diff --git a/src/collections/Recorders/Recorders.ts b/src/collections/Recorders/Recorders.ts
index 9f00221..88911b6 100644
--- a/src/collections/Recorders/Recorders.ts
+++ b/src/collections/Recorders/Recorders.ts
@@ -65,7 +65,11 @@ export const Recorders = buildCollectionConfig({
       ],
     },
   },
-  auth: { tokenExpiration: 24 * 60 * 60 },
+  auth: {
+    tokenExpiration: 24 * 60 * 60, // 1 day
+    maxLoginAttempts: 5,
+    lockTime: 900_000, // 15 minutes
+  },
   access: {
     unlock: mustBeAdminForCollections,
     update: mustBeAdminOrSelf,
diff --git a/src/payload.config.ts b/src/payload.config.ts
index 09fa68d..53c6526 100644
--- a/src/payload.config.ts
+++ b/src/payload.config.ts
@@ -4,6 +4,7 @@ import { cloudStorage } from "@payloadcms/plugin-cloud-storage";
 import path from "path";
 import { buildConfig } from "payload/config";
 import { sftpAdapter } from "payloadcms-sftp-storage";
+import { mustBeAdmin } from "./accesses/collections/mustBeAdmin";
 import { Audios } from "./collections/Audios/Audios";
 import { ChronologyEvents } from "./collections/ChronologyEvents/ChronologyEvents";
 import { Collectibles } from "./collections/Collectibles/Collectibles";
@@ -87,6 +88,11 @@ export default buildConfig({
   graphQL: {
     disable: true,
   },
+  rateLimit: {
+    window: 900_000, // 15 minutes
+    max: 500,
+    skip: (req) => !!mustBeAdmin({ req }),
+  },
   plugins: [
     cloudStorage({
       collections: {