0-9a-zA-Z_\-]*$/", $workerName)) {
+      $this->setErrorMessage($this->getErrorMsg('E0072'));
+      return false;
+    }
     $username = $this->user->getUserName($account_id);
     $workerName = "$username.$workerName";
+    if (strlen($workerName) > 50) {
+      $this->setErrorMessage($this->getErrorMsg('E0073'));
+      return false;
+    }
     $stmt = $this->mysqli->prepare("INSERT INTO $this->table (account_id, username, password) VALUES(?, ?, ?)");
     if ($this->checkStmt($stmt) && $stmt->bind_param('iss', $account_id, $workerName, $workerPassword)) {
       if (!$stmt->execute()) {
diff --git a/public/include/config/error_codes.inc.php b/public/include/config/error_codes.inc.php
index 80078f3d..1c5eee85 100644
--- a/public/include/config/error_codes.inc.php
+++ b/public/include/config/error_codes.inc.php
@@ -69,4 +69,6 @@ $aErrorCodes['E0062'] = 'Block has no share_id, not running payouts';
 $aErrorCodes['E0063'] = 'Upstream share already assigned to previous block';
 $aErrorCodes['E0064'] = 'Failed to create transaction record';
 $aErrorCodes['E0065'] = 'Remaining balance is greater than 0';
+$aErrorCodes['E0072'] = 'Worker names must be alphanumeric';
+$aErrorCodes['E0073'] = 'Worker name is too long; try entering a shorter name'
 ?>