Forums

How to secure my Django site

Hi I need to 'secure" my site - driviinginstructor.pythonanywhere.com

I started reading the following link: https://docs.djangoproject.com/en/2.2/topics/security/

Where do I start?

Thanks for any directions.

Enabling the “Force HTTPS” option in the web tab is a good security measure

Thank you.

Agreed, that's probably the quickest and easiest one of those checklist items to implement. It covers the first part of the "SSL/HTTPS" section, and also is equivalent to setting SECURE_SSL_REDIRECT to True. (One thing that's worth noting is that if you move your site to a custom domain in the future, you'll have to get an HTTPS certificate too -- it's just a couple of clicks, and the help page explaining what to do is here.)

Once you've done that, I'd suggest just working through the other steps in the Django docs, from the first to the last.