How To Keep Your Domain Name Safe From Hackers


Every day, several thousand domain names get stolen, and hundreds of WordPress blogs get hacked.

You cannot afford to be on the list of people losing their domain names under avoidable circumstances. You must avoid domain theft at all cost so that the asset you’ve invested in for years will not get stolen.

In case you don’t know, your domain is a part of your brand identity, and it’s also a potential gateway to wealth.

You may have heard that some domain names have been sold for millions of dollars in the past. Just recently, Travelzoo sold the domain for $2.89 million. This was the same domain they acquired in 2009 for $1.76 million.

Check out this list of other domain names that have been sold for over $35M in the past.

All that aside, do you know that there are easy ways you can protect your domain name against theft?

Knowing the various tactics employed by domain thieves will help you in taking proactive measures to keep your name safe.

8 Tips to Avoid Domain Theft

1. Use accurate domain registration details

Whenever there is a change of address, phone number, or email address that you’ve been using for domain name transfer communications, you must let your registrar know.

Make sure you also update your emergency and business contact information.

When any suspicious activity occurs, your registrar will be able to contact you and let you know ASAP.

2. Be wise in choosing domain registrar

Choosing registrar
  • Save

Don’t buy your domain name from just any registrar; be sure that the registrar has been in business for a long time and is trustworthy.

When choosing a domain registrar, you must look beyond price and find a company that offers quality services and support.

They should be able to provide more than the minimum registration and domain transfer services. The technical support should be readily available 24×7 irrespective of your location.

The registrar must also have a system that notifies you of a pending domain transfer and allows you some days to respond before the domain is actually moved. This is to ensure that the domain is not transferred without your knowledge.

Such notifications would allow you to halt a pending transfer.

Also, be sure the registrar has a way of notifying you of changes in your registration record or any ownership change requests. Check that they give you the option of specifying which communication method is best for you (email, phone, fax, etc.).

Does the registrar have additional security measures like two-step authentication? This is where you receive a code on your mobile phone every time you go to log in. You need to correctly enter this code before you’re granted access to your account.

It may be irritating to users, but without safeguards like this, a hacker can easily transfer your domain out of your account.

Note: GoDaddy is always a good choice

3. Keep domain registrant info private

Keep domain registrant info private
  • Save

You need to jealously guard your account info like any other account info on any other site (you need to be extra protective because your domain is a business asset).

You should never give your login details to a stranger or any other person except to someone authorized to manage your domain (e.g. a webmaster or a developer). Make sure you change the account details when this person leaves your organization.

Don’t use your contact email address as your username for your registrar account as hijackers will always guess this. Instead, create a different username that is not the same as the contact email.

4. Lock-up the domain

Ask your registrar to place your domain name under a registrar lock.

This makes it impossible to alter your registration information and DNS configuration without your consent; you have to unlock your name before anything changes.

If your registrar supports EPP (Extensible Provisioning Protocol), then they can help to add a second “lock,” the Authorization Information Code or authInfo.

Once the EPP is activated for your account, your registrar will send you the authInfo code within 5 days to have your domain transferred out. This code must be given to the gaining registrar before the domain can be accepted. In some cases, the registrars give you the right to set up the authInfo value.

In that case, you have to be sure that each domain name you register has its own EPP authInfo code that is unique to it. Only one domain name would be in danger if for any reason the authInfo code is broken.

After locking your domain name, make sure you check the Who.Is periodically to ascertain that the status of the domain has not changed. If you notice any change in your domain name information, report it immediately to your registrar.

5. Don’t access domain account via email links

You may occasionally get emails from your domain registrar to let you know of discounts or other promos.

Sometimes, you will log in to your account by clicking on the link in your email because you trust your registrar.

However, domain hijackers will try to send you a phishing email with links and logos that look exactly like your registrar’s. If you must use any link in your email, be sure to cross check it on your status bar before going ahead.

If you log in through a phishing link, you might lose access your account.

To prevent such an ugly incident, it is always better to type your registrar’s address directly into the address bar without clicking on any email link.

6. Separate domain from hosting account

Separate domain from hosting account
  • Save

Some domain owners make the terrible mistake of using the same company to register their domain and also host it. If a domain hijacker gets access to your hosting account, they will take over everything, and you will not be able to recover your domain.

You should use separate providers for domain registration and for hosting.

7. Change password periodically

While it is wise to create a highly secured password, it is advisable to change this password after some time.

To create a secure password, use a combination of uppercase, lowercase, numbers, and special characters.

Never use common names, dictionary words, birth dates, anniversary dates, etc. Hackers will easily guess these. And again, when you hire someone to work on your account, make sure you change the password after they leave.

Smart Passwords: How To Create A Strong Password

Subscribe on YouTube

8. Enable privacy

You should enable privacy ( Guard) for your domain and make sure your contact details are not visible to anyone.

What Every Domain Owner Should Know about WhoisGuard

Subscribe on YouTube

Domain thieves can easily use this info to locate you and set bait for you using phishing emails. Once you enable privacy, your details (name, email, address, phone number, etc.) will not be visible to the public.

Subscribe on YouTube

How To Keep Your Domain Name Safe?

Domain names are often very valuable assets that must be protected. If you lose your domain, your entire business could go down, too.

Follow the tips we have listed in this post and your domain will be better protected from the hands of domain hijackers.

What about you? Have you ever lost a domain to anyone? What domain registrar do you currently use and what measures do they use to safeguard against domain thieves? Please share your experience via the comment box below. It would be great to see you contribute to helping other people secure their domain names!

And if you find this post helpful, share it with your friends and colleagues!

Was this helpful?

Thanks for your feedback!
  • Save
Authored By
A Blogger, Author and a speaker! Harsh Agrawal is recognized as a leader in digital marketing and FinTech space. Fountainhead of ShoutMeLoud, and a Speaker at ASW, Hero Mindmine, Inorbit, IBM, India blockchain summit. Also, an award-winning blogger.

35 thoughts on “How To Keep Your Domain Name Safe From Hackers”

  1. Goutam

    In my (cloud) hosting C Panel, I added 14 websites as addon. So my question, is there any dangerous to my hosting account. If one of my add on domain(website) is hacked, then what, my 13 addon and main domain will be hacked? Please reply someone. I’m just fearing about it.

    1. @Goutam
      Since all the add-on domain shares the same hosting and is not in isolation, if your one site gets hacked, probability of your other sites getting hacked is also there.
      Make sure you put in all best security practices and take regular back up of your website.

  2. Dacker

    Thanks for this wonderful and valuable information
    I never thought it will happen and one more thing i purchased a domain then i got too much email and calls everyday . How to fix these calls and mails?

    1. Harsh Agrawal

      Start using guard for your domain.

  3. Puru

    Great information. Can you also tell me that is using ssl certificate on domain decrease Google rankings

  4. mahesh

    Thank’s Dude. This is really interesting and very useful

  5. Navin Rao

    It’s been quite often websites are getting hacked. Those suggestions are really valuable.

    I always feel putting the domain and hosting in the same account is not a good idea at all. And more over, all websites in the same hosting. As Websites are being continuously hacked.

    Thanks Harsh for recommending some great tips…

  6. TecCrowd

    Hi Thanks for this valuable article. I have a question. If I bought Domain name from a famous domain provider like godaddy then how can hack domain from godaddy. and will godaddy responsible for this ?

    1. Harsh Agrawal

      Most of the time hacking happens due to user ignorance. For example, using weak or guessable password, sharing their domain EPP code & keeping domain unlocked. Domain registrar like GoDaddy, NameCheap take good care of security from their end. I’m not seeing they can’t be hacked but in majority of the cases, it’s user ignorance towards their security which lead them to lose their domain name.

  7. James

    Thanks for sharing Harsh.

    I’ve always been worried about losing domain names and it has happened to companies I’ve worked with in the past.

    These are some great strategies to keep your domain safe.

  8. Poonam Kaushal

    Hi Harsh,

    A very good and practical article on how to protect your domain from hackers.

    I am new to this bloggers world but found it very easy to understand and above it very practical approach.

    Great work please share more articles like this.


  9. Rajneesh Tharwani

    Hi Mr. Harsh

    I really like your article. It provides a valuable information to keep the domain safe.
    Keep writing practical articles like this.

  10. bchunu

    great post thanks a lot for write about domains safe from hacker

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top