django-admin-honeypot: A fake Django admin login screen page


django-admin-honeypot is a fake Django admin login screen to log and notify admins of attempted unauthorized access. This app was inspired by a discussion in and around Paul McMillan’s security talk at DjangoCon 2011.


pip install django-admin-honeypot


Basic setup

Add admin_honeypot to INSTALLED_APPS in


The honeypot signal

Every time a login attempt occurs, the admin_honeypot.signals.honeypot() signal is fired off. You can set up listeners to this in order to send out any custom notifications or logging.

A default listener, admin_honeypot.listeners.notify_admins(), will send an email to all site administrators (ADMINS in your site settings) with the details. This can be disabled by setting ADMIN_HONEYPOT_EMAIL_ADMINS to false in your site settings.

Customizing the login template

The template rendered on the honeypot is admin_honeypot/login.html. By default, this template simply extends admin/login.html, but you may want to change it if, e.g., you’ve customized the Django admin and want to display the stock admin login form.

Run python migrate

Copyright (c) Derek Payton <>