diff --git a/app/models/concerns/protected_ref_access.rb b/app/models/concerns/protected_ref_access.rb
index 0c7e5157cdff47db6c121d12655199d9d862fbca..c4f158e569a6ac1c4e617c5800aef518bd4f3cc2 100644
--- a/app/models/concerns/protected_ref_access.rb
+++ b/app/models/concerns/protected_ref_access.rb
@@ -11,7 +11,7 @@ module ProtectedRefAccess
   end
 
   def check_access(user)
-    return true if user.is_admin?
+    return true if user.admin?
 
     project.team.max_member_access(user.id) >= access_level
   end
diff --git a/app/models/protected_ref_matcher.rb b/app/models/protected_ref_matcher.rb
index 83f44240259e1bb0ff2967fb4eae41c49a6d7fcd..d970f2b01fc38020793c1244590771f50eb48e90 100644
--- a/app/models/protected_ref_matcher.rb
+++ b/app/models/protected_ref_matcher.rb
@@ -4,7 +4,7 @@ class ProtectedRefMatcher
   end
 
   # Returns all protected refs that match the given ref name.
-  # This realizes all records from the scope built up so far, and does
+  # This checks all records from the scope built up so far, and does
   # _not_ return a relation.
   #
   # This method optionally takes in a list of `protected_refs` to search
@@ -38,6 +38,8 @@ class ProtectedRefMatcher
   end
 
   def wildcard_match?(ref_name)
+    return false unless wildcard?
+
     wildcard_regex === ref_name
   end
 
diff --git a/changelogs/unreleased/18471-restrict-tag-pushes-protected-tags.yml b/changelogs/unreleased/18471-restrict-tag-pushes-protected-tags.yml
index c6ea5da65a54dfdfe1700094e5c1bc8448d63470..fabe24e485ac98a561a27fbdcb2e36192186c0d0 100644
--- a/changelogs/unreleased/18471-restrict-tag-pushes-protected-tags.yml
+++ b/changelogs/unreleased/18471-restrict-tag-pushes-protected-tags.yml
@@ -1,4 +1,4 @@
 ---
-title: Protected Tags feature
+title: Tags can be protected, restricting creation of matching tags by user role
 merge_request: 10356
 author: