diff --git a/src/controllers/helpers.js b/src/controllers/helpers.js
index 517035f0f8..5cd77f4487 100644
--- a/src/controllers/helpers.js
+++ b/src/controllers/helpers.js
@@ -461,6 +461,11 @@ helpers.generateError = (statusCode, message) => {
 			payload.status.message = message || 'HTTPS is required for requests to the write api, please re-send your request via HTTPS';
 			break;
 
+		case 429:
+			payload.status.code = 'too-many-requests';
+			payload.status.message = message || 'You have made too many requests, please try again later';
+			break;
+
 		case 500:
 			payload.status.code = 'internal-server-error';
 			payload.status.message = message || payload.status.message;
diff --git a/src/controllers/write/utilities.js b/src/controllers/write/utilities.js
index fe6dbf78a3..35a7b74275 100644
--- a/src/controllers/write/utilities.js
+++ b/src/controllers/write/utilities.js
@@ -27,7 +27,16 @@ Utilities.login = (req, res) => {
 
 		const userslug = slugify(username);
 		const uid = await user.getUidByUserslug(userslug);
-		const ok = await user.isPasswordCorrect(uid, password, req.ip);
+		let ok = false;
+		try {
+			ok = await user.isPasswordCorrect(uid, password, req.ip);
+		} catch (err) {
+			if (err.message === '[[error:account-locked]]') {
+				helpers.formatApiResponse(429, res, err);
+			} else {
+				helpers.formatApiResponse(500, res, err);
+			}
+		}
 
 		if (ok) {
 			const userData = await user.getUsers([uid], uid);