diff --git a/admin_manual/configuration_server/config_sample_php_parameters.rst b/admin_manual/configuration_server/config_sample_php_parameters.rst
index 8d73db1ea..4edc56895 100644
--- a/admin_manual/configuration_server/config_sample_php_parameters.rst
+++ b/admin_manual/configuration_server/config_sample_php_parameters.rst
@@ -687,6 +687,22 @@ and should only be done for debugging and on CI when running tests.
 
 Defaults to ``false``
 
+auth.bruteforce.max-attempts
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+
+::
+
+	'auth.bruteforce.max-attempts' => 10,
+
+Brute force protection: maximum number of attempts before blocking
+
+When more than max-attempts login requests are sent to Nextcloud, requests
+will abort with "429 Too Many Requests".
+For security reasons, change it only if you know what you are doing.
+
+Defaults to ``10``
+
 ratelimit.protection.enabled
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^