diff --git a/.htaccess b/.htaccess
index 3293165..31ad65c 100644
--- a/.htaccess
+++ b/.htaccess
@@ -59,5 +59,10 @@ AddDefaultCharset UTF-8
 	Satisfy All
 </FilesMatch>
 
+# Allow read files.
+<Files robots.txt>
+	Allow from all
+</Files>
+
 # Don't show directory listings for URLs which map to a directory.
 Options -Indexes
diff --git a/CHANGELOG.md b/CHANGELOG.md
index d1cc771..989d045 100755
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,11 @@
+Monstra 3.0.4, 2016-04-05
+------------------------
+- Fixed User Security by adding a check that compares POST id with SESSION
+id for none admin edits
+- Fixed ability to read robots.txt
+- Stylesheet: Changed minified URIs to eliminate query strings
+
+
 Monstra 3.0.3, 2016-01-29
 ------------------------
 - Improved Monstra Security
diff --git a/engine/Monstra.php b/engine/Monstra.php
index 3f26cc8..b1a50fb 100644
--- a/engine/Monstra.php
+++ b/engine/Monstra.php
@@ -31,7 +31,7 @@ class Monstra
     /**
      * The version of Monstra
      */
-    const VERSION = '3.0.3';
+    const VERSION = '3.0.4';
 
 
     /**
diff --git a/engine/Plugin/Javascript.php b/engine/Plugin/Javascript.php
index 57072c8..5126f98 100644
--- a/engine/Plugin/Javascript.php
+++ b/engine/Plugin/Javascript.php
@@ -59,7 +59,7 @@ class Javascript
     public static function load()
     {
         $backend_site_js_path  = MINIFY . DS . 'backend_site.minify.js';
-        $frontend_site_js_path = MINIFY . DS . 'frontend_site.minify.js';
+        $frontend_site_js_path = MINIFY . DS . 'frontend_site.minify.'.Option::get('javascript_version').'.js';
 
         // Load javascripts
         if (count(Javascript::$javascripts) > 0) {
@@ -122,7 +122,7 @@ class Javascript
             if (BACKEND) {
                 echo '<script type="text/javascript" src="'.Option::get('siteurl').'/tmp/minify/backend_site.minify.js?'.Option::get('javascript_version').'"></script>';
             } else {
-                echo '<script type="text/javascript" src="'.Option::get('siteurl').'/tmp/minify/frontend_site.minify.js?'.Option::get('javascript_version').'"></script>'."\n";
+                echo '<script type="text/javascript" src="'.Option::get('siteurl').'/tmp/minify/frontend_site.minify.'.Option::get('javascript_version').'.js"></script>'."\n";
             }
         }
     }
diff --git a/engine/Plugin/Stylesheet.php b/engine/Plugin/Stylesheet.php
index 214374d..4907805 100644
--- a/engine/Plugin/Stylesheet.php
+++ b/engine/Plugin/Stylesheet.php
@@ -59,7 +59,7 @@ class Stylesheet
     public static function load()
     {
         $backend_site_css_path  = MINIFY . DS . 'backend_site.minify.css';
-        $frontend_site_css_path = MINIFY . DS . 'frontend_site.minify.css';
+        $frontend_site_css_path = MINIFY . DS . 'frontend_site.minify.'.Option::get('styles_version').'.css';
 
         // Load stylesheets
         if (count(Stylesheet::$stylesheets) > 0) {
@@ -124,7 +124,7 @@ class Stylesheet
             if (BACKEND) {
                 echo '<link rel="stylesheet" href="'.Option::get('siteurl').'/tmp/minify/backend_site.minify.css?'.Option::get('styles_version').'" type="text/css" />';
             } else {
-                echo '<link rel="stylesheet" href="'.Option::get('siteurl').'/tmp/minify/frontend_site.minify.css?'.Option::get('styles_version').'" type="text/css" />'."\n";
+                echo '<link rel="stylesheet" href="'.Option::get('siteurl').'/tmp/minify/frontend_site.minify.'.Option::get('styles_version').'.css" type="text/css" />'."\n";
             }
         }
     }
diff --git a/plugins/box/users/users.plugin.php b/plugins/box/users/users.plugin.php
index 2ff9a2a..b41520c 100644
--- a/plugins/box/users/users.plugin.php
+++ b/plugins/box/users/users.plugin.php
@@ -228,27 +228,32 @@ class Users extends Frontend
 
                 // Check csrf
                 if (Security::check(Request::post('csrf'))) {
-
-                    if (Security::safeName(Request::post('login')) != '') {
-                        if (Users::$users->update(Request::post('user_id'),
-                                                                array('login' => Security::safeName(Request::post('login')),
-                                                                      'firstname' => Request::post('firstname'),
-                                                                      'lastname'  => Request::post('lastname'),
-                                                                      'email'     => Request::post('email'),
-                                                                      'skype'     => Request::post('skype'),
-                                                                      'about_me'  => Request::post('about_me'),
-                                                                      'twitter'   => Request::post('twitter')))) {
-
-                            // Change password
-                            if (trim(Request::post('new_password')) != '') {
-                                Users::$users->update(Request::post('user_id'), array('password' => Security::encryptPassword(trim(Request::post('new_password')))));
+                    
+                    // Check for POST data manipulation
+                    if( ((int) Session::get('user_id') == (int) Request::post('user_id')) or (in_array(Session::get('user_role'), array('admin'))) ) {
+                        
+                        if (Security::safeName(Request::post('login')) != '') {
+                            if (Users::$users->update(Request::post('user_id'),
+                                                                    array('login' => Security::safeName(Request::post('login')),
+                                                                          'firstname' => Request::post('firstname'),
+                                                                          'lastname'  => Request::post('lastname'),
+                                                                          'email'     => Request::post('email'),
+                                                                          'skype'     => Request::post('skype'),
+                                                                          'about_me'  => Request::post('about_me'),
+                                                                          'twitter'   => Request::post('twitter')))) {
+    
+                                // Change password
+                                if (trim(Request::post('new_password')) != '') {
+                                    Users::$users->update(Request::post('user_id'), array('password' => Security::encryptPassword(trim(Request::post('new_password')))));
+                                }
+    
+                                Notification::set('success', __('Your changes have been saved.', 'users'));
+                                Request::redirect(Site::url().'/users/'.$user['id']);
                             }
-
-                            Notification::set('success', __('Your changes have been saved.', 'users'));
-                            Request::redirect(Site::url().'/users/'.$user['id']);
-                        }
-                    } else { }
-
+                        } else { }
+                        
+                    } else { die('Monstra says: This is not your profile...'); }
+                        
                 } else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); }
 
             }