diff --git a/Gemfile b/Gemfile
index 1265083b19..da9d9035cd 100644
--- a/Gemfile
+++ b/Gemfile
@@ -31,6 +31,9 @@ gem "reverse_markdown", "~> 2.0"
 # Force older sprockets
 gem "sprockets", "~> 3.0"
 
+# Allow throttling requests
+gem "rack-attack", "~> 6.5"
+
 group :development, :test do
   # Call 'byebug' anywhere in the code to stop execution and get a debugger console
   gem "byebug", platforms: [:mri, :mingw, :x64_mingw]
diff --git a/config/initializers/rack_attack.rb b/config/initializers/rack_attack.rb
new file mode 100644
index 0000000000..24b29fffb1
--- /dev/null
+++ b/config/initializers/rack_attack.rb
@@ -0,0 +1,13 @@
+# Throttle login attempts
+Rack::Attack.throttle("logins/ip", limit: 20, period: 1.hour) do |req|
+  req.ip if req.post? && req.path.start_with?("/users/sign_in")
+end
+
+# Throttle password reset attempts
+Rack::Attack.throttle("password-reset-requests/ip", limit: 20, period: 1.hour) do |req|
+  req.ip if req.post? && req.path.start_with?("/users/password")
+end
+
+ActiveSupport::Notifications.subscribe("rack.attack") do |name, start, finish, request_id, req|
+  Rails.logger.info "Throttled #{req.env["rack.attack.match_discriminator"]}"
+end