Add Rack::Attack for rate limiting. The gem allows the common use case of IP-based throttling, but it can also work with Devise users.
The "limit" and "period" options should be configurable through ArchiveConfig.
How to test: Use a tool like siege and hammer the staging site. Expect some speed bumps.