diff --git a/lolisafe.js b/lolisafe.js
index ed6b824..52d0c4f 100644
--- a/lolisafe.js
+++ b/lolisafe.js
@@ -15,6 +15,10 @@ fs.existsSync('./' + config.uploads.folder + '/thumbs') || fs.mkdirSync('./' + c
 
 safe.set('trust proxy', 1)
 
+let limiter = new rateLimit({ windowMs: 5000, max: 2 })
+safe.use('/api/login/', limiter)
+safe.use('/api/register/', limiter)
+
 safe.use(bodyParser.urlencoded({ extended: true }))
 safe.use(bodyParser.json())
 
@@ -22,10 +26,6 @@ safe.use('/', express.static('./uploads'))
 safe.use('/', express.static('./public'))
 safe.use('/api', api)
 
-let limiter = new rateLimit({ windowMs: 5000, max: 2 })
-safe.use('/api/login/', limiter)
-safe.use('/api/register/', limiter)
-
 safe.get('/', (req, res, next) => res.sendFile('home.html', { root: './pages/' }))
 safe.get('/faq', (req, res, next) => res.sendFile('faq.html', { root: './pages/' }))
 safe.get('/auth', (req, res, next) => res.sendFile('auth.html', { root: './pages/' }))