diff --git a/nginx/development b/nginx/development
index 05b27c2b13..fbb25c1b2d 100644
--- a/nginx/development
+++ b/nginx/development
@@ -7,6 +7,15 @@ upstream web {
 server {
     listen 80;
 
+    location ~ ^/(login|password-reset|resend-link) {
+        limit_req zone=loginlimit;
+
+        proxy_pass http://web;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header Host $host;
+        proxy_redirect off;
+    }
+
     location / {
         proxy_pass http://web;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
diff --git a/nginx/production b/nginx/production
index 3d9cfa5ae1..3a3aeb7dd4 100644
--- a/nginx/production
+++ b/nginx/production
@@ -41,6 +41,15 @@ server {
 #         root /var/www/certbot;
 #     }
 #
+#     location ~ ^/(login|password-reset|resend-link) {
+#         limit_req zone=loginlimit;
+#
+#         proxy_pass http://web;
+#         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+#         proxy_set_header Host $host;
+#         proxy_redirect off;
+#     }
+#
 #     location / {
 #         proxy_pass http://web;
 #         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
diff --git a/nginx/server_config b/nginx/server_config
index c9aad8e4a2..385f747ecb 100644
--- a/nginx/server_config
+++ b/nginx/server_config
@@ -1 +1,2 @@
 client_max_body_size 10m;
+limit_req_zone $binary_remote_addr zone=loginlimit:10m rate=1r/s;