Change the URL

Every framework has a fingerprint and Django is no exception. A skilled developer, an attacker or even a tech savvy user can identify a Django site by looking at things like cookies and auth URLs.

Once a site is identified as a Django site, an attacker will most likely try /admin.

To make it harder to gain access we can change the “recommended” URL to something harder to guess.

In the base url.py of the app, register the admin site under a different url:

urlpatterns += i18n_patterns(

url(r’^super-secret/’, admin.site.urls, name=’admin’),

)

Change “super-secret” to something you and your team can remember and you are done! This is definitely not the only precaution you should take, but it is a good start.