diff --git a/modules/indexer/issues/util.go b/modules/indexer/issues/util.go
index 19d835a1d8..7647be58e8 100644
--- a/modules/indexer/issues/util.go
+++ b/modules/indexer/issues/util.go
@@ -97,10 +97,14 @@ func getIssueIndexerData(ctx context.Context, issueID int64) (*internal.IndexerD
 		return nil, false, err
 	}
 
+	if err := issue.Repo.LoadOwner(ctx); err != nil {
+		return nil, false, fmt.Errorf("issue.Repo.LoadOwner: %w", err)
+	}
+
 	return &internal.IndexerData{
 		ID:                 issue.ID,
 		RepoID:             issue.RepoID,
-		IsPublic:           !issue.Repo.IsPrivate,
+		IsPublic:           !issue.Repo.IsPrivate && issue.Repo.Owner.Visibility.IsPublic(),
 		Title:              issue.Title,
 		Content:            issue.Content,
 		Comments:           comments,
diff --git a/services/org/org.go b/services/org/org.go
index b8174efa39..7b9e777974 100644
--- a/services/org/org.go
+++ b/services/org/org.go
@@ -8,12 +8,15 @@ import (
 	"fmt"
 
 	actions_model "code.gitea.io/gitea/models/actions"
+	activities_model "code.gitea.io/gitea/models/activities"
 	"code.gitea.io/gitea/models/db"
 	org_model "code.gitea.io/gitea/models/organization"
 	packages_model "code.gitea.io/gitea/models/packages"
+	access_model "code.gitea.io/gitea/models/perm/access"
 	repo_model "code.gitea.io/gitea/models/repo"
 	secret_model "code.gitea.io/gitea/models/secret"
 	user_model "code.gitea.io/gitea/models/user"
+	issue_indexer "code.gitea.io/gitea/modules/indexer/issues"
 	"code.gitea.io/gitea/modules/storage"
 	"code.gitea.io/gitea/modules/structs"
 	"code.gitea.io/gitea/modules/util"
@@ -104,13 +107,69 @@ func DeleteOrganization(ctx context.Context, org *org_model.Organization, purge
 	return nil
 }
 
+func updateOrgRepoForVisibilityChanged(ctx context.Context, repo *repo_model.Repository, makePrivate bool) error {
+	// Organization repository need to recalculate access table when visibility is changed.
+	if err := access_model.RecalculateTeamAccesses(ctx, repo, 0); err != nil {
+		return fmt.Errorf("recalculateTeamAccesses: %w", err)
+	}
+
+	if makePrivate {
+		if _, err := db.GetEngine(ctx).Where("repo_id = ?", repo.ID).Cols("is_private").Update(&activities_model.Action{
+			IsPrivate: true,
+		}); err != nil {
+			return err
+		}
+
+		if err := repo_model.ClearRepoStars(ctx, repo.ID); err != nil {
+			return err
+		}
+	}
+
+	// Create/Remove git-daemon-export-ok for git-daemon...
+	if err := repo_service.CheckDaemonExportOK(ctx, repo); err != nil {
+		return err
+	}
+
+	// If visibility is changed, we need to update the issue indexer.
+	// Since the data in the issue indexer have field to indicate if the repo is public or not.
+	// FIXME: it should check organization visibility instead of repository visibility only.
+	issue_indexer.UpdateRepoIndexer(ctx, repo.ID)
+
+	forkRepos, err := repo_model.GetRepositoriesByForkID(ctx, repo.ID)
+	if err != nil {
+		return fmt.Errorf("getRepositoriesByForkID: %w", err)
+	}
+	for i := range forkRepos {
+		if err := updateOrgRepoForVisibilityChanged(ctx, forkRepos[i], makePrivate); err != nil {
+			return fmt.Errorf("updateRepoForVisibilityChanged[%d]: %w", forkRepos[i], err)
+		}
+	}
+	return nil
+}
+
 func ChangeOrganizationVisibility(ctx context.Context, org *org_model.Organization, visibility structs.VisibleType) error {
 	if org.Visibility == visibility {
 		return nil
 	}
 
 	org.Visibility = visibility
+	// FIXME: If it's a big forks network(forks and sub forks), the database transaction will be too long to fail.
 	return db.WithTx(ctx, func(ctx context.Context) error {
-		return user_model.UpdateUserColsWithNoAutotime(ctx, org.AsUser(), "visibility")
+		if err := user_model.UpdateUserColsWithNoAutotime(ctx, org.AsUser(), "visibility"); err != nil {
+			return err
+		}
+
+		repos, _, err := repo_model.GetUserRepositories(ctx, repo_model.SearchRepoOptions{
+			Actor: org.AsUser(), Private: true, ListOptions: db.ListOptionsAll,
+		})
+		if err != nil {
+			return err
+		}
+		for _, repo := range repos {
+			if err := updateOrgRepoForVisibilityChanged(ctx, repo, visibility == structs.VisibleTypePrivate); err != nil {
+				return fmt.Errorf("updateOrgRepoForVisibilityChanged: %w", err)
+			}
+		}
+		return nil
 	})
 }
diff --git a/services/repository/create.go b/services/repository/create.go
index bed02e5d7e..c415a24353 100644
--- a/services/repository/create.go
+++ b/services/repository/create.go
@@ -469,7 +469,7 @@ func cleanupRepository(repoID int64) {
 }
 
 func updateGitRepoAfterCreate(ctx context.Context, repo *repo_model.Repository) error {
-	if err := checkDaemonExportOK(ctx, repo); err != nil {
+	if err := CheckDaemonExportOK(ctx, repo); err != nil {
 		return fmt.Errorf("checkDaemonExportOK: %w", err)
 	}
 
diff --git a/services/repository/repository.go b/services/repository/repository.go
index e574dc6c01..df5462bf5a 100644
--- a/services/repository/repository.go
+++ b/services/repository/repository.go
@@ -142,7 +142,7 @@ func MakeRepoPublic(ctx context.Context, repo *repo_model.Repository) (err error
 		}
 
 		// Create/Remove git-daemon-export-ok for git-daemon...
-		if err := checkDaemonExportOK(ctx, repo); err != nil {
+		if err := CheckDaemonExportOK(ctx, repo); err != nil {
 			return err
 		}
 
@@ -197,7 +197,7 @@ func MakeRepoPrivate(ctx context.Context, repo *repo_model.Repository) (err erro
 		}
 
 		// Create/Remove git-daemon-export-ok for git-daemon...
-		if err := checkDaemonExportOK(ctx, repo); err != nil {
+		if err := CheckDaemonExportOK(ctx, repo); err != nil {
 			return err
 		}
 
@@ -243,8 +243,8 @@ func LinkedRepository(ctx context.Context, a *repo_model.Attachment) (*repo_mode
 	return nil, -1, nil
 }
 
-// checkDaemonExportOK creates/removes git-daemon-export-ok for git-daemon...
-func checkDaemonExportOK(ctx context.Context, repo *repo_model.Repository) error {
+// CheckDaemonExportOK creates/removes git-daemon-export-ok for git-daemon...
+func CheckDaemonExportOK(ctx context.Context, repo *repo_model.Repository) error {
 	if err := repo.LoadOwner(ctx); err != nil {
 		return err
 	}
@@ -314,7 +314,7 @@ func updateRepository(ctx context.Context, repo *repo_model.Repository, visibili
 		}
 
 		// Create/Remove git-daemon-export-ok for git-daemon...
-		if err := checkDaemonExportOK(ctx, repo); err != nil {
+		if err := CheckDaemonExportOK(ctx, repo); err != nil {
 			return err
 		}
 
diff --git a/templates/org/settings/options_dangerzone.tmpl b/templates/org/settings/options_dangerzone.tmpl
index b32c6a2465..396b061fc7 100644
--- a/templates/org/settings/options_dangerzone.tmpl
+++ b/templates/org/settings/options_dangerzone.tmpl
@@ -47,23 +47,23 @@
 		<form class="ui form form-fetch-action" action="{{.Link}}/visibility" method="post">
 			{{.CsrfTokenHtml}}
 
-			<div class="field" id="visibility_box">
-				<label for="visibility">{{ctx.Locale.Tr "org.settings.visibility"}}</label>
+			<div class="field">
+				<label>{{ctx.Locale.Tr "org.settings.visibility"}}</label>
 				<div class="field">
 					<div class="ui radio checkbox">
-						<input class="enable-system-radio" name="visibility" type="radio" value="0" {{if eq .CurrentVisibility 0}}checked{{end}}>
+						<input name="visibility" type="radio" value="0" {{if eq .CurrentVisibility 0}}checked{{end}}>
 						<label>{{ctx.Locale.Tr "org.settings.visibility.public"}}</label>
 					</div>
 				</div>
 				<div class="field">
 					<div class="ui radio checkbox">
-						<input class="enable-system-radio" name="visibility" type="radio" value="1" {{if eq .CurrentVisibility 1}}checked{{end}}>
+						<input name="visibility" type="radio" value="1" {{if eq .CurrentVisibility 1}}checked{{end}}>
 						<label>{{ctx.Locale.Tr "org.settings.visibility.limited"}}</label>
 					</div>
 				</div>
 				<div class="field">
 					<div class="ui radio checkbox">
-						<input class="enable-system-radio" name="visibility" type="radio" value="2" {{if eq .CurrentVisibility 2}}checked{{end}}>
+						<input name="visibility" type="radio" value="2" {{if eq .CurrentVisibility 2}}checked{{end}}>
 						<label>{{ctx.Locale.Tr "org.settings.visibility.private"}}</label>
 					</div>
 				</div>