We can protect most "vulnerable" parts of the store already with a rate limiter. This includes the contact form or login & password reset pages for both the frontend and the Admin.

However, there are "vulnerable" parts for the cart (and potentially other parts) as well. A shop owner monitored that presumably a bot rapidly added products to a cart over and over again over hours, placing high load on the database due to the spam collecting in the cart table.

Since we already have a rate limiter in the code, it would be nice and possibly fairly simple to include other areas of the store to optionally apply the rate limiter here as well.