diff --git a/config/auth.php b/config/auth.php
new file mode 100644
index 000000000..fe87b873e
--- /dev/null
+++ b/config/auth.php
@@ -0,0 +1,39 @@
+<?php
+
+return [
+
+    'throttle' => [
+        /*
+        |--------------------------------------------------------------------------
+        | Enable throttling of Backend authentication attempts
+        |--------------------------------------------------------------------------
+        |
+        | If set to true, users will be given a limited number of attempts to sign
+        | in to the Backend before being blocked for a specified number of minutes.
+        |
+         */
+        'enabled' => true,
+
+        /*
+        |--------------------------------------------------------------------------
+        | Failed Authentication Attempt Limit
+        |--------------------------------------------------------------------------
+        |
+        | Number of failed attemps allowed while trying to authenticate a user.
+        |
+         */
+        'attemptLimit' => 5,
+
+        /*
+        |--------------------------------------------------------------------------
+        | Suspension Time
+        |--------------------------------------------------------------------------
+        |
+        | The number of minutes to suspend further attempts on authentication once
+        | the attempt limit is reached.
+        |
+         */
+        'suspensionTime' => 15,
+    ],
+
+];
diff --git a/modules/backend/classes/AuthManager.php b/modules/backend/classes/AuthManager.php
index 365dd2522..389931686 100644
--- a/modules/backend/classes/AuthManager.php
+++ b/modules/backend/classes/AuthManager.php
@@ -1,5 +1,6 @@
 <?php namespace Backend\Classes;
 
+use Config;
 use System\Classes\PluginManager;
 use October\Rain\Auth\Manager as RainAuthManager;
 use October\Rain\Exception\SystemException;
@@ -56,6 +57,11 @@ class AuthManager extends RainAuthManager
      */
     protected $permissionCache = false;
 
+    protected function init()
+    {
+        $this->useThrottle = Config::get('auth.throttle.enabled', true);
+    }
+
     /**
      * Registers a callback function that defines authentication permissions.
      * The callback function should register permissions by calling the manager's
diff --git a/modules/backend/models/UserThrottle.php b/modules/backend/models/UserThrottle.php
index 70480d813..11d2131e3 100644
--- a/modules/backend/models/UserThrottle.php
+++ b/modules/backend/models/UserThrottle.php
@@ -1,5 +1,6 @@
 <?php namespace Backend\Models;
 
+use Config;
 use October\Rain\Auth\Models\Throttle as ThrottleBase;
 
 /**
@@ -21,4 +22,12 @@ class UserThrottle extends ThrottleBase
     public $belongsTo = [
         'user' => User::class
     ];
+
+    public function __construct()
+    {
+        parent::__construct();
+
+        static::$attemptLimit = Config::get('auth.throttle.attemptLimit', 5);
+        static::$suspensionTime = Config::get('auth.throttle.suspensionTime', 15);
+    }
 }