diff --git a/frontend-modern/src/components/Login.tsx b/frontend-modern/src/components/Login.tsx
index 4a5def36b..533e6ecf7 100644
--- a/frontend-modern/src/components/Login.tsx
+++ b/frontend-modern/src/components/Login.tsx
@@ -34,6 +34,10 @@ export const Login: Component<LoginProps> = (props) => {
         const data = await response.json();
         console.log('[Login] Auth status data:', data);
         setAuthStatus(data);
+      } else if (response.status === 429) {
+        // Rate limited - wait a bit and assume auth is configured
+        console.log('[Login] Rate limited, assuming auth is configured');
+        setAuthStatus({ hasAuthentication: true });
       } else {
         console.log('[Login] Auth check failed, assuming no auth');
         // On error, assume no auth configured
diff --git a/internal/api/router.go b/internal/api/router.go
index e74845d77..8e75ec031 100644
--- a/internal/api/router.go
+++ b/internal/api/router.go
@@ -763,8 +763,8 @@ func (r *Router) ServeHTTP(w http.ResponseWriter, req *http.Request) {
 				}
 			}
 			
-			// Apply stricter rate limiting for auth endpoints
-			if strings.Contains(req.URL.Path, "/api/security/") || req.URL.Path == "/api/login" {
+			// Apply stricter rate limiting for auth endpoints (but not status checks)
+			if (strings.Contains(req.URL.Path, "/api/security/") && req.URL.Path != "/api/security/status") || req.URL.Path == "/api/login" {
 				clientIP := GetClientIP(req)
 				// Use auth limiter for security endpoints (10 per minute)
 				if !authLimiter.Allow(clientIP) {