Track failed login attempts in Django

User avatar
posted in Django
• 1 month, 4 weeks ago
Track failed login attempts in Django

Does your django-site records 'failed access attempts" 🤷

if no, then this blog is for you and your django site..

In this blog, we will see a "django package" that will track the "failed access attempts" for site.

Let's start! 🚀

📦 Package - "django-axes"

What is "django-axes" 🤷

Axes is a Django package to track suspicious login attempts for your Django based website and implementing brute-force attack blocking.

Requirements 🙇

Python - v3.6 and above

Installation ⚙️

pip install django-axes


Add axes to your installed apps in settings.py

INSTALLED_APPS = [
    'django.contrib.admin',
    'django.contrib.auth',
    'django.contrib.contenttypes',
    'django.contrib.sessions',
    'django.contrib.messages',
    'django.contrib.staticfiles',
     ... 
    'axes',
]


Add AxesBackend to the top of AUTHENTICATION_BACKENDS:

AUTHENTICATION_BACKENDS = [
    'axes.backends.AxesBackend',

    'django.contrib.auth.backends.ModelBackend',
]

Add AxesMiddleware to your  middleware 

MIDDLEWARE = [
    ...    'axes.middleware.AxesMiddleware',
]

Then, run this command to check the configuration.

python manage.py check

Aaaand, last one.

Run,

python manage.py migrate

to sync 🔄 the database. 

Now go to your admin panel and you'll see two sections,

Access attempts and Access logs




Now, Axes is functional with the default settings and is saving user attempts into your database and locking users out if they exceed the maximum attempts.

There are couple of things you can do while testing.

Go to
https://django-axes.readthedocs.io/en/latest/2_installation.html 

for more. 

● ● ●