Adding a 'honeypot' to our Django admin

How to add a 'honeypot' to log all unauthorized users that try to access our Django admin page.

What is a 'honeypot'?

A honeypot is a fake admin login screen that is specifically designed for keeping a log of all the unauthorized users that are attempting to login into our Django admin via 'www.website.com/admin'.



Step one:


To install django-admin-honeypot into your application, open up your terminal and type in the following command:


pip install django-admin-honeypot


Step two:


Next, you want to add ‘admin_honeypot’ under your installed apps in settings.py. The position is irrelevant here, so insert it anywhere that you want:


# settings.py

INSTALLED_APPS = [
    'admin_honeypot',
]


Step three:


Add the following lines of code to your urls.py file.


# urls.py

urlpatterns = [

 url('admin/',include('admin_honeypot.urls',  namespace='admin_honeypot')),

 url('secret/', include(admin.site.urls)),
 
]


*In this scenario ‘secret/’ is the URL where your actual Django admin panel exists, not ‘admin/’ anymore.



Final note

There we have it! You have successfully added a honeypot to your Django admin page. So, if anyone attempts to log in to your admin page via 'www.website.com/admin', you will be aware of it.