diff --git a/src/Controllers/LinkFieldController.php b/src/Controllers/LinkFieldController.php
index f540803e..2e5bb2bc 100644
--- a/src/Controllers/LinkFieldController.php
+++ b/src/Controllers/LinkFieldController.php
@@ -127,17 +127,20 @@ private function getLinkData(Link $link): array
      */
     public function linkDelete(): HTTPResponse
     {
-        $link = $this->linkFromRequest();
-        if (!$link->canDelete()) {
-            $this->jsonError(403);
-        }
         // Check security token on destructive operation
         if (!SecurityToken::inst()->checkRequest($this->getRequest())) {
             $this->jsonError(400);
         }
+        $link = $this->linkFromRequest();
         if ($link->hasExtension(Versioned::class)) {
+            if (!$link->canArchive()) {
+                $this->jsonError(403);
+            }
             $link->doArchive();
         } else {
+            if (!$link->canDelete()) {
+                $this->jsonError(403);
+            }
             $link->delete();
         }
         // Send response
diff --git a/tests/php/Controllers/LinkFieldControllerTest.php b/tests/php/Controllers/LinkFieldControllerTest.php
index 4b33e003..843390f1 100644
--- a/tests/php/Controllers/LinkFieldControllerTest.php
+++ b/tests/php/Controllers/LinkFieldControllerTest.php
@@ -570,9 +570,12 @@ public function provideLinkDelete(): array
                 'fail' => '',
                 'expectedCode' => 204,
             ],
-            'Reject fail canDelete()' => [
+            // note there isn't a canDelete() test here because it seems impossible to get an
+            // unversioned Link because there's no way to actually remove the Versioned extension
+            // from any subclass of Link since we're unable to the use app/_config.php method
+            'Reject fail canArchive()' => [
                 'idType' => 'existing',
-                'fail' => 'can-delete',
+                'fail' => 'can-archive',
                 'expectedCode' => 403,
             ],
             'Reject fail csrf-token' => [
diff --git a/tests/php/Controllers/LinkFieldControllerTest/TestPhoneLink.php b/tests/php/Controllers/LinkFieldControllerTest/TestPhoneLink.php
index c740e1e1..b1f39bfa 100644
--- a/tests/php/Controllers/LinkFieldControllerTest/TestPhoneLink.php
+++ b/tests/php/Controllers/LinkFieldControllerTest/TestPhoneLink.php
@@ -43,6 +43,11 @@ public function canDelete($member = null)
         return TestPhoneLink::$fail !== 'can-delete';
     }
 
+    public function canArchive($member = null)
+    {
+        return TestPhoneLink::$fail !== 'can-archive';
+    }
+
     public function validate(): ValidationResult
     {
         $validationResult = parent::validate();