diff --git a/app/controllers/session_controller.rb b/app/controllers/session_controller.rb
index 5fa6b7851..e44cf9eef 100644
--- a/app/controllers/session_controller.rb
+++ b/app/controllers/session_controller.rb
@@ -51,6 +51,9 @@ class SessionController < ApplicationController
       return
     end
 
+    RateLimiter.new(nil, "login-hr-#{request.remote_ip}", 30, 1.hour).performed!
+    RateLimiter.new(nil, "login-min-#{request.remote_ip}", 6, 1.minute).performed!
+
     params.require(:login)
     params.require(:password)