diff --git a/core/Controller/WipeController.php b/core/Controller/WipeController.php
index f495ba5a692..85e7c1a2479 100644
--- a/core/Controller/WipeController.php
+++ b/core/Controller/WipeController.php
@@ -45,18 +45,20 @@ class WipeController extends Controller {
 	#[NoCSRFRequired]
 	#[AnonRateLimit(limit: 10, period: 300)]
 	#[FrontpageRoute(verb: 'POST', url: '/core/wipe/check')]
-	public function checkWipe(string $token): JSONResponse {
-		try {
-			if ($this->remoteWipe->start($token)) {
-				return new JSONResponse([
-					'wipe' => true
-				]);
+	public function checkWipe(?string $token = ''): JSONResponse {
+		if (!empty($token)) {
+			try {
+				if ($this->remoteWipe->start($token)) {
+					return new JSONResponse([
+						'wipe' => true
+					]);
+				}
+			} catch (InvalidTokenException $e) {
+				// do nothing special, handled below
 			}
-
-			return new JSONResponse([], Http::STATUS_NOT_FOUND);
-		} catch (InvalidTokenException $e) {
-			return new JSONResponse([], Http::STATUS_NOT_FOUND);
 		}
+
+		return new JSONResponse([], Http::STATUS_NOT_FOUND);
 	}
 
 	/**
@@ -73,15 +75,17 @@ class WipeController extends Controller {
 	#[NoCSRFRequired]
 	#[AnonRateLimit(limit: 10, period: 300)]
 	#[FrontpageRoute(verb: 'POST', url: '/core/wipe/success')]
-	public function wipeDone(string $token): JSONResponse {
-		try {
-			if ($this->remoteWipe->finish($token)) {
-				return new JSONResponse([]);
+	public function wipeDone(?string $token = ''): JSONResponse {
+		if (!empty($token)) {
+			try {
+				if ($this->remoteWipe->finish($token)) {
+					return new JSONResponse([]);
+				}
+			} catch (InvalidTokenException $e) {
+				// do nothing special, handled below
 			}
-
-			return new JSONResponse([], Http::STATUS_NOT_FOUND);
-		} catch (InvalidTokenException $e) {
-			return new JSONResponse([], Http::STATUS_NOT_FOUND);
 		}
+		
+		return new JSONResponse([], Http::STATUS_NOT_FOUND);
 	}
 }
diff --git a/tests/Core/Controller/WipeControllerTest.php b/tests/Core/Controller/WipeControllerTest.php
index 84adbcb2e8b..2298ec73a25 100644
--- a/tests/Core/Controller/WipeControllerTest.php
+++ b/tests/Core/Controller/WipeControllerTest.php
@@ -55,6 +55,12 @@ class WipeControllerTest extends TestCase {
 			$this->remoteWipe->method('start')
 				->with('mytoken')
 				->willThrowException(new InvalidTokenException());
+			$this->remoteWipe->method('start')
+				->with('')
+				->willThrowException(new InvalidTokenException());
+			$this->remoteWipe->method('start')
+				->with(NULL)
+				->willThrowException(new InvalidTokenException());
 		} else {
 			$this->remoteWipe->method('start')
 				->with('mytoken')