diff --git a/src/p3k/WebSub/Client.php b/src/p3k/WebSub/Client.php
index c42868f..cabac08 100644
--- a/src/p3k/WebSub/Client.php
+++ b/src/p3k/WebSub/Client.php
@@ -218,7 +218,7 @@ class Client {
       $alg = $match[1];
       $sig = $match[2];
       $expected_signature = hash_hmac($alg, $body, $secret);
-      return $sig == $expected_signature;
+      return hash_equals($sig, $expected_signature);
     } else {
       return false;
     }