check OWASP security site checklist
consider adding PythonDebug Off to apache2 config.  See https://django-book.readthedocs.io/en/latest/chapter20.html