diff --git a/defaults/main.yml b/defaults/main.yml
index 42f6c479..f5e482a1 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -4,6 +4,8 @@ redis_version: 2.8.24
 redis_install_dir: /opt/redis
 redis_dir: /var/lib/redis/{{ redis_port }}
 redis_download_url: "http://download.redis.io/releases/redis-{{ redis_version }}.tar.gz"
+
+redis_protected_mode: "yes"
 # Set this to true to validate redis tarball checksum against vars/main.yml
 redis_verify_checksum: false
 # Set this value to a local path of a tarball to use for installation instead of downloading
@@ -106,6 +108,7 @@ redis_client_output_buffer_limit_pubsub: 32mb 8mb 60
 ## Redis sentinel configs
 # Set this to true on a host to configure it as a Sentinel
 redis_sentinel: false
+redis_sentinel_protected_mode: "yes"
 redis_sentinel_dir: /var/lib/redis/sentinel_{{ redis_sentinel_port }}
 redis_sentinel_bind: 0.0.0.0
 redis_sentinel_port: 26379
diff --git a/templates/redis.conf.j2 b/templates/redis.conf.j2
index 153b2557..05077c61 100644
--- a/templates/redis.conf.j2
+++ b/templates/redis.conf.j2
@@ -2,6 +2,7 @@
 
 # General
 daemonize {{ redis_daemonize }}
+protected-mode {{ redis_protected_mode }}
 pidfile {{ redis_pidfile }}
 dir {{ redis_dir }}
 port {{ redis_port }}
diff --git a/templates/redis_sentinel.conf.j2 b/templates/redis_sentinel.conf.j2
index 624e5b1f..a4b237b0 100644
--- a/templates/redis_sentinel.conf.j2
+++ b/templates/redis_sentinel.conf.j2
@@ -2,6 +2,7 @@
 # sentinel_{{ redis_sentinel_port }}.conf
 
 daemonize {{ redis_daemonize }}
+protected-mode {{ redis_sentinel_protected_mode }}
 dir {{ redis_sentinel_dir }}
 pidfile {{ redis_sentinel_pidfile }}
 port {{ redis_sentinel_port }}