diff --git a/README.md b/README.md
index 1bc504f3..da16596e 100644
--- a/README.md
+++ b/README.md
@@ -39,6 +39,7 @@ This project was done by me as a assignment for an internship.
     <li>Django</li>
     <li>django-crispy-forms</li>
     <li>Pillow</li>
+    <li>django-simple-captcha</li>
 </ul>
   
 <h2>Note :</h2>
diff --git a/db.sqlite3 b/db.sqlite3
new file mode 100644
index 00000000..bdfaa7fe
Binary files /dev/null and b/db.sqlite3 differ
diff --git a/django_web_app/.gitignore b/django_web_app/.gitignore
new file mode 100644
index 00000000..bd1407b1
--- /dev/null
+++ b/django_web_app/.gitignore
@@ -0,0 +1,45 @@
+# Application
+django_web_app/static
+django_web_app/uploads/*
+!django_web_app/uploads/.gitkeep
+django_web_app/logs/*
+!django_web_app/logs/.gitkeep
+nginx/static
+
+# Python intermediate files
+*.py[cod]
+__pycache__
+
+# Logs
+*.log
+
+# Unit test / coverage reports
+.coverage
+.tox
+nosetests.xml
+
+# Translations
+*.mo
+*.pot
+
+# PyCharm
+.idea/
+
+# Visual Studio Code
+.vscode/
+
+# Vim
+*~
+*.swp
+*.swo
+
+# npm
+node_modules/
+
+debug/
+
+# mac osx
+*.DS_Store
+
+# Virtualenv Environment
+/venv/
diff --git a/django_web_app/blog/__pycache__/__init__.cpython-310.pyc b/django_web_app/blog/__pycache__/__init__.cpython-310.pyc
new file mode 100644
index 00000000..990fb98a
Binary files /dev/null and b/django_web_app/blog/__pycache__/__init__.cpython-310.pyc differ
diff --git a/django_web_app/blog/__pycache__/admin.cpython-310.pyc b/django_web_app/blog/__pycache__/admin.cpython-310.pyc
new file mode 100644
index 00000000..7b419689
Binary files /dev/null and b/django_web_app/blog/__pycache__/admin.cpython-310.pyc differ
diff --git a/django_web_app/blog/__pycache__/apps.cpython-310.pyc b/django_web_app/blog/__pycache__/apps.cpython-310.pyc
new file mode 100644
index 00000000..82d49ccb
Binary files /dev/null and b/django_web_app/blog/__pycache__/apps.cpython-310.pyc differ
diff --git a/django_web_app/blog/__pycache__/models.cpython-310.pyc b/django_web_app/blog/__pycache__/models.cpython-310.pyc
new file mode 100644
index 00000000..3d5e0f2f
Binary files /dev/null and b/django_web_app/blog/__pycache__/models.cpython-310.pyc differ
diff --git a/django_web_app/blog/__pycache__/urls.cpython-310.pyc b/django_web_app/blog/__pycache__/urls.cpython-310.pyc
new file mode 100644
index 00000000..08673fb2
Binary files /dev/null and b/django_web_app/blog/__pycache__/urls.cpython-310.pyc differ
diff --git a/django_web_app/blog/__pycache__/views.cpython-310.pyc b/django_web_app/blog/__pycache__/views.cpython-310.pyc
new file mode 100644
index 00000000..b225ed08
Binary files /dev/null and b/django_web_app/blog/__pycache__/views.cpython-310.pyc differ
diff --git a/django_web_app/blog/migrations/__pycache__/0001_initial.cpython-310.pyc b/django_web_app/blog/migrations/__pycache__/0001_initial.cpython-310.pyc
new file mode 100644
index 00000000..432def9f
Binary files /dev/null and b/django_web_app/blog/migrations/__pycache__/0001_initial.cpython-310.pyc differ
diff --git a/django_web_app/blog/migrations/__pycache__/0002_post_file.cpython-310.pyc b/django_web_app/blog/migrations/__pycache__/0002_post_file.cpython-310.pyc
new file mode 100644
index 00000000..ce19379e
Binary files /dev/null and b/django_web_app/blog/migrations/__pycache__/0002_post_file.cpython-310.pyc differ
diff --git a/django_web_app/blog/migrations/__pycache__/__init__.cpython-310.pyc b/django_web_app/blog/migrations/__pycache__/__init__.cpython-310.pyc
new file mode 100644
index 00000000..4e44b7cb
Binary files /dev/null and b/django_web_app/blog/migrations/__pycache__/__init__.cpython-310.pyc differ
diff --git a/django_web_app/blog/templates/blog/base.html b/django_web_app/blog/templates/blog/base.html
index c0cb7cf7..d2f08931 100644
--- a/django_web_app/blog/templates/blog/base.html
+++ b/django_web_app/blog/templates/blog/base.html
@@ -1,8 +1,8 @@
-{% load staticfiles %}
+{% load static %}
 <!doctype html>
 <html lang="en">
   <head>
-    
+
     <!-- Required meta tags -->
     <meta charset="utf-8">
     <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
@@ -24,34 +24,34 @@
                 <button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#navbarSupportedContent" aria-controls="navbarSupportedContent" aria-expanded="false" aria-label="Toggle navigation">
                   <span class="navbar-toggler-icon"></span>
                 </button>
-              
+
                 <div class="collapse navbar-collapse" id="navbarSupportedContent">
                   <ul class="navbar-nav mr-auto">
                     <li class="nav-item active">
                       <a class="nav-link" href="{% url 'blog-home' %}"><i class="fas fa-home"></i> Home <span class="sr-only">(current)</span></a>
                     </li>
-                   
 
-                    
+
+
                   </ul>
                   <!------{{ request.get_host }}/blog/search/-->
                   <form id="searchform" action="{% url 'search' %}" method="get">
                     <input type="text" name="q" type="text" value="{{ request.GET.q }}" placeholder="Search Here..." />
                     <button type="button" onclick="searchform.submit()" class=" text-white my-color btn-primary"><i class="fa fa-search"></i></button>
                 </form>
-              
+
                     {% if user.is_authenticated %}
                     <a href="{% url 'user-posts' user %}" class="btn text-white m-2"><i class="fas fa-user-shield"></i> My Post</a>
                     <a href="{% url 'post-create' %} " class="btn text-white m-2"><i class="fas fa-user-edit"></i> New Post</a>
-                    <a href="{% url 'profile' %} " class="btn text-white m-2"><i class="fas fa-user"></i> {{ user.username }}</a>
+                    <a href="{% url 'profile' %} " class="btn text-white m-2"><i class="fas fa-user"></i> {{ user.username | escape }}</a>
                     <a href="{% url 'logout' %} " class="btn text-white m-2"><i class="fas fa-sign-out-alt"></i> Log Out</a>
-                    
+
                     {% else %}
                     <a href="{% url 'login' %} " class="btn text-white m-2"><i class="fas fa-user-tie"></i> Log In</a>
-                   
+
                     <a href="{% url 'register' %} " class="btn text-white m-2"> <i class="fas fa-sign-in-alt"></i> Sign Up</a>
                     {% endif %}
-                  
+
                 </div>
               </nav>
       <div class="container my-bg">
@@ -63,9 +63,9 @@
           {% endfor %}
         {% endif %}
     {% block content %}
-      
+
     {% endblock  %}
-</div> 
+</div>
     <!-- Optional JavaScript -->
     <!-- jQuery first, then Popper.js, then Bootstrap JS -->
     <script src="https://code.jquery.com/jquery-3.3.1.slim.min.js" integrity="sha384-q8i/X+965DzO0rT7abK41JStQIAqVgRVzpbzo5smXKp4YfRvH+8abtTE1Pi6jizo" crossorigin="anonymous"></script>
diff --git a/django_web_app/blog/templates/blog/home.html b/django_web_app/blog/templates/blog/home.html
index 18a53dd6..6cd63281 100644
--- a/django_web_app/blog/templates/blog/home.html
+++ b/django_web_app/blog/templates/blog/home.html
@@ -7,29 +7,29 @@
         </a>
         <div class="media-body">
           <div class="article-metadata d-flex justify-content-between">
-            <a class="mr-2 " href="{% url 'user-posts' post.author.username  %}"><h3>{{ post.author }}</h3></a>
+            <a class="mr-2 " href="{% url 'user-posts' post.author.username  %}"><h3>{{ post.author | escape }}</h3></a>
               <small class="text-muted">{{ post.date_upload|date:"F d, Y" }}</small>
           </div>
           {% if post.file %}
           <a href="{{ post.file.url }}"  download class="text-dark text-justify "><h5>{{ post.blog }}</h5></a>
           {% endif %}
-     
-      
-     
-          <h2><a class="article-title text-justify " href="{% url 'post-detail' post.id %}">{{ post.title }}</a></h2>
+
+
+
+          <h2><a class="article-title text-justify " href="{% url 'post-detail' post.id %}">{{ post.title | escape }}</a></h2>
           <div class="d-flex justify-content-between">
-            <p class="article-content text-justify text-truncate overflow-hidden">{{ post.content }}</p>
+            <p class="article-content text-justify text-truncate overflow-hidden">{{ post.content | escape }}</p>
             {% if post.file %}
-          <div class="form-group mt-0 pt-0  m-2">          
+          <div class="form-group mt-0 pt-0  m-2">
             <a class="btn btn-outline-primary  btn-d "  href="{{ post.file.url }}"  download type="submit"><i class="fas fa-download"></i></a>
           </div>
           {% endif %}
-        
+
           </div>
-      
+
         </div>
       </article>
-      </div>   
+      </div>
     {% endfor %}
     {% if is_paginated %}
 
diff --git a/django_web_app/blog/templates/blog/search.html b/django_web_app/blog/templates/blog/search.html
index e1b9572b..ab5cdb31 100644
--- a/django_web_app/blog/templates/blog/search.html
+++ b/django_web_app/blog/templates/blog/search.html
@@ -1,13 +1,14 @@
 {% extends 'blog/base.html' %}
 {% block content %}
-<p>Posts containing '{{query_string}}'</p> 
+<p>Posts containing '{{query_string}}'</p>
 {% for post in posts %}
     <div>
         <span> {{ post.created }} </span>
-        <a href="{% url 'post_detail' slug=post.slug %}"><h2 class="page-title">{{ post.title }}</h2></a>
+        <a href="{% url 'post_detail' slug=post.slug %}"><h2 class="page-title">{{ post.title | escape }}</h2></a>
         <div class="post">
-            {{ post.body|safe }}
+            {{ post.body| escape }}
+              <!-- safe }} -->
         </div>
     </div>
 {% endfor %}
-{% endblock content %}
\ No newline at end of file
+{% endblock content %}
diff --git a/django_web_app/blog/templates/blog/user_posts.html b/django_web_app/blog/templates/blog/user_posts.html
index 016c8090..598ee104 100644
--- a/django_web_app/blog/templates/blog/user_posts.html
+++ b/django_web_app/blog/templates/blog/user_posts.html
@@ -1,16 +1,16 @@
 {% extends "blog/base.html" %}
 {% block content %}
-    <h1 class="mb-3">Posts by {{ view.kwargs.username }} ({{ page_obj.paginator.count }})</h1>
+    <h1 class="mb-3">Posts by {{ view.kwargs.username | escape }} ({{ page_obj.paginator.count | escape }})</h1>
     {% for post in posts %}
         <article class="media content-section">
           <img class="rounded-circle article-img" src="{{ post.author.profile.image.url }}">
           <div class="media-body">
             <div class="article-metadata">
-              <a class="mr-2" href="{% url 'user-posts' post.author.username %}">{{ post.author }}</a>
+              <a class="mr-2" href="{% url 'user-posts' post.author.username %}">{{ post.author | escape }}</a>
               <small class="text-muted">{{ post.date_posted|date:"F d, Y" }}</small>
             </div>
-            <h2><a class="article-title" href="{% url 'post-detail' post.id %}">{{ post.title }}</a></h2>
-            <p class="article-content">{{ post.content }}</p>
+            <h2><a class="article-title" href="{% url 'post-detail' post.id %}">{{ post.title | escape }}</a></h2>
+            <p class="article-content">{{ post.content | escape }}</p>
           </div>
         </article>
     {% endfor %}
diff --git a/django_web_app/db.sqlite3 b/django_web_app/db.sqlite3
index 6b6fab1d..67e603b5 100644
Binary files a/django_web_app/db.sqlite3 and b/django_web_app/db.sqlite3 differ
diff --git a/django_web_app/django_web_app/__pycache__/__init__.cpython-37.pyc b/django_web_app/django_web_app/__pycache__/__init__.cpython-37.pyc
deleted file mode 100644
index 469f8cad..00000000
Binary files a/django_web_app/django_web_app/__pycache__/__init__.cpython-37.pyc and /dev/null differ
diff --git a/django_web_app/django_web_app/__pycache__/settings.cpython-37.pyc b/django_web_app/django_web_app/__pycache__/settings.cpython-37.pyc
deleted file mode 100644
index 01656b54..00000000
Binary files a/django_web_app/django_web_app/__pycache__/settings.cpython-37.pyc and /dev/null differ
diff --git a/django_web_app/django_web_app/__pycache__/urls.cpython-37.pyc b/django_web_app/django_web_app/__pycache__/urls.cpython-37.pyc
deleted file mode 100644
index b2be178b..00000000
Binary files a/django_web_app/django_web_app/__pycache__/urls.cpython-37.pyc and /dev/null differ
diff --git a/django_web_app/django_web_app/__pycache__/wsgi.cpython-37.pyc b/django_web_app/django_web_app/__pycache__/wsgi.cpython-37.pyc
deleted file mode 100644
index d5b495bc..00000000
Binary files a/django_web_app/django_web_app/__pycache__/wsgi.cpython-37.pyc and /dev/null differ
diff --git a/django_web_app/django_web_app/settings.py b/django_web_app/django_web_app/settings.py
index cfaf5b2e..55f29c7d 100644
--- a/django_web_app/django_web_app/settings.py
+++ b/django_web_app/django_web_app/settings.py
@@ -1,11 +1,8 @@
 """
 Django settings for django_web_app project.
-
 Generated by 'django-admin startproject' using Django 2.1.7.
-
 For more information on this file, see
 https://docs.djangoproject.com/en/2.1/topics/settings/
-
 For the full list of settings and their values, see
 https://docs.djangoproject.com/en/2.1/ref/settings/
 """
@@ -25,8 +22,11 @@
 # SECURITY WARNING: don't run with debug turned on in production!
 DEBUG = True
 
-ALLOWED_HOSTS = []
+ALLOWED_HOSTS = ["*"]
+#wstawić adres zewnętrzny!!!!!!!!!!!!!!!!!
 
+# Allow cookies only for server inside
+SESSION_COOKIE_HTTPONLY = True
 
 # Application definition
 
@@ -40,6 +40,7 @@
     'django.contrib.sessions',
     'django.contrib.messages',
     'django.contrib.staticfiles',
+    'captcha',
 ]
 
 MIDDLEWARE = [
diff --git a/django_web_app/django_web_app/urls.py b/django_web_app/django_web_app/urls.py
index 75f5e784..0f168a1f 100644
--- a/django_web_app/django_web_app/urls.py
+++ b/django_web_app/django_web_app/urls.py
@@ -27,8 +27,9 @@
     path('profile/', user_views.profile, name='profile'),
     path('logout/', auth_views.LogoutView.as_view(template_name='users/logout.html'), name='logout'),
     path('', include('blog.urls')),
+    path('captcha/', include('captcha.urls')),
 ]
 
 
 if settings.DEBUG:
-    urlpatterns += static(settings.MEDIA_URL, document_root=settings.MEDIA_ROOT)
\ No newline at end of file
+    urlpatterns += static(settings.MEDIA_URL, document_root=settings.MEDIA_ROOT)
diff --git a/django_web_app/users/__pycache__/__init__.cpython-310.pyc b/django_web_app/users/__pycache__/__init__.cpython-310.pyc
new file mode 100644
index 00000000..9d30ebdf
Binary files /dev/null and b/django_web_app/users/__pycache__/__init__.cpython-310.pyc differ
diff --git a/django_web_app/users/__pycache__/admin.cpython-310.pyc b/django_web_app/users/__pycache__/admin.cpython-310.pyc
new file mode 100644
index 00000000..2e7b97bf
Binary files /dev/null and b/django_web_app/users/__pycache__/admin.cpython-310.pyc differ
diff --git a/django_web_app/users/__pycache__/apps.cpython-310.pyc b/django_web_app/users/__pycache__/apps.cpython-310.pyc
new file mode 100644
index 00000000..6efff90e
Binary files /dev/null and b/django_web_app/users/__pycache__/apps.cpython-310.pyc differ
diff --git a/django_web_app/users/__pycache__/forms.cpython-310.pyc b/django_web_app/users/__pycache__/forms.cpython-310.pyc
new file mode 100644
index 00000000..9a03a8ef
Binary files /dev/null and b/django_web_app/users/__pycache__/forms.cpython-310.pyc differ
diff --git a/django_web_app/users/__pycache__/models.cpython-310.pyc b/django_web_app/users/__pycache__/models.cpython-310.pyc
new file mode 100644
index 00000000..72b054e4
Binary files /dev/null and b/django_web_app/users/__pycache__/models.cpython-310.pyc differ
diff --git a/django_web_app/users/__pycache__/signals.cpython-310.pyc b/django_web_app/users/__pycache__/signals.cpython-310.pyc
new file mode 100644
index 00000000..58de28b7
Binary files /dev/null and b/django_web_app/users/__pycache__/signals.cpython-310.pyc differ
diff --git a/django_web_app/users/__pycache__/views.cpython-310.pyc b/django_web_app/users/__pycache__/views.cpython-310.pyc
new file mode 100644
index 00000000..00f87f6c
Binary files /dev/null and b/django_web_app/users/__pycache__/views.cpython-310.pyc differ
diff --git a/django_web_app/users/forms.py b/django_web_app/users/forms.py
index c28ff278..24e8461f 100644
--- a/django_web_app/users/forms.py
+++ b/django_web_app/users/forms.py
@@ -2,11 +2,11 @@
 from django.contrib.auth.models import User
 from django.contrib.auth.forms import UserCreationForm
 from .models import Profile
-
+from captcha.fields import CaptchaField
 
 class UserRegisterForm(UserCreationForm):
     email = forms.EmailField()
-
+    captcha = CaptchaField()
     class Meta:
         model = User
         fields = ['username', 'email', 'password1', 'password2']
@@ -14,7 +14,7 @@ class Meta:
 
 class UserUpdateForm(forms.ModelForm):
     email = forms.EmailField()
-
+    captcha = CaptchaField()
     class Meta:
         model = User
         fields = ['username', 'email']
diff --git a/django_web_app/users/migrations/0002_remove_profile_image.py b/django_web_app/users/migrations/0002_remove_profile_image.py
new file mode 100644
index 00000000..022f29aa
--- /dev/null
+++ b/django_web_app/users/migrations/0002_remove_profile_image.py
@@ -0,0 +1,17 @@
+# Generated by Django 3.2 on 2022-11-19 19:52
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('users', '0001_initial'),
+    ]
+
+    operations = [
+        migrations.RemoveField(
+            model_name='profile',
+            name='image',
+        ),
+    ]
diff --git a/django_web_app/users/migrations/__pycache__/0001_initial.cpython-310.pyc b/django_web_app/users/migrations/__pycache__/0001_initial.cpython-310.pyc
new file mode 100644
index 00000000..44350fb0
Binary files /dev/null and b/django_web_app/users/migrations/__pycache__/0001_initial.cpython-310.pyc differ
diff --git a/django_web_app/users/migrations/__pycache__/__init__.cpython-310.pyc b/django_web_app/users/migrations/__pycache__/__init__.cpython-310.pyc
new file mode 100644
index 00000000..f343319b
Binary files /dev/null and b/django_web_app/users/migrations/__pycache__/__init__.cpython-310.pyc differ
diff --git a/django_web_app/users/templates/users/profile.html b/django_web_app/users/templates/users/profile.html
index e3027d33..e490ff46 100644
--- a/django_web_app/users/templates/users/profile.html
+++ b/django_web_app/users/templates/users/profile.html
@@ -5,19 +5,21 @@
       <div class="media">
         <img class="rounded-circle account-img" src="{{ user.profile.image.url }}">
         <div class="media-body">
-          <h2 class="account-heading">{{ user.username }}</h2>
-          <p class="text-secondary">{{ user.email }}</p>
+          <h2 class="account-heading">{{ user.username | escape }}</h2>
+          <p class="text-secondary">{{ user.email | escape }}</p>
         </div>
       </div>
       <form method="POST" enctype="multipart/form-data">
-          {% csrf_token %}
           <fieldset class="form-group">
               <legend class="border-bottom mb-4">Profile Info</legend>
-              {{ u_form|crispy }}
-              {{ p_form|crispy }}
+              {% csrf_token %}
+              {{ u_form |crispy }}
+              {{ p_form |crispy }}
           </fieldset>
           <div class="form-group">
+
               <button class="btn btn-outline-info" type="submit">Update</button>
+
           </div>
       </form>
     </div>
diff --git a/django_web_app/users/templates/users/register.html b/django_web_app/users/templates/users/register.html
index 3c3df17f..8da3ec00 100644
--- a/django_web_app/users/templates/users/register.html
+++ b/django_web_app/users/templates/users/register.html
@@ -3,9 +3,9 @@
 {% block content %}
     <div class="content-section">
         <form method="POST">
-            {% csrf_token %}
             <fieldset class="form-group">
                 <legend class="border-bottom mb-4">Join Today</legend>
+                {% csrf_token %}
                 {{ form|crispy }}
             </fieldset>
             <div class="form-group">
diff --git a/django_web_app/users/views.py b/django_web_app/users/views.py
index c2d999c8..3516fd32 100644
--- a/django_web_app/users/views.py
+++ b/django_web_app/users/views.py
@@ -12,6 +12,9 @@ def register(request):
             username = form.cleaned_data.get('username')
             messages.success(request, f'Your account has been created! You are now able to log in')
             return redirect('login')
+        else:
+            messages.warning(request, f'Your information or chaptcha is wrong!')
+            form = UserRegisterForm()
     else:
         form = UserRegisterForm()
     return render(request, 'users/register.html', {'form': form})
@@ -24,11 +27,14 @@ def profile(request):
         p_form = ProfileUpdateForm(request.POST,
                                    request.FILES,
                                    instance=request.user.profile)
-        if u_form.is_valid() and p_form.is_valid():
+        if (u_form.is_valid() and p_form.is_valid()):
             u_form.save()
             p_form.save()
             messages.success(request, f'Your account has been updated!')
             return redirect('profile')
+        else:
+            messages.warning(request, f'Your information or chaptcha is wrong!')
+            return redirect('profile')
 
     else:
         u_form = UserUpdateForm(instance=request.user)