Hi everyone!
I’ve been working on a reusable Django app called HoneyGuard that adds honeypot protection to your Django project. It creates fake admin login pages to catch attackers while you move your real admin to a hidden URL.
Key Features:
- Fake login pages for Django Admin and WordPress
- Behavioral detection (timing anomalies, hidden fields)
- Comprehensive logging with risk scores
- Email alerts and Django signals for custom integration
- Simple setup with sensible defaults
Installation:
pip install django-honeyguard
Add to INSTALLED_APPS, include the URLs, and you’re done!
Use Case:
If you’re tired of bots hammering your /admin/ page, HoneyGuard lets you move your real admin to something like /secret-admin/ while the honeypot at /admin/ catches all the automated attacks. You get detailed logs and can integrate custom handlers via Django signals.
Links:
- PyPI: django-honeyguard · PyPI
- GitHub: GitHub - Alihtt/django-honeyguard: A lightweight Django app that adds honeypot protection, activity tracking, and suspicious request detection — keep your admin and endpoints safe.
- Docs: https://django-honeyguard.readthedocs.io
I’d love feedback from the community! What other security features would be useful to have in a package like this?
Cheers!