- Data Structure
- Networking
- RDBMS
- Operating System
- Java
- MS Excel
- iOS
- HTML
- CSS
- Android
- Python
- C Programming
- C++
- C#
- MongoDB
- MySQL
- Javascript
- PHP
- Physics
- Chemistry
- Biology
- Mathematics
- English
- Economics
- Psychology
- Social Studies
- Fashion Studies
- Legal Studies
- Selected Reading
- UPSC IAS Exams Notes
- Developer's Best Practices
- Questions and Answers
- Effective Resume Writing
- HR Interview Questions
- Computer Glossary
- Who is Who
How to add extra security to Django admin using fake admin login?
We are going to make a Django admin fake login page using a thirdparty package. This will just create a Django admin fake page, and whenever anyone tries to login on the admin page, whether they enter the right or wrong password, they will not be able to login and their trial with their IP addresses will be stored in a table.
So, just follow the steps given below and you will be all good to go.
Setup basic urls and add app in INSTALLED_APPS in settings.py.
Example
First install the package
pip install django-admin-honeypot
In settings.py, add this −
INSTALLED_APPS+ = ['admin_honeypot']
We simply add it to the installed app which is necessary for settings.
In project's urls.py −
from django.contrib import admin from django.urls import path,include urlpatterns = [ path(r'admin/', include('admin_honeypot.urls', namespace=' admin_honeypot')), path(r'secret/', admin.site.urls), ]
Here, we simply replace the real admin with a fake one and put our admin on another endpoint.
Run these commands −
python manage.py makemigrations python manage.py migrate
Now you are all done, it will create a table which will store all the login attempt in admin with their session ids, the real admin will be on /secrets endpoint.
Output
On http://127.0.0.1/admin/, you will get to see the following output screen
It is fake honeypot admin page, whether you make right or wrong attempt, it is still fake and will save all attempts in a table. If you go tohttp://127.0.0.1/secret/ and login with your admin username and password −
In a table, you will get all the records.