diff --git a/services/web/app/coffee/infrastructure/RateLimiter.coffee b/services/web/app/coffee/infrastructure/RateLimiter.coffee
index 69050939fd..c749fa7e83 100644
--- a/services/web/app/coffee/infrastructure/RateLimiter.coffee
+++ b/services/web/app/coffee/infrastructure/RateLimiter.coffee
@@ -19,7 +19,6 @@ module.exports = RateLimiter =
 			if err?
 				return callback(err)
 			allowed = timeLeft == 0
-			console.log ">> limit", namespace, k, timeLeft, actionsLeft, ", allowed", allowed
 			callback(null, allowed)
 
 	clearRateLimit: (endpointName, subject, callback) ->
diff --git a/services/web/test/acceptance/coffee/RegistrationTests.coffee b/services/web/test/acceptance/coffee/RegistrationTests.coffee
index 2bf96f86de..20ea0a31b1 100644
--- a/services/web/test/acceptance/coffee/RegistrationTests.coffee
+++ b/services/web/test/acceptance/coffee/RegistrationTests.coffee
@@ -1,9 +1,11 @@
 expect = require("chai").expect
+assert = require("chai").assert
 async = require("async")
 User = require "./helpers/User"
 request = require "./helpers/request"
 settings = require "settings-sharelatex"
 redis = require "./helpers/redis"
+_ = require 'lodash'
 
 
 
@@ -32,6 +34,41 @@ tryLoginThroughRegistrationForm = (user, email, password, callback=(err, respons
 		}, callback
 
 
+describe "LoginRateLimit", ->
+
+	before ->
+		@user = new User()
+		@badEmail = 'bademail@example.com'
+		@badPassword = 'badpassword'
+
+	it 'should rate limit login attempts after 10 within two minutes', (done) ->
+		@user.request.get '/login', (err, res, body) =>
+			async.timesSeries(
+				15
+				, (n, cb) =>
+					@user.getCsrfToken (error) =>
+						return cb(error) if error?
+						@user.request.post {
+							url: "/login"
+							json:
+								email: @badEmail
+								password: @badPassword
+						}, (err, response, body) =>
+							cb(null, body?.message?.text)
+				, (err, results) =>
+					# ten incorrect-credentials messages, then five rate-limit messages
+					expect(results.length).to.equal 15
+					assert.deepEqual(
+						results,
+						_.concat(
+							_.fill([1..10], 'Your email or password is incorrect. Please try again'),
+							_.fill([1..5], 'This account has had too many login requests. Please wait 2 minutes before trying to log in again')
+						)
+					)
+					done()
+			)
+
+
 describe "LoginViaRegistration", ->
 
 	before (done) ->