How to add extra security to Django admin using fake admin login?
We are going to make a Django admin fake login page using a thirdparty package. This will just create a Django admin fake page, and whenever anyone tries to login on the admin page, whether they enter the right or wrong password, they will not be able to login and their trial with their IP addresses will be stored in a table.
So, just follow the steps given below and you will be all good to go.
Setup basic urls and add app in INSTALLED_APPS in settings.py.
Example
First install the package
pip install django-admin-honeypot
In settings.py, add this −
INSTALLED_APPS+ = ['admin_honeypot']
We simply add it to the installed app which is necessary for settings.
In project's urls.py −
from django.contrib import admin
from django.urls import path,include
urlpatterns = [
path(r'admin/', include('admin_honeypot.urls', namespace='
admin_honeypot')),
path(r'secret/', admin.site.urls),
]Here, we simply replace the real admin with a fake one and put our admin on another endpoint.
Run these commands −
python manage.py makemigrations
python manage.py migrate
Now you are all done, it will create a table which will store all the login attempt in admin with their session ids, the real admin will be on /secrets endpoint.
Output
On http://127.0.0.1/admin/, you will get to see the following output screen
It is fake honeypot admin page, whether you make right or wrong attempt, it is still fake and will save all attempts in a table. If you go tohttp://127.0.0.1/secret/ and login with your admin username and password −
In a table, you will get all the records.
Published on 25-Aug-2021 12:28:26
Data Structure
Networking
RDBMS
Operating System
Java
iOS
HTML
CSS
Android
Python
C Programming
C++
C#
MongoDB
MySQL
Javascript
PHP