Creates a fake WordPress login page for your Django 2+ applications and redirects all login attempts to a 10gb download file.
This will log email addresses bots are trying to use to log in to your /wp-login.php page.
All attempts to log in will result in a 10gb download file. Bots want to be malicious, we can be malicious back ;)
pip install wp-honeypot
- Add
wp_honeypot
to yourINSTALLED_APPS
python manage.py migrate wp_honeypot
- Add the url pattern to your
urls.py
(example below)
from wp_honeypot import urls as wp_honeypot_urls
urlpatterns = [
# ...
url(r"", include(wp_honeypot_urls)),
]
- Breaks with Django ManifestStaticFilesStorage
- Add support for custom file download url
- Log bot headers
- Create function to compile a list of bot headers to submit to third party services, nginx lists, apache lists, etc.
- Add emailing. Email site admins.