A checklist to secure Django site

django-secure.md

1- use rate limit to block brute force attack like this
2- use anti bot services like reCAPTCHA
3- config web server to disable directory browsing (like here)
4- scanning all file and check allowed type before upload to server(ClamAV).