diff --git a/ui/Dockerfile b/ui/Dockerfile
index 550e944..7219923 100644
--- a/ui/Dockerfile
+++ b/ui/Dockerfile
@@ -1,9 +1,8 @@
 FROM alpine
 
-COPY ui/dependencies.sh /tmp
-RUN chmod +x /tmp/dependencies.sh && \
-    /tmp/dependencies.sh && \
-    rm -f /tmp/dependencies.sh
+RUN apk add py3-pip bash
+COPY ui/requirements.txt /tmp
+RUN pip3 install -r /tmp/requirements.txt
 
 COPY gen/ /opt/bunkerized-nginx/gen
 COPY confs/site/ /opt/bunkerized-nginx/confs/site
diff --git a/ui/dependencies.sh b/ui/dependencies.sh
deleted file mode 100644
index 6588f63..0000000
--- a/ui/dependencies.sh
+++ /dev/null
@@ -1,4 +0,0 @@
-#!/bin/sh
-
-apk add py3-pip bash
-pip3 install docker flask flask-login requests gunicorn
diff --git a/ui/entrypoint.py b/ui/entrypoint.py
index 65413b6..203814f 100644
--- a/ui/entrypoint.py
+++ b/ui/entrypoint.py
@@ -2,6 +2,7 @@
 
 from flask import Flask, render_template, current_app, request, redirect
 from flask_login import LoginManager, login_required, login_user, logout_user
+from flask_wtf.csrf import CSRFProtect, CSRFError
 
 from src.Instances import Instances
 from src.User import User
@@ -33,11 +34,17 @@ login_manager.init_app(app)
 login_manager.login_view = "login"
 user = User(vars["ADMIN_USERNAME"], vars["ADMIN_PASSWORD"])
 app.config["USER"] = user
-
 @login_manager.user_loader
 def load_user(user_id):
     return User(user_id, vars["ADMIN_PASSWORD"])
 
+# CSRF protection
+csrf = CSRFProtect()
+csrf.init_app(app)
+@app.errorhandler(CSRFError)
+def handle_csrf_error(e):
+    return render_template("error.html", title="Error", error="Wrong CSRF token !"), 401
+
 @app.route('/login', methods=["GET", "POST"])
 def login() :
 	fail = False
diff --git a/ui/requirements.txt b/ui/requirements.txt
index 7a71572..c3df929 100644
--- a/ui/requirements.txt
+++ b/ui/requirements.txt
@@ -3,4 +3,5 @@ requests
 docker
 flask-login
 bcrypt
-gunicorn
\ No newline at end of file
+gunicorn
+Flask-WTF
\ No newline at end of file
diff --git a/ui/templates/error.html b/ui/templates/error.html
index a4247c8..e5927c4 100644
--- a/ui/templates/error.html
+++ b/ui/templates/error.html
@@ -2,13 +2,9 @@
 
 {% block content %}
 
-<div class="row justify-content-center">
-	<div class="col col-12 col-md-6 text-center">
-		<div class="alert alert-danger">
-			Something went wrong...<br />
-			{{ error }}
-		</div>
+	<div class="alert alert-danger text-center">
+		Something went wrong...<br /><br />
+		{{ error }}
 	</div>
-</div>
 
 {% endblock %}
diff --git a/ui/templates/instances.html b/ui/templates/instances.html
index 494c793..aa11bbc 100644
--- a/ui/templates/instances.html
+++ b/ui/templates/instances.html
@@ -25,6 +25,7 @@
 
 	<div class="col col-12 col-lg-6">
 		<form id="form-instance-{{ instance["id"] }}">
+			<input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
 			<input type="hidden" name="INSTANCE_ID" value="{{ instance["id"] }}">
 		</form>
 		<div class="card border-{{ color }} mb-3" style="max-width: 80rem;">
diff --git a/ui/templates/login.html b/ui/templates/login.html
index 96ba982..3f637f4 100644
--- a/ui/templates/login.html
+++ b/ui/templates/login.html
@@ -9,7 +9,13 @@
 		<img src="img/logo.png" class="mb-4" style="max-width: 200px;">
 	</div>
 	<h1 class="h3 mb-3 fw-normal">Authentication required</h1>
+	{% if fail %}
+	<div class="alert alert-danger fade show text-break" role="alert">
+		Wrong username and/or password...
+	</div>
+	{% endif %}
 	<form action="login" method="POST">
+		<input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
 		<div class="form-floating">
 			<input type="text" id="username" class="form-control" name="username" placeholder="user">
 			<label for="username">Username</label>
@@ -22,5 +28,4 @@
 	</form>
 </div>
 
-
-{% endblock %}
+{% endblock %}
\ No newline at end of file
diff --git a/ui/templates/services-delete.html b/ui/templates/services-delete.html
index 35f01b1..06e9483 100644
--- a/ui/templates/services-delete.html
+++ b/ui/templates/services-delete.html
@@ -8,6 +8,7 @@
 			<div class="modal-body">
 				Are you sure you want to delete the configuration of {{ service["SERVER_NAME"] }} ?
 				<form id="form-delete-{{ id_server_name }}">
+					<input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
 					<input type="hidden" value="{{ service["SERVER_NAME"] }}" name="SERVER_NAME">
 				</form>
 			</div>
diff --git a/ui/templates/services-edit.html b/ui/templates/services-edit.html
index bef7aaa..cad24bd 100644
--- a/ui/templates/services-edit.html
+++ b/ui/templates/services-edit.html
@@ -17,6 +17,7 @@
 {% endfor %}
 				</ul>
 				<form id="form-edit-{{ id_server_name }}">
+					<input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
 					<input type="hidden" value="{{ service["SERVER_NAME"] }}" name="OLD_SERVER_NAME">
 					<div class="tab-content" id="edit-content-{{ id_server_name }}">
 {% set check = {"class": "show active"} %}
diff --git a/ui/templates/services-new.html b/ui/templates/services-new.html
index c5285d7..3281462 100644
--- a/ui/templates/services-new.html
+++ b/ui/templates/services-new.html
@@ -17,6 +17,7 @@
 {% endfor %}
 				</ul>
 				<form id="form-new">
+					<input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
 					<div class="tab-content" id="new-content">
 {% set check = {"class": "show active"} %}
 {% for k, v in config["CONFIG"].get_settings().items() %}