diff --git a/app/controllers/invites_controller.rb b/app/controllers/invites_controller.rb
index 1a86eb63af6..cd1a25ab1b2 100644
--- a/app/controllers/invites_controller.rb
+++ b/app/controllers/invites_controller.rb
@@ -17,6 +17,8 @@ class InvitesController < ApplicationController
   def show
     expires_now
 
+    RateLimiter.new(nil, "invites-show-#{request.remote_ip}", 100, 1.minute).performed!
+
     invite = Invite.find_by(invite_key: params[:id])
     if invite.present? && invite.redeemable?
       email = Email.obfuscate(invite.email)
@@ -63,6 +65,9 @@ class InvitesController < ApplicationController
 
       render layout: 'no_ember'
     end
+  rescue RateLimiter::LimitExceeded => e
+    flash.now[:error] = e.description
+    render layout: 'no_ember'
   end
 
   def create
diff --git a/app/models/invite.rb b/app/models/invite.rb
index 76181639c9d..04ce1309e71 100644
--- a/app/models/invite.rb
+++ b/app/models/invite.rb
@@ -35,7 +35,7 @@ class Invite < ActiveRecord::Base
   validate :user_doesnt_already_exist
 
   before_create do
-    self.invite_key ||= SecureRandom.hex
+    self.invite_key ||= SecureRandom.base58(10)
     self.expires_at ||= SiteSetting.invite_expiry_days.days.from_now
   end