diff --git a/htdocs/admin/system/security.php b/htdocs/admin/system/security.php
index 5b3b8c9f280..b7074c51095 100644
--- a/htdocs/admin/system/security.php
+++ b/htdocs/admin/system/security.php
@@ -563,6 +563,21 @@ print '<br>';
 print '<br>';
 
 
+print load_fiche_titre($langs->trans("LimitsAndMitigation"), '', 'folder');
+
+print '<span class="opacitymedium">';
+print 'For a higher security, we also recommend to implement limits and mitigation on number of endpoints per minutes for the following URL'."<br>";
+print '</span>';
+
+print '<br>';
+print 'Login process -> This can be done using a fail2ban rule (see example into dev/setup)'."<br>";
+print DOL_URL_ROOT.'/passwordforgotten.php (see example into dev/setup)'."<br>";
+print DOL_URL_ROOT.'/public/* (see example into dev/setup)'."<br>";
+
+
+
+
+
 // End of page
 llxFooter();
 $db->close();
diff --git a/htdocs/core/tpl/login.tpl.php b/htdocs/core/tpl/login.tpl.php
index f179ea9ed36..b7e6fd15dcb 100644
--- a/htdocs/core/tpl/login.tpl.php
+++ b/htdocs/core/tpl/login.tpl.php
@@ -137,9 +137,11 @@ $(document).ready(function () {
 <div class="login_vertical_align">
 
 <form id="login" name="login" method="post" action="<?php echo $php_self; ?>">
+
 <input type="hidden" name="token" value="<?php echo newToken(); ?>" />
 <input type="hidden" name="actionlogin" value="login">
 <input type="hidden" name="loginfunction" value="loginfunction" />
+<input type="hidden" name="backtopage" value="<?php echo GETPOST('backtopage'); ?>" />
 <!-- Add fields to store and send local user information. This fields are filled by the core/js/dst.js -->
 <input type="hidden" name="tz" id="tz" value="" />
 <input type="hidden" name="tz_string" id="tz_string" value="" />