diff --git a/doc/plugins/limit-conn-cn.md b/doc/plugins/limit-conn-cn.md
index fb0b4d70b4ed..7c3a1f3b6088 100644
--- a/doc/plugins/limit-conn-cn.md
+++ b/doc/plugins/limit-conn-cn.md
@@ -20,12 +20,12 @@
 [English](limit-conn.md)
 # limit-conn
 
-Apisix 的限制并发请求（或并发连接）插件。
+限制并发请求（或并发连接）插件。
 
 ### 属性
 
-* `conn`: 允许的最大并发请求数。 超过这个比率的请求(低于“ conn” + “ burst”)将被延迟以符合这个阈值。
-* `burst`: 允许延迟的过多并发请求(或连接)的数量。
+* `conn`: 允许的最大并发请求数。超过 `conn` 的限制、但是低于 `conn` + `burst` 的请求，将被延迟处理。
+* `burst`: 允许被延迟处理的并发请求数。
 * `default_conn_delay`: 默认的典型连接(或请求)的处理延迟时间。
 * `key`: 用户指定的限制并发级别的关键字，可以是客户端IP或服务端IP。
 
@@ -33,7 +33,8 @@ Apisix 的限制并发请求（或并发连接）插件。
 
     现在接受以下关键字: “remote_addr”(客户端的 IP)，“server_addr”(服务器的 IP)，请求头中的“ X-Forwarded-For/X-Real-IP”。
 
-* `rejected_code`: 当请求超过阈值时返回的 HTTP状态码， 默认值是503。
+    **key 是可以被用户自定义的，只需要修改插件的一行代码即可完成。并没有在插件中放开是处于安全的考虑。**
+* `rejected_code`: 当请求超过 `conn` + `burst` 这个阈值时，返回的 HTTP状态码，默认值是503。
 
 #### 如何启用
 
diff --git a/doc/plugins/limit-conn.md b/doc/plugins/limit-conn.md
index db963f777d31..2814dc09492d 100644
--- a/doc/plugins/limit-conn.md
+++ b/doc/plugins/limit-conn.md
@@ -28,7 +28,7 @@
 
 ## Name
 
-Limiting request concurrency (or concurrent connections) plugin for Apisix.
+Limiting request concurrency plugin.
 
 ## Attributes
 
@@ -38,7 +38,9 @@ Limiting request concurrency (or concurrent connections) plugin for Apisix.
 |burst         |required|is the number of excessive concurrent requests (or connections) allowed to be delayed.|
 |default_conn_delay |required|is the default processing latency of a typical connection (or request).|
 |key           |required|is the user specified key to limit the concurrency level. <br>For example, one can use the host name (or server zone) as the key so that we limit concurrency per host name. Otherwise, we can also use the client address as the key so that we can avoid a single client from flooding our service with too many parallel connections or requests. <br> Now accept those as key: "remote_addr"(client's IP), "server_addr"(server's IP), "X-Forwarded-For/X-Real-IP" in request header.|
-|rejected_code |required| The HTTP status code returned when the request exceeds the threshold is rejected. The default is 503.|
+|rejected_code |required| The HTTP status code returned when the request exceeds `conn` + `burst` will be rejected. The default is 503.|
+
+**Key can be customized by the user, only need to modify a line of code of the plug-in to complete.  It is a security consideration that is not open in the plugin.**
 
 ## How To Enable
 
diff --git a/doc/plugins/limit-count-cn.md b/doc/plugins/limit-count-cn.md
index 6f7425628ef9..ed77b0a3c54b 100644
--- a/doc/plugins/limit-count-cn.md
+++ b/doc/plugins/limit-count-cn.md
@@ -38,6 +38,9 @@
 |redis_password|可选     |当使用 `redis` 限速策略时，该属性是 Redis 服务节点的密码。|
 |redis_timeout |可选     |当使用 `redis` 限速策略时，该属性是 Redis 服务节点以毫秒为单位的超时时间，默认是 1000 ms（1 秒）。|
 
+
+**key 是可以被用户自定义的，只需要修改插件的一行代码即可完成。并没有在插件中放开是处于安全的考虑。**
+
 ### 示例
 
 #### 开启插件
diff --git a/doc/plugins/limit-count.md b/doc/plugins/limit-count.md
index 51fb6de63e58..65ff7735f644 100644
--- a/doc/plugins/limit-count.md
+++ b/doc/plugins/limit-count.md
@@ -45,6 +45,9 @@ Limit request rate by a fixed number of requests in a given time window.
 |redis_password|optional|When using the `redis` policy, this property specifies the password of the Redis server.|
 |redis_timeout |optional|When using the `redis` policy, this property specifies the timeout in milliseconds of any command submitted to the Redis server. The default timeout is 1000 ms(1 second).|
 
+
+**Key can be customized by the user, only need to modify a line of code of the plug-in to complete.  It is a security consideration that is not open in the plugin.**
+
 ## How To Enable
 
 Here's an example, enable the `limit count` plugin on the specified route:
diff --git a/doc/plugins/limit-req-cn.md b/doc/plugins/limit-req-cn.md
index b05148ca736a..e7653e0b9c84 100644
--- a/doc/plugins/limit-req-cn.md
+++ b/doc/plugins/limit-req-cn.md
@@ -30,6 +30,8 @@
 * `rejected_code`：当请求超过阈值被拒绝时，返回的 HTTP 状态码
 * `key`：是用来做请求计数的依据，当前接受的 key 有："remote_addr"(客户端IP地址), "server_addr"(服务端 IP 地址), 请求头中的"X-Forwarded-For" 或 "X-Real-IP"。
 
+**key 是可以被用户自定义的，只需要修改插件的一行代码即可完成。并没有在插件中放开是处于安全的考虑。**
+
 ## 示例
 
 ### 开启插件
diff --git a/doc/plugins/limit-req.md b/doc/plugins/limit-req.md
index f388756189f1..e463f00b313a 100644
--- a/doc/plugins/limit-req.md
+++ b/doc/plugins/limit-req.md
@@ -40,6 +40,8 @@ limit request rate using the "leaky bucket" method.
 |rejected_code |required|The HTTP status code returned when the request exceeds the threshold is rejected. The default is 503.|
 | key          |required|is the user specified key to limit the rate, now accept those as key: "remote_addr"(client's IP), "server_addr"(server's IP), "X-Forwarded-For/X-Real-IP" in request header.|
 
+**Key can be customized by the user, only need to modify a line of code of the plug-in to complete.  It is a security consideration that is not open in the plugin.**
+
 ## How To Enable
 
 Here's an example, enable the limit req plugin on the specified route: