diff --git a/funfactory/requirements/prod.txt b/funfactory/requirements/prod.txt
index ef99a18..90f16c2 100644
--- a/funfactory/requirements/prod.txt
+++ b/funfactory/requirements/prod.txt
@@ -1,5 +1,5 @@
 # Django stuff
-Django==1.3.1
+Django==1.4
 -e git://github.com/jbalogh/django-multidb-router.git#egg=django-multidb-router
 -e git://github.com/jsocol/django-cronjobs.git#egg=django-cronjobs
 
diff --git a/funfactory/settings_base.py b/funfactory/settings_base.py
index 7733fa7..35dad51 100644
--- a/funfactory/settings_base.py
+++ b/funfactory/settings_base.py
@@ -151,10 +151,15 @@ def lazy_langs():
 # Examples: "http://media.lawrence.com", "http://example.com/media/"
 MEDIA_URL = '/media/'
 
-# URL prefix for admin media -- CSS, JavaScript and images. Make sure to use a
-# trailing slash.
-# Examples: "http://foo.com/media/", "/media/".
-ADMIN_MEDIA_PREFIX = '/admin-media/'
+# Absolute path to the directory static files should be collected to.
+# Don't put anything in this directory yourself; store your static files
+# in apps' "static/" subdirectories and in STATICFILES_DIRS.
+# Example: "/home/media/media.lawrence.com/static/"
+STATIC_ROOT = path('static')
+
+# URL prefix for static files.
+# Example: "http://media.lawrence.com/static/"
+STATIC_URL = '/static/'
 
 # Make this unique, and don't share it with anybody.
 # Set this in your local settings which is not committed to version control.
@@ -227,9 +232,9 @@ def JINJA_CONFIG():
 
     # Django contrib apps
     'django.contrib.auth',
-    'django_sha2',  # Load after auth to monkey-patch it.
     'django.contrib.contenttypes',
     'django.contrib.sessions',
+    'django.contrib.staticfiles',
     # 'django.contrib.sites',
     # 'django.contrib.messages',
     # Uncomment the next line to enable the admin:
@@ -256,11 +261,20 @@ def JINJA_CONFIG():
 SESSION_COOKIE_HTTPONLY = True
 
 ## Auth
-PWD_ALGORITHM = 'sha512'  # recommended: 'bcrypt'
+BASE_PASSWORD_HASHERS = (
+    # recommended: 'django_sha2.hashers.BcryptHMACCombinedPasswordVerifier',
+    'django_sha2.hashers.SHA512PasswordHasher',
+    'django.contrib.auth.hashers.SHA1PasswordHasher',
+    'django.contrib.auth.hashers.MD5PasswordHasher',
+    'django.contrib.auth.hashers.UnsaltedMD5PasswordHasher',
+)
 HMAC_KEYS = {  # for bcrypt only
     #'2011-01-01': 'cheesecake',
 }
 
+from django_sha2 import get_password_hashers
+PASSWORD_HASHERS = get_password_hashers(BASE_PASSWORD_HASHERS, HMAC_KEYS)
+
 ## Tests
 TEST_RUNNER = 'test_utils.runner.RadicalTestSuiteRunner'