diff --git a/posts.go b/posts.go
index bef1acb..d98de0e 100644
--- a/posts.go
+++ b/posts.go
@@ -52,6 +52,16 @@ const (
 	visibilityPrivate  postVisibility = "private"
 )
 
+func validPostStatus(s postStatus) bool {
+	return s == statusPublished || s == statusPublishedDeleted ||
+		s == statusDraft || s == statusDraftDeleted ||
+		s == statusScheduled || s == statusScheduledDeleted
+}
+
+func validPostVisibility(v postVisibility) bool {
+	return v == visibilityPublic || v == visibilityUnlisted || v == visibilityPrivate
+}
+
 func (a *goBlog) servePost(w http.ResponseWriter, r *http.Request) {
 	p, err := a.getPost(r.URL.Path)
 	if errors.Is(err, errPostNotFound) {
diff --git a/postsDb.go b/postsDb.go
index a65d0f3..fec172a 100644
--- a/postsDb.go
+++ b/postsDb.go
@@ -88,10 +88,14 @@ func (a *goBlog) checkPost(p *post, new bool) (err error) {
 				p.Status = statusScheduled
 			}
 		}
+	} else if !validPostStatus(p.Status) {
+		return errors.New("invalid post status")
 	}
 	// Check visibility
 	if p.Visibility == visibilityNil {
 		p.Visibility = visibilityPublic
+	} else if !validPostVisibility(p.Visibility) {
+		return errors.New("invalid post visibility")
 	}
 	// Cleanup params
 	for pk, pvs := range p.Parameters {
diff --git a/postsDb_test.go b/postsDb_test.go
index 6bc3f74..43290bf 100644
--- a/postsDb_test.go
+++ b/postsDb_test.go
@@ -490,4 +490,22 @@ func Test_checkPost(t *testing.T) {
 		assert.NotEqual(t, oldUpdate, p.Updated)
 	})
 
+	t.Run("Invalid status should throw error", func(t *testing.T) {
+		p := &post{
+			Status: "unlisted",
+		}
+		err := app.checkPost(p, true)
+
+		assert.ErrorContains(t, err, "invalid post status")
+	})
+
+	t.Run("Invalid visibility should throw error", func(t *testing.T) {
+		p := &post{
+			Visibility: "published",
+		}
+		err := app.checkPost(p, true)
+
+		assert.ErrorContains(t, err, "invalid post visibility")
+	})
+
 }