Django Admin

Be sure your site is only accessible via https. Check out this article if it's not already.

When creating a Django project, one can run the follwoing code to include an admin site to manage content and more.

django-admin startproject

Django will automatically configure your settings.py file to have django.contrib.admin in your INSTALLED_APPS section.

Then in the default urls.py file that is created, a path to the admin site will be configured.

from django.contrib import admin
from django.urls import path

urlpatterns = [
    path('admin/', admin.site.urls),
]

Hardening the admin site

Some low hanging fruit that will quickly make your Django app more secure from probing bots is to change the default url of the admin site. Attackers understand that when a Django admin site is created the defualt url is .../admin. Honestly anything but the default will make it that much harder for an attacker to be one step closer to getting access.

To me this is the fun part, you can change it to whatever you want if there is not a set convention for this already.

For instance if you wanted to change it to "cactus" you could change the default like so:

from django.contrib import admin
from django.urls import path

urlpatterns = [
    path('cactus/', admin.site.urls),
]

Happy Django-ing.

Django's Guide to the Galaxy | DJ CHeckup | Harden Admin

Django Admin

Hardening the admin site