diff --git a/deno.json b/deno.json
index 7e9bf6c4..2ab24847 100644
--- a/deno.json
+++ b/deno.json
@@ -44,6 +44,7 @@
     "entities": "npm:entities@^4.5.0",
     "fast-stable-stringify": "npm:fast-stable-stringify@^1.0.0",
     "formdata-helper": "npm:formdata-helper@^0.3.0",
+    "hono-rate-limiter": "npm:hono-rate-limiter@^0.3.0",
     "iso-639-1": "npm:iso-639-1@2.1.15",
     "isomorphic-dompurify": "npm:isomorphic-dompurify@^2.11.0",
     "kysely": "npm:kysely@^0.27.3",
diff --git a/src/app.ts b/src/app.ts
index 912001ac..7d77c6b3 100644
--- a/src/app.ts
+++ b/src/app.ts
@@ -1,13 +1,15 @@
 import { Context, Env as HonoEnv, Handler, Hono, Input as HonoInput, MiddlewareHandler } from '@hono/hono';
 import { cors } from '@hono/hono/cors';
-import { serveStatic } from '@hono/hono/deno';
+import { getConnInfo, serveStatic } from '@hono/hono/deno';
 import { logger } from '@hono/hono/logger';
 import { NostrEvent, NostrSigner, NStore, NUploader } from '@nostrify/nostrify';
 import Debug from '@soapbox/stickynotes/debug';
+import { rateLimiter } from 'hono-rate-limiter';
 
 import { Conf } from '@/config.ts';
 import { cron } from '@/cron.ts';
 import { startFirehose } from '@/firehose.ts';
+import { Time } from '@/utils/time.ts';
 
 import {
   accountController,
@@ -145,6 +147,16 @@ if (Conf.cronEnabled) {
   cron();
 }
 
+// @ts-ignore Mismatched Hono versions.
+const limiter: MiddlewareHandler = rateLimiter({
+  limit: 300,
+  windowMs: Time.minutes(5),
+  // @ts-ignore Mismatched Hono versions.
+  keyGenerator: (c) => getConnInfo(c).remote.address!,
+});
+
+app.use('*', limiter);
+
 app.use('/api/*', logger(debug));
 app.use('/.well-known/*', logger(debug));
 app.use('/users/*', logger(debug));