What is a 'honeypot'?
A honeypot is a fake admin login screen that is specifically designed for keeping a log of all the unauthorized users that are attempting to login into our Django admin via 'www.website.com/admin'.
Step 1:
To install django-admin-honeypot into your application, open up your terminal and type in the following command:
pip install django-admin-honeypot
Step 2:
Next, you want to add ‘admin_honeypot’ under your installed apps in settings.py. The position is irrelevant here, so insert it anywhere that you want:
# settings.py
INSTALLED_APPS = [
'admin_honeypot',
]
Step 3:
Add the following lines of code to your urls.py file.
# urls.py
urlpatterns = [
url('admin/',include('admin_honeypot.urls', namespace='admin_honeypot')),
url('secret/', include(admin.site.urls)),
]
*In this scenario ‘secret/’ is the URL where your actual Django admin panel exists, not ‘admin/’ anymore.
Done!
There we have it! You have successfully added a honeypot to your Django admin page. So, if anyone attempts to log in to your admin page via 'www.website.com/admin', you will be aware of it.
A final note…
For those that are interested in learning Django from scratch, feel free to check out my latest course:
Top comments (2)
Not availible in django 4 ?
Hi,
You will have to check and test it. The version of Python will play more of an impact.
If you see after that it doesn't work then it's possible that the developers of the package haven't updated it yet for later versions.