How to add a 'honeypot' to log all unauthorized users that try to access our Django admin page.
What is a 'honeypot'?
A honeypot is a fake admin login screen that is specifically designed for keeping a log of all the unauthorized users that are attempting to login into our Django admin via 'www.website.com/admin'.
To install django-admin-honeypot into your application, open up your terminal and type in the following command:
pip install django-admin-honeypot
Next, you want to add ‘admin_honeypot’ under your installed apps in settings.py. The position is irrelevant here, so insert it anywhere that you want:
# settings.py INSTALLED_APPS = [ 'admin_honeypot', ]
Add the following lines of code to your urls.py file.
# urls.py urlpatterns = [ url('admin/',include('admin_honeypot.urls', namespace='admin_honeypot')), url('secret/', include(admin.site.urls)), ]
*In this scenario ‘secret/’ is the URL where your actual Django admin panel exists, not ‘admin/’ anymore.
There we have it! You have successfully added a honeypot to your Django admin page. So, if anyone attempts to log in to your admin page via 'www.website.com/admin', you will be aware of it.