Get your Django app ready for production

Bilal Tonga
2 min readOct 14, 2021


Internet is not safe place, there is no angels playing on the clouds. this is a dark place where a guy in a black sweatshirt thinks about how to hack your site. If we can’t make the world a safer place let’s make our own django app safer and production ready.

Here’s your checklist:

check --deploy

Django has a cool automated script that check all configuration of our application and make some suggestions. Run the command and check all configs. check --deploy


What’s the big deal ? There are million of millions django secret_keys in Don’t push your production secret key to github repo. Best practices is get sensitive info from environment variables.

import os
SECRET_KEY = os.environ['SECRET_KEY']

DEBUG is True or not True

Never and never enable DEBUG in production.

DEBUG = False


Do you want to protect your site against some CSRF attacks ? If your answer is YESS! check your ALLOWED_HOST settings. You should also configure your web-server that sits in front of Django application to validate the host.


Cache servers often have weak authentication. Make sure they only accept connections from your application servers.


Store database connection parameters on environment variables and don’t add your git repo. For maximum security, make sure database servers only accept connections from your application servers.


Don’t trust users! You may add file upload on django application. Don’t let users upload .php files. Web server shouldn’t execute them.


Use SSL certificate, get a certificate and use it! it's not a big deal.

That’s all!