diff --git a/hypha/apply/users/tests/test_views.py b/hypha/apply/users/tests/test_views.py
index 190ee006dfb10fdc7be6965b7df6504d0618d246..52f70dbc6a04496f6f46c8ffa2c638bcf0fe9ade 100644
--- a/hypha/apply/users/tests/test_views.py
+++ b/hypha/apply/users/tests/test_views.py
@@ -61,7 +61,7 @@ class TestPasswordReset(BaseViewTestCase):
         self.assertIn('https://testserver/account/password/reset/confirm', mail.outbox[0].body)
 
 
-@override_settings(ROOT_URLCONF='hypha.apply.urls', HIJACK_ENABLE=True)
+@override_settings(ROOT_URLCONF='hypha.apply.urls')
 class TestBecome(TestCase):
     def setUp(self):
         self.staff = StaffFactory()
diff --git a/hypha/apply/users/urls.py b/hypha/apply/users/urls.py
index 94bc9bb2ff835b4cdd36f589eafe7aeab3d1983b..53273023e6ec5e9573f0e2f3d35bf975cd517a9b 100644
--- a/hypha/apply/users/urls.py
+++ b/hypha/apply/users/urls.py
@@ -1,3 +1,4 @@
+from django.conf import settings
 from django.contrib.auth import views as auth_views
 from django.urls import include, path, reverse_lazy
 
@@ -37,7 +38,6 @@ public_urlpatterns = [
 urlpatterns = [
     path('account/', include([
         path('', AccountView.as_view(), name='account'),
-        path('become/', become, name='become'),
         path('password/', include([
             path('', EmailChangePasswordView.as_view(), name='email_change_confirm_password'),
             path(
@@ -94,3 +94,8 @@ urlpatterns = [
         path('oauth', oauth, name='oauth'),
     ])),
 ]
+
+if settings.HIJACK_ENABLE:
+    urlpatterns += [
+        path('account/become/', become, name='become'),
+    ]
diff --git a/hypha/apply/users/views.py b/hypha/apply/users/views.py
index d8e85fa0453c0dec1af72c4ea18c8043ef231c47..1cf30f5270d6a60d6c68264acca9a2a42837ae97 100644
--- a/hypha/apply/users/views.py
+++ b/hypha/apply/users/views.py
@@ -160,7 +160,7 @@ class EmailChangeDoneView(TemplateView):
 @login_required()
 def become(request):
     if not settings.HIJACK_ENABLE:
-        raise PermissionDenied()
+        raise Http404(_('Hijack feature is not enabled.'))
 
     if not request.user.is_superuser:
         raise PermissionDenied()
diff --git a/hypha/settings/test.py b/hypha/settings/test.py
index 1d913795abb604266204c36627b4f05d42358e15..e4936bbfb355f67645f8f151eb9ab0b6ba5bd2ca 100644
--- a/hypha/settings/test.py
+++ b/hypha/settings/test.py
@@ -9,6 +9,8 @@ logging.disable(logging.CRITICAL)
 
 SECRET_KEY = 'NOT A SECRET'
 
+HIJACK_ENABLE = True
+
 PROJECTS_ENABLED = True
 PROJECTS_AUTO_CREATE = True