diff --git a/InvenTree/InvenTree/settings.py b/InvenTree/InvenTree/settings.py
index ff322ac10d..5269427df0 100644
--- a/InvenTree/InvenTree/settings.py
+++ b/InvenTree/InvenTree/settings.py
@@ -1130,12 +1130,32 @@ SOCIALACCOUNT_OPENID_CONNECT_URL_PREFIX = ''
 ACCOUNT_EMAIL_CONFIRMATION_EXPIRE_DAYS = get_setting(
     'INVENTREE_LOGIN_CONFIRM_DAYS', 'login_confirm_days', 3, typecast=int
 )
-ACCOUNT_LOGIN_ATTEMPTS_LIMIT = get_setting(
-    'INVENTREE_LOGIN_ATTEMPTS', 'login_attempts', 5, typecast=int
-)
+
+# allauth rate limiting: https://docs.allauth.org/en/latest/account/rate_limits.html
+# The default login rate limit is "5/m/user,5/m/ip,5/m/key"
+login_attempts = get_setting('INVENTREE_LOGIN_ATTEMPTS', 'login_attempts', 5)
+
+try:
+    login_attempts = int(login_attempts)
+    login_attempts = f'{login_attempts}/m/ip,{login_attempts}/m/key'
+except ValueError:
+    pass
+
+ACCOUNT_RATE_LIMITS = {'login_failed': login_attempts}
+
+# Default protocol for login
 ACCOUNT_DEFAULT_HTTP_PROTOCOL = get_setting(
-    'INVENTREE_LOGIN_DEFAULT_HTTP_PROTOCOL', 'login_default_protocol', 'http'
+    'INVENTREE_LOGIN_DEFAULT_HTTP_PROTOCOL', 'login_default_protocol', None
 )
+
+if ACCOUNT_DEFAULT_HTTP_PROTOCOL is None:
+    if SITE_URL and SITE_URL.startswith('https://'):
+        # auto-detect HTTPS prtoocol
+        ACCOUNT_DEFAULT_HTTP_PROTOCOL = 'https'
+    else:
+        # default to http
+        ACCOUNT_DEFAULT_HTTP_PROTOCOL = 'http'
+
 ACCOUNT_LOGOUT_ON_PASSWORD_CHANGE = True
 ACCOUNT_PREVENT_ENUMERATION = True
 ACCOUNT_EMAIL_SUBJECT_PREFIX = EMAIL_SUBJECT_PREFIX
diff --git a/docs/docs/start/config.md b/docs/docs/start/config.md
index 84453714ee..cb851457a2 100644
--- a/docs/docs/start/config.md
+++ b/docs/docs/start/config.md
@@ -292,7 +292,10 @@ The login-experience can be altered with the following settings:
 | --- | --- | --- | --- |
 | INVENTREE_LOGIN_CONFIRM_DAYS | login_confirm_days | Duration for which confirmation links are valid | 3 |
 | INVENTREE_LOGIN_ATTEMPTS | login_attempts | Count of allowed login attempts before blocking user | 5 |
-| INVENTREE_LOGIN_DEFAULT_HTTP_PROTOCOL | login_default_protocol | Default protocol to use for login callbacks (e.g. using [SSO](#single-sign-on)) | http |
+| INVENTREE_LOGIN_DEFAULT_HTTP_PROTOCOL | login_default_protocol | Default protocol to use for login callbacks (e.g. using [SSO](#single-sign-on)) | Uses the protocol specified in `INVENTREE_SITE_URL`, or defaults to *http* |
+
+!!! tip "Default Protocol"
+    If you have specified `INVENTREE_SITE_URL`, the default protocol will be used from that setting. Otherwise, the default protocol will be *http*.
 
 ### Authentication Backends