diff --git a/cao_blogr/services/blog_record.py b/cao_blogr/services/blog_record.py
index c878084..854739b 100644
--- a/cao_blogr/services/blog_record.py
+++ b/cao_blogr/services/blog_record.py
@@ -19,15 +19,17 @@ class BlogRecordService(object):
             query = query.filter(BlogRecord.tag != 'admin')
         if tag != '':
             query = query.filter(BlogRecord.tag == tag)
-        query = query.order_by(BlogRecord.tag, BlogRecord.title).all()
-        return query
+        return query.order_by(BlogRecord.tag, BlogRecord.title).all()
 
     @classmethod
     def by_criteria(cls, request, criteria):
         search = "%{}%".format(criteria)
         query = request.dbsession.query(BlogRecord).filter(or_(BlogRecord.title.like(search),
-                                                                BlogRecord.body.like(search))).all()
-        return query
+                                                                BlogRecord.body.like(search)))
+        if request.authenticated_userid != 'admin':
+            # if user is not 'admin', hide admin posts
+            query = query.filter(BlogRecord.tag != 'admin')
+        return query.order_by(BlogRecord.title).all()
 
     @classmethod
     def by_id(cls, request, _id):