Every day, several thousand domain names get stolen, and hundreds of WordPress blogs get hacked.
You cannot afford to be on the list of people losing their domain names under avoidable circumstances. You must avoid domain theft at all cost so that the asset youโve invested in for years will not get stolen.
In case you don’t know, your domain is a part of your brand identity, and itโs also a potential gateway to wealth.
You may have heard that some domain names have been sold for millions of dollars in the past. Just recently, Travelzoo sold the domain fly.com for $2.89 million. This was the same domain they acquired in 2009 for $1.76 million.
Check out this list of other domain names that have been sold for over $35M in the past.
All that aside, do you know that there are easy ways you can protect your domain name against theft?
Knowing the various tactics employed by domain thieves will help you in taking proactive measures to keep your name safe.
8 Tips to Avoid Domain Theft
1. Use accurate domain registration details
Whenever there is a change of address, phone number, or email address that youโve been using for domain name transfer communications, you must let your registrar know.
Make sure you also update your emergency and business contact information.
When any suspicious activity occurs, your registrar will be able to contact you and let you know ASAP.
2. Be wise in choosing domain registrar
Donโt buy your domain name from just any registrar; be sure that the registrar has been in business for a long time and is trustworthy.
When choosing a domain registrar, you must look beyond price and find a company that offers quality services and support.
They should be able to provide more than the minimum registration and domain transfer services. The technical support should be readily available 24×7 irrespective of your location.
The registrar must also have a system that notifies you of a pending domain transfer and allows you some days to respond before the domain is actually moved. This is to ensure that the domain is not transferred without your knowledge.
Such notifications would allow you to halt a pending transfer.
Also, be sure the registrar has a way of notifying you of changes in your registration record or any ownership change requests. Check that they give you the option of specifying which communication method is best for you (email, phone, fax, etc.).
Does the registrar have additional security measures like two-step authentication? This is where you receive a code on your mobile phone every time you go to log in. You need to correctly enter this code before you’re granted access to your account.
It may be irritating to users, but without safeguards like this, a hacker can easily transfer your domain out of your account.
Note: GoDaddy is always a good choice.
3. Keep domain registrant info private
You need to jealously guard your account info like any other account info on any other site (you need to be extra protective because your domain is a business asset).
You should never give your login details to a stranger or any other person except to someone authorized to manage your domain (e.g. a webmaster or a developer). Make sure you change the account details when this person leaves your organization.
Donโt use your contact email address as your username for your registrar account as hijackers will always guess this. Instead, create a different username that is not the same as the contact email.
4. Lock-up the domain
Ask your registrar to place your domain name under a registrar lock.
This makes it impossible to alter your registration information and DNS configuration without your consent; you have to unlock your name before anything changes.
If your registrar supports EPP (Extensible Provisioning Protocol), then they can help to add a second โlock,โ the Authorization Information Code or authInfo.
Once the EPP is activated for your account, your registrar will send you the authInfo code within 5 days to have your domain transferred out. This code must be given to the gaining registrar before the domain can be accepted. In some cases, the registrars give you the right to set up the authInfo value.
In that case, you have to be sure that each domain name you register has its own EPP authInfo code that is unique to it. Only one domain name would be in danger if for any reason the authInfo code is broken.
After locking your domain name, make sure you check the Who.Is periodically to ascertain that the status of the domain has not changed. If you notice any change in your domain name information, report it immediately to your registrar.
5. Donโt access domain account via email links
You may occasionally get emails from your domain registrar to let you know of discounts or other promos.
Sometimes, you will log in to your account by clicking on the link in your email because you trust your registrar.
However, domain hijackers will try to send you a phishing email with links and logos that look exactly like your registrarโs. If you must use any link in your email, be sure to cross check it on your status bar before going ahead.
If you log in through a phishing link, you might lose access your account.
To prevent such an ugly incident, it is always better to type your registrarโs address directly into the address bar without clicking on any email link.
6. Separate domain from hosting account
Some domain owners make the terrible mistake of using the same company to register their domain and also host it. If a domain hijacker gets access to your hosting account, they will take over everything, and you will not be able to recover your domain.
You should use separate providers for domain registration and for hosting.
7. Change password periodically
While it is wise to create a highly secured password, it is advisable to change this password after some time.
To create a secure password, use a combination of uppercase, lowercase, numbers, and special characters.
Never use common names, dictionary words, birth dates, anniversary dates, etc. Hackers will easily guess these. And again, when you hire someone to work on your account, make sure you change the password after they leave.
8. Enable privacy
You should enable Who.is privacy (Who.is Guard) for your domain and make sure your contact details are not visible to anyone.
Domain thieves can easily use this info to locate you and set bait for you using phishing emails. Once you enable Who.is privacy, your details (name, email, address, phone number, etc.) will not be visible to the public.
How To Keep Your Domain Name Safe?
Domain names are often very valuable assets that must be protected. If you lose your domain, your entire business could go down, too.
Follow the tips we have listed in this post and your domain will be better protected from the hands of domain hijackers.
What about you? Have you ever lost a domain to anyone? What domain registrar do you currently use and what measures do they use to safeguard against domain thieves? Please share your experience via the comment box below. It would be great to see you contribute to helping other people secure their domain names!
And if you find this post helpful, share it with your friends and colleagues!
![How to Save Money on Domain Renewal in 2023 [With Video]](https://www.shoutmeloud.com/wp-content/uploads/2019/02/Save-Money-Buying-or-Renewing-Domain-Names-431x230.jpg)
![3 Best HostGator Alternatives: 2023 Edition [With Insider Tips]](https://www.shoutmeloud.com/wp-content/uploads/2022/03/Best-HostGator-Alternatives-431x230.jpg)
In my (cloud) hosting C Panel, I added 14 websites as addon. So my question, is there any dangerous to my hosting account. If one of my add on domain(website) is hacked, then what, my 13 addon and main domain will be hacked? Please reply someone. I’m just fearing about it.
@Goutam
Since all the add-on domain shares the same hosting and is not in isolation, if your one site gets hacked, probability of your other sites getting hacked is also there.
Make sure you put in all best security practices and take regular back up of your website.
Thanks for this wonderful and valuable information
I never thought it will happen and one more thing i purchased a domain then i got too much email and calls everyday . How to fix these calls and mails?
@Dacker
Start using Who.is guard for your domain.
Great information. Can you also tell me that is using ssl certificate on domain decrease Google rankings
@Puru
That’s true. It’s a positive search engine ranking factor https://webmasters.googleblog.com/2014/08/https-as-ranking-signal.html
Thankโs Dude. This is really interesting and very useful
It’s been quite often websites are getting hacked. Those suggestions are really valuable.
I always feel putting the domain and hosting in the same account is not a good idea at all. And more over, all websites in the same hosting. As Websites are being continuously hacked.
Thanks Harsh for recommending some great tips…
Hi Thanks for this valuable article. I have a question. If I bought Domain name from a famous domain provider like godaddy then how can hack domain from godaddy. and will godaddy responsible for this ?
@TecCrowd
Most of the time hacking happens due to user ignorance. For example, using weak or guessable password, sharing their domain EPP code & keeping domain unlocked. Domain registrar like GoDaddy, NameCheap take good care of security from their end. I’m not seeing they can’t be hacked but in majority of the cases, it’s user ignorance towards their security which lead them to lose their domain name.
Thanks for sharing Harsh.
I’ve always been worried about losing domain names and it has happened to companies I’ve worked with in the past.
These are some great strategies to keep your domain safe.
Hi Harsh,
A very good and practical article on how to protect your domain from hackers.
I am new to this bloggers world but found it very easy to understand and above it very practical approach.
Great work please share more articles like this.
Cheers!
Hi Mr. Harsh
I really like your article. It provides a valuable information to keep the domain safe.
Keep writing practical articles like this.
great post thanks a lot for write about domains safe from hacker