We made it so we can catch bad guys that try to access our Admin site, but not how about we make so that all of our site form able to catch the bad guy? Sound like a cool proposal right.
Usually, attacker will use a bot to try and crack our web app. One solution is to also include a honeypot everywhere there is a form. This will not deter all of the bot but adding that extra layer of security will not hurt right. Honestly, so far we made it so that we have incremental security measure in place.
I think this is where I should say that, in security terms, there is nothing that is truly secure but we need to just slowdown the attack as much as we can to the point it doesn't make any sense for the attacker to continue.
pipenv install django-honeypot pipenv lock -r > requirements.txt
INSTALLED_APPS = [ #... # django-honeypot 'honeypot', #... ]
if you want to activate the honeypot web app wide, the easiest way was to use a middleware provided by django-honeypot
MIDDLEWARE = [ #... # Django-honeypot # https://pypi.org/project/django-honeypot/ 'honeypot.middleware.HoneypotMiddleware', #... ]
lastly add this variable to your settings.py file
# Django-honeypot # https://pypi.org/project/django-honeypot/ HONEYPOT_FIELD_NAME = "secret_key"
As of right now I feel that we made our web app a bit safer. I'm not gonna say that our code is safe from any bot attack but at least the normal to medium type bot.