How do you protect django admin site?

Question

I thought I might restrict it to show only on some IPs, but I have some freelance workers without static IPs that should be able to login to admin site. I rolled out a big proje

Answer 1

1) Restrict by IP's. This may not be totally possible in your case but still you can look at allowing only few subnets, I don't think even though your users have dynamic IP's they most likely to get their IP's from same subnet if accessing on same network every time. This may reduce the risk of being open totally.

2) Change the default Admin URL to something non-obvious.