diff --git a/IkiWiki/CGI.pm b/IkiWiki/CGI.pm
index 81cb42d13..3fadc462e 100644
--- a/IkiWiki/CGI.pm
+++ b/IkiWiki/CGI.pm
@@ -203,25 +203,9 @@ sub cgi_prefs ($$) {
 	
 	my $user_name=$session->param("name");
 
-	# XXX deprecated, should be removed eventually
-	$form->field(name => "banned_users", size => 50, fieldset => "admin");
-	if (! is_admin($user_name)) {
-		$form->field(name => "banned_users", type => "hidden");
-	}
 	if (! $form->submitted) {
 		$form->field(name => "email", force => 1,
 			value => userinfo_get($user_name, "email"));
-		if (is_admin($user_name)) {
-			my $value=join(" ", get_banned_users());
-			if (length $value) {
-				$form->field(name => "banned_users", force => 1,
-					value => join(" ", get_banned_users()),
-					comment => "deprecated; please move to banned_users in setup file");
-			}
-			else {
-				$form->field(name => "banned_users", type => "hidden");
-			}
-		}
 	}
 	
 	if ($form->submitted eq 'Logout') {
@@ -239,17 +223,6 @@ sub cgi_prefs ($$) {
 				error("failed to set email");
 		}
 
-		# XXX deprecated, should be removed eventually
-		if (is_admin($user_name)) {
-			set_banned_users(grep { ! is_admin($_) }
-					split(' ',
-						$form->field("banned_users"))) ||
-				error("failed saving changes");
-			if (! length $form->field("banned_users")) {
-				$form->field(name => "banned_users", type => "hidden");
-			}
-		}
-
 		$form->text(gettext("Preferences saved."));
 	}
 	
@@ -262,10 +235,7 @@ sub check_banned ($$) {
 
 	my $name=$session->param("name");
 	if (defined $name) {
-		# XXX banned in userinfo is deprecated, should be removed
-		# eventually, and only banned_users be checked.
-		if (userinfo_get($session->param("name"), "banned") ||
-		    grep { $name eq $_ } @{$config{banned_users}}) {
+		if (grep { $name eq $_ } @{$config{banned_users}}) {
 			print $q->header(-status => "403 Forbidden");
 			$session->delete();
 			print gettext("You are banned.");
diff --git a/IkiWiki/Plugin/attachment.pm b/IkiWiki/Plugin/attachment.pm
index e1b4d4363..087c315a9 100644
--- a/IkiWiki/Plugin/attachment.pm
+++ b/IkiWiki/Plugin/attachment.pm
@@ -61,23 +61,6 @@ sub check_canattach ($$;$) {
 		);
 	}
 
-	# XXX deprecated, should be removed eventually
-	if ($allowed) {
-		foreach my $admin (@{$config{adminuser}}) {
-			my $allowed_attachments=IkiWiki::userinfo_get($admin, "allowed_attachments");
-			if (defined $allowed_attachments &&
-			    length $allowed_attachments) {
-				$allowed=pagespec_match($dest,
-					$allowed_attachments,
-					file => $file,
-					user => $session->param("name"),
-					ip => $ENV{REMOTE_ADDR},
-				);
-				last if $allowed;
-			}
-		}
-	}
-
 	if (! $allowed) {
 		error(gettext("prohibited by allowed_attachments")." ($allowed)");
 	}
@@ -120,39 +103,6 @@ sub formbuilder_setup (@) {
 			$form->tmpl_param("attachments-class" => "toggleable-open");
 		}
 	}
-	elsif ($form->title eq "preferences") {
-		# XXX deprecated, should remove eventually
-		my $session=$params{session};
-		my $user_name=$session->param("name");
-
-		$form->field(name => "allowed_attachments", size => 50,
-			fieldset => "admin",
-			comment => "deprecated; please move to allowed_attachments in setup file",
-		);
-		if (! IkiWiki::is_admin($user_name)) {
-			$form->field(name => "allowed_attachments", type => "hidden");
-		}
-                if (! $form->submitted) {
-			my $value=IkiWiki::userinfo_get($user_name, "allowed_attachments");
-			if (length $value) {
-				$form->field(name => "allowed_attachments", force => 1,
-					value => IkiWiki::userinfo_get($user_name, "allowed_attachments"));
-			}
-			else {
-				$form->field(name => "allowed_attachments", type => "hidden");
-			}
-                }
-		if ($form->submitted && $form->submitted eq 'Save Preferences') {
-			if (defined $form->field("allowed_attachments")) {
-				IkiWiki::userinfo_set($user_name, "allowed_attachments",
-				$form->field("allowed_attachments")) ||
-					error("failed to set allowed_attachments");
-				if (! length $form->field("allowed_attachments")) {
-					$form->field(name => "allowed_attachments", type => "hidden");
-				}
-			}
-		}
-	}
 }
 
 sub formbuilder (@) {
diff --git a/IkiWiki/Plugin/lockedit.pm b/IkiWiki/Plugin/lockedit.pm
index c2c7414c3..0fa329251 100644
--- a/IkiWiki/Plugin/lockedit.pm
+++ b/IkiWiki/Plugin/lockedit.pm
@@ -8,8 +8,6 @@ use IkiWiki 3.00;
 sub import {
 	hook(type => "getsetup", id => "lockedit", call => \&getsetup);
 	hook(type => "canedit", id => "lockedit", call => \&canedit);
-	hook(type => "formbuilder_setup", id => "lockedit",
-	     call => \&formbuilder_setup);
 }
 
 sub getsetup () {
@@ -52,63 +50,7 @@ sub canedit ($$) {
 		}
 	}
 
-	# XXX deprecated, should be removed eventually
-	foreach my $admin (@{$config{adminuser}}) {
-		if (pagespec_match($page, IkiWiki::userinfo_get($admin, "locked_pages"),
-		    user => $session->param("name"),
-		    ip => $ENV{REMOTE_ADDR},
-		)) {
-			if (! defined $user ||
-			    ! IkiWiki::userinfo_get($session->param("name"), "regdate")) {
-				return sub { IkiWiki::needsignin($cgi, $session) };
-			}
-			else {
-				return sprintf(gettext("%s is locked and cannot be edited"),
-					htmllink("", "", $page, noimageinline => 1));
-			}
-		}
-	}
-
 	return undef;
 }
 
-sub formbuilder_setup (@) {
-	my %params=@_;
-
-	# XXX deprecated, should be removed eventually	
-	my $form=$params{form};
-	if ($form->title eq "preferences") {
-		my $session=$params{session};
-		my $cgi=$params{cgi};
-		my $user_name=$session->param("name");
-
-		$form->field(name => "locked_pages", size => 50,
-			fieldset => "admin",
-			comment => "deprecated; please move to locked_pages in setup file"
-		);
-		if (! IkiWiki::is_admin($user_name)) {
-			$form->field(name => "locked_pages", type => "hidden");
-		}
-		if (! $form->submitted) {
-			my $value=IkiWiki::userinfo_get($user_name, "locked_pages");
-			if (length $value) {
-				$form->field(name => "locked_pages", force => 1, value => $value);
-			}
-			else {
-				$form->field(name => "locked_pages", type => "hidden");
-			}
-		}
-		if ($form->submitted && $form->submitted eq 'Save Preferences') {
-			if (defined $form->field("locked_pages")) {
-				IkiWiki::userinfo_set($user_name, "locked_pages",
-					$form->field("locked_pages")) ||
-						error("failed to set locked_pages");
-				if (! length $form->field("locked_pages")) {
-					$form->field(name => "locked_pages", type => "hidden");
-				}
-			}
-		}
-	}
-}
-
 1
diff --git a/IkiWiki/UserInfo.pm b/IkiWiki/UserInfo.pm
index 3423dc923..0bf100a95 100644
--- a/IkiWiki/UserInfo.pm
+++ b/IkiWiki/UserInfo.pm
@@ -74,24 +74,4 @@ sub is_admin ($) {
 	return grep { $_ eq $user_name } @{$config{adminuser}};
 }
 
-# XXX deprecated, should be removed eventually
-sub get_banned_users () {
-	my @ret;
-	my $userinfo=userinfo_retrieve();
-	foreach my $user (keys %{$userinfo}) {
-		push @ret, $user if $userinfo->{$user}->{banned};
-	}
-	return @ret;
-}
-
-# XXX deprecated, should be removed eventually
-sub set_banned_users (@) {
-	my %banned=map { $_ => 1 } @_;
-	my $userinfo=userinfo_retrieve();
-	foreach my $user (keys %{$userinfo}) {
-		$userinfo->{$user}->{banned} = $banned{$user};
-	}
-	return userinfo_store($userinfo);
-}
-
 1
diff --git a/doc/ikiwiki-transition.mdwn b/doc/ikiwiki-transition.mdwn
index 8b7c3579f..3a3529454 100644
--- a/doc/ikiwiki-transition.mdwn
+++ b/doc/ikiwiki-transition.mdwn
@@ -8,11 +8,11 @@ ikiwiki-transition type ...
 
 # DESCRIPTION
 
-`ikiwiki-transition` aids in converting wiki pages when
-there's a major change in ikiwiki syntax. It also handles other transitions
-not involving wiki pages.
+`ikiwiki-transition` aids in converting wiki pages when there's a major
+change in ikiwiki syntax. It also handles other transitions not involving
+wiki pages.
 
-# prefix_directives
+# prefix_directives file ...
 
 The `prefix_directives` mode converts the specified ikiwiki page from
 the old preprocessor directive syntax, requiring a space, to the new
@@ -25,7 +25,7 @@ Note that if the page contains wiki links with spaces, which some
 older versions of ikiwiki accepted, the prefix_directives transition will
 treat these as preprocessor directives and convert them.
 
-# setupformat
+# setupformat your.setup
 
 The `setupformat` mode converts a setup file from using a single `wrappers` block
 to using `cgi_wrapper`, `git_wrapper`, etc.
@@ -33,25 +33,30 @@ to using `cgi_wrapper`, `git_wrapper`, etc.
 Note that all comments and any unusual stuff like perl code in the setup
 file will be lost, as it is entirely rewritten by the transition.
 
-# aggregateinternal
+# aggregateinternal your.setup
 
 The `aggregateinternal` mode moves pages aggregated by the aggregate plugin
 so that the `aggregateinternal` option can be enabled.
 
-# indexdb
+# moveprefs your.setup
+
+Moves values that used to be admin preferences into the setup file.
+
+Note that all comments and any unusual stuff like perl code in the setup
+file will be lost, as it is entirely rewritten by the move.
+
+# indexdb srcdir
 
 The `indexdb` mode handles converting a plain text `.ikiwiki/index` file to
-a binary `.ikiwiki/indexdb`. In this mode, you should specify the srcdir of
-the wiki as the second parameter. You do not normally need to run
+a binary `.ikiwiki/indexdb`. You do not normally need to run
 `ikiwiki-transition indexdb`; ikiwiki will automatically run it as
 necessary.
 
-# hashpassword
+# hashpassword srcdir
 
 The `hashpassword` mode forces any plaintext passwords stored in the
 `.ikiwiki/userdb` file to be replaced with password hashes. (The
-Authen::Passphrase perl module is needed to do this.) In this mode, you
-should specify the srcdir of the wiki as the second parameter. 
+Authen::Passphrase perl module is needed to do this.)
 
 If this is not done explicitly, a user's plaintext password will be
 automatically converted to a hash when a user logs in for the first time
diff --git a/doc/tips/upgrade_to_3.0.mdwn b/doc/tips/upgrade_to_3.0.mdwn
index cf33f4d1c..ef9933583 100644
--- a/doc/tips/upgrade_to_3.0.mdwn
+++ b/doc/tips/upgrade_to_3.0.mdwn
@@ -1,32 +1,30 @@
-Version 3.0 of ikiwiki makes some significant configuration changes, which
+Version 3.0 of ikiwiki makes some significant changes, which
 you will need to deal with when upgrading from ikiwiki 2.x.
 
 [[!toc ]]
 
-# moving settings from Preferences page
-
-The admin preferences page used to have settings for allowed attachments,
-locked pages, and banned users. These three settings have moved to the
-setup file:
-
-	allowed_attachments => "",
-	locked_pages => "",
-	banned_users => "",
-
-If you have not yet upgraded to ikiwiki 3.0, you can look at the admin
-preferences page to see if any of these values is shown there, and copy
-them into the setup file.
-
 ## setup file format change
 
 The layout of the setup file changed in a significant way in version 2.60
 of ikiwiki. If you have not changed yours to the new format, now would be a
-good time to do so. Some new features, like the [[plugins/websetup]] interface,
-need the new format setup file.
+good time to do so. Some new features, like the [[plugins/websetup]]
+interface, need the new format setup file.
   
 You can convert old setup files into the new format by running
 `ikiwiki-transition setupformat your.setup`
 
+# moving settings from Preferences page
+
+The admin preferences page used to have settings for allowed attachments,
+locked pages, and banned users. These three settings have moved to the
+setup file, and will no longer appear on the admin preferences page once
+your wiki is upgraded to 3.0.
+
+You can move these preferences into the setup file by running
+`ikiwiki-transition moveprefs your.setup`
+
+(Make sure you have converted the setuop file to the new format first.)
+
 ## prefix directives
 
 In 3.0, the syntax ikiwiki uses for [[directives|ikiwiki/directive]] has
@@ -70,7 +68,7 @@ about any GlobLists it sees.
 ## aggregateinternal
 
 If your wiki uses the [[aggregate|plugins/aggregate]] plugin, it will start
-to aggregate feeds to special "internal" pages. 
+to aggregate feeds to special "internal" pages.
 
 If you don't want this change, you can add the following to your setup
 file:
diff --git a/ikiwiki-transition b/ikiwiki-transition
index 802cd643d..9a5dd1362 100755
--- a/ikiwiki-transition
+++ b/ikiwiki-transition
@@ -159,14 +159,49 @@ sub setupformat {
 	IkiWiki::Setup::dump($setup);
 }
 
+sub moveprefs {
+	my $setup=shift;
+	if (! defined $setup) {
+		usage();
+	}
+
+	require IkiWiki::Setup;
+
+	%config = IkiWiki::defaultconfig();
+	IkiWiki::Setup::load($setup);
+	IkiWiki::checkconfig();
+
+	eval q{use IkiWiki::UserInfo};
+	error $@ if $@;
+
+	foreach my $field (qw{allowed_attachments locked_pages}) {
+		my $orig=$config{$field};
+		foreach my $admin (@{$config{adminuser}}) {
+			my $a=IkiWiki::userinfo_get($admin, $field);
+			if (defined $a && length $a &&
+			    $a ne $orig && # might already have been moved
+			    defined $config{$field} &&
+			    length $config{$field}) {
+				 $config{$field}=IkiWiki::pagespec_merge($config{$field}, $a);
+			}
+		}
+	}
+
+	my %banned=map { $_ => 1 } @{$config{banned_users}}, IkiWiki::get_banned_users();
+	$config{banned_users}=[sort keys %banned];
+
+	IkiWiki::Setup::dump($setup);
+}
+
 sub usage {
 	print STDERR "Usage: ikiwiki-transition type ...\n";
 	print STDERR "Currently supported transition subcommands:\n";
-	print STDERR "\tprefix_directives file\n";
+	print STDERR "\tprefix_directives file ...\n";
 	print STDERR "\tindexdb srcdir\n";
 	print STDERR "\thashpassword srcdir\n";
 	print STDERR "\taggregateinternal setupfile\n";
 	print STDERR "\tsetupformat setupfile\n";
+	print STDERR "\tmoveprefs setupfile\n";
 	exit 1;
 }
 
@@ -188,6 +223,9 @@ elsif ($mode eq 'aggregateinternal') {
 elsif ($mode eq 'setupformat') {
 	setupformat(@ARGV);
 }
+elsif ($mode eq 'moveprefs') {
+	moveprefs(@ARGV);
+}
 else {
 	usage();
 }
@@ -245,3 +283,15 @@ sub oldloadindex {
 	
 	return close($in);
 }
+
+# Used to be in IkiWiki/UserInfo, but only used here now.
+sub get_banned_users () {
+	my @ret;
+	my $userinfo=userinfo_retrieve();
+	foreach my $user (keys %{$userinfo}) {
+		push @ret, $user if $userinfo->{$user}->{banned};
+	}
+	return @ret;
+}
+
+1