diff --git a/src/Auth/Protect/Protection.php b/src/Auth/Protect/Protection.php
index 993b2dcfb8..ba56c52714 100644
--- a/src/Auth/Protect/Protection.php
+++ b/src/Auth/Protect/Protection.php
@@ -30,12 +30,16 @@ public function data()
 
     public function scheme()
     {
-        if ($default = config('statamic.protect.default')) {
-            return $default;
+        if (
+            $this->data
+            && $this->data instanceof Protectable
+            && $scheme = $this->data->getProtectionScheme()
+        ) {
+            return $scheme;
         }
 
-        if ($this->data && $this->data instanceof Protectable) {
-            return $this->data->getProtectionScheme();
+        if ($default = config('statamic.protect.default')) {
+            return $default;
         }
 
         return null;
diff --git a/tests/Auth/Protect/ProtectionTest.php b/tests/Auth/Protect/ProtectionTest.php
index b3339e98ae..633081c764 100644
--- a/tests/Auth/Protect/ProtectionTest.php
+++ b/tests/Auth/Protect/ProtectionTest.php
@@ -48,6 +48,20 @@ public function scheme_comes_from_data()
         $this->assertEquals('logged_in', $this->protection->scheme());
     }
 
+    /** @test */
+    public function scheme_comes_from_data_even_when_sitewide_scheme_is_defined()
+    {
+        config(['statamic.protect.default' => 'logged_in']);
+        config(['statamic.protect.schemes.logged_in' => [
+            'driver' => 'auth',
+            'form_url' => '/login',
+        ]]);
+
+        $this->protection->setData($this->createEntryWithScheme('password'));
+
+        $this->assertEquals('password', $this->protection->scheme());
+    }
+
     /** @test */
     public function if_the_data_isnt_protectable_it_doesnt_get_a_scheme()
     {