diff --git a/Gemfile b/Gemfile
index 521d6fa..9451ff4 100644
--- a/Gemfile
+++ b/Gemfile
@@ -92,6 +92,9 @@ gem 'omniauth', '~> 1.8'
 # Official OmniAuth strategy for GitHub.
 gem 'omniauth-github', '~> 1.3'
 
+# A rack middleware for throttling and blocking abusive requests.
+gem 'rack-attack', '~> 5.4'
+
 group :development, :test do
   # factory_bot provides a framework and DSL for defining and using factories.
   gem 'factory_bot_rails', '~> 4.10'
diff --git a/Gemfile.lock b/Gemfile.lock
index cb5a8aa..aa432c5 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -237,6 +237,8 @@ GEM
     pundit (2.0.0)
       activesupport (>= 3.0.0)
     rack (2.0.6)
+    rack-attack (5.4.2)
+      rack (>= 1.0, < 3)
     rack-test (1.1.0)
       rack (>= 1.0, < 3)
     rails (5.2.2)
@@ -421,6 +423,7 @@ DEPENDENCIES
   pry-rails (~> 0.3)
   puma (~> 3.11)
   pundit (~> 2.0)
+  rack-attack (~> 5.4)
   rails (~> 5.2.1)
   rails-erd (~> 1.5)
   rails-i18n (~> 5.1)
diff --git a/config/application.rb b/config/application.rb
index 11f9d30..b2caff1 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -37,11 +37,6 @@ module Partynest
     # Fully qualified domain name.
     config.site_domain = 'libertarian-party.com'
 
-    # Settings in config/environments/* take precedence over those specified
-    # here. Application configuration can go into files in config/initializers
-    # -- all .rb files in that directory are automatically loaded after loading
-    # the framework and any gems in your application.
-
     # Don't generate system test files.
     config.generators.system_tests = nil
 
diff --git a/config/environments/production.rb b/config/environments/production.rb
index 80ba7fc..e656a6c 100644
--- a/config/environments/production.rb
+++ b/config/environments/production.rb
@@ -102,4 +102,7 @@ Rails.application.configure do
 
   # Do not dump schema after migrations.
   config.active_record.dump_schema_after_migration = false
+
+  # Middleware.
+  config.middleware.use Rack::Attack
 end
diff --git a/config/initializers/rack_attack.rb b/config/initializers/rack_attack.rb
new file mode 100644
index 0000000..fa943c7
--- /dev/null
+++ b/config/initializers/rack_attack.rb
@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+# Be sure to restart your server when you modify this file.
+
+Rack::Attack.throttle 'requests by IP', limit: 10, period: 1, &:ip