How To Keep Your Domain Name Safe From Hackers

Disclosure:ย This post may contain affiliate links, which means we may receive a commission if you click a link and purchase something that we recommended. Read more about Affiliate disclosure here.

Every day, several thousand domain names get stolen, and hundreds of WordPress blogs get hacked.

You cannot afford to be on the list of people losing their domain names under avoidable circumstances. You must avoid domain theft at all cost so that the asset you’ve invested in for years will not get stolen.

In case you don’t know, your domain is a part of your brand identity, and it’s also a potential gateway to wealth.

You may have heard that some domain names have been sold for millions of dollars in the past. Just recently, Travelzoo sold the domain fly.com for $2.89 million. This was the same domain they acquired in 2009 for $1.76 million.

Check out this list of other domain names that have been sold for over $35M in the past.

All that aside, do you know that there are easy ways you can protect your domain name against theft?

Knowing the various tactics employed by domain thieves will help you in taking proactive measures to keep your name safe.

Here’s How To Avoid Domain Theft

1. Keep your domain registration records and contact information accurate.

Whenever there is a change of address, phone number, or email address that you’ve been using for domain name transfer communications, you must let your registrar know.

Make sure you also update your emergency and business contact information.

When any suspicious activity occurs, your registrar will be able to contact you and let you know ASAP.

2. Be wise in choosing your registrar.

Choosing registrar
  • Save

Don’t buy your domain name from just any registrar; be sure that the registrar has been in business for a long time and is trustworthy.

When choosing a domain registrar, you must look beyond price and find a company that offers quality services and support.

They should be able to provide more than the minimum registration and domain transfer services. The technical support should be readily available 24×7 irrespective of your location.

The registrar must also have a system that notifies you of a pending domain transfer and allows you some days to respond before the domain is actually moved. This is to ensure that the domain is not transferred without your knowledge.

Such notifications would allow you halt a pending transfer.

Also, be sure the registrar has a way of notifying you of changes in your registration record or any ownership change requests. Check that they give you the option of specifying which communication method is best for you (email, phone, fax, etc.).

Does the registrar have additional security measures like two-step authentication? This is where you receive a code on your mobile phone every time you go to log in. You need to correctly enter this code before you’re granted access to your account.

It may be irritating to users, but without safeguards like this, a hacker can easily transfer your domain out of your account.

Note: GoDaddy is always a good choice

3. Keep your domain registrant info private.

Keep domain registrant info private
  • Save

You need to jealously guard your account info the same way you would any other account info on any other site (you need to be extra protective because your domain is a business asset).

You should never give your login details to a stranger or any other person except to someone authorized to manage your domain (e.g. a webmaster or a developer). Make sure you change the account details when this person leaves your organization.

Don’t use your contact email address as your username for your registrar account as hijackers will always guess this. Instead, create a different username that is not the same as the contact email.

4. Lock-up your domain.

Ask your registrar to place your domain name under a registrar lock.

This makes it impossible to alter your registration information and DNS configuration without your consent; you have to unlock your name before anything changes.

If your registrar supports EPP (Extensible Provisioning Protocol), then they can help to add a second “lock,” the Authorization Information Code or authInfo.

Once the EPP is activated for your account, your registrar will send you the authInfo code within 5 days to have your domain transferred out. This code must be given to the gaining registrar before the domain can be accepted. In some cases, the registrars give you the right to set up the authInfo value.

In that case, you have to be sure that each domain name you register has its own EPP authInfo code that is unique to it. Only one domain name would be in danger if for any reason the authInfo code is broken.

After locking your domain name, make sure you check the Who.Is periodically to ascertain that the status of the domain has not changed. If you notice any change in your domain name information, report it immediately to your registrar.

5. Don’t access your domain account directly from your email.

You may occasionally get emails from your domain registrar to let you know of discounts or other promos.

Sometimes, you will log in to your account by clicking on the link in your email because you trust your registrar.

However, domain hijackers will try to send you a phishing email with links and logos that look exactly like your registrar’s. If you must use any link in your email, be sure to cross check it on your status bar before going ahead.

If you log in through a phishing link, you might lose access your account.

To prevent such an ugly incident, it is always better to type your registrar’s address directly into the address bar without clicking on any email link.

6. Separate your domain from your hosting account.

Separate domain from hosting account
  • Save

Some domain owners make the terrible mistake of using the same company to register their domain and also host it. If a domain hijacker gets access to your hosting account, they will take over everything, and you will not be able to recover your domain.

You should use separate providers for domain registration and for hosting.

7. Change your password periodically.

While it is wise to create a highly secured password, it is advisable to change this password after some time.

To create a secure password, use a combination of uppercase, lowercase, numbers, and special characters.

Never use common names, dictionary words, birth dates, anniversary dates, etc. Hackers will easily guess these. And again, when you hire someone to work on your account, make sure you change the password after they leave.

Smart Passwords: How To Create A Strong Password

8. Enable privacy.

You should enable Who.is privacy (Who.is Guard) for your domain and make sure your contact details are not visible to anyone.

What Every Domain Owner Should Know about WhoisGuard

Domain thieves can easily use this info to locate you and set bait for you using phishing emails. Once you enable Who.is privacy, your details (name, email, address, phone number, etc.) will not be visible to the public.

How To Keep Your Domain Name Safe

Domain names are often very valuable assets that must be protected. If you lose your domain, your entire business could go down, too.

Follow the tips we have listed in this post and your domain will be better protected from the hands of domain hijackers.

What about you? Have you ever lost a domain to anyone? What domain registrar do you currently use and what measures do they use to safeguard against domain thieves? Please share your experience via the comment box below. It would be great to see you contribute to helping other people secure their domain names!

7 Security Tips to keep your Gmail account secure

5 Ways To Stay Safe On The Internet And It’s Not What You Think

And if you find this post helpful, share it with your friends and colleagues!

Subscribe on YouTube

  • Save
Authored By
A Blogger, Author and a speaker! Harsh Agrawal is recognized as a leader in digital marketing and FinTech space. Fountainhead of ShoutMeLoud, and a Speaker at ASW, Hero Mindmine, Inorbit, IBM, India blockchain summit. Also, an award-winning blogger.

35 thoughts on “How To Keep Your Domain Name Safe From Hackers”

  1. Thanks for this guide.

    I have one question in mind.

    If i moved my domain from Godaddy to Name.com.

    During transfer period of 1-2 days is my blog will off ? and also i need to change name servers and everything data from CDN and in hosting??

    Thanks~

  2. Rupesh Kumar

    Nice info Harsh.

    I would like to especially stress on choosing wisely on domain registrar. When I was new in digital marketing stuff, I chose hostpapa as domain registrar just because of its cheap plans. But later I realised the problems with these type of registrars. Now I am with Namecheap which is quite good in terms of support and security facilities. Also I agree that one should keep their hosting and domain name registrar separate.

  3. Excellent sharing. Recently my domain has been hacked for unknown reasons and I tried to fix the issue but I failed. It was very frustrated to lost my domain after crafting so many valuable content on my site. So I strongly recommend every marketer to take on his account yours tips on how to keep domain name safe and more secured so that you don’t lose your entire online business completely.

  4. Khuram Shahzad Number

    Hi Mr. Agarwal
    I really like your article about how to keep your domain safe from the reach of hackers. It provide a valuable information. The language was very simple and the approach was very practical. I will follow the advice you made like choosing the registrar,Keep your domain registrant info private. Great article keep writing practical articles like this.

  5. Hi Harsh.

    My domain age is 2 years old and it is .in.

    How can I Keep my domain registrant info private ? There is no option to make it private in Bigrock.

  6. Shailesh Chaudhary

    Hi,
    Thanks for this useful Info. But I have an Question relared to Domain hacking.
    If my Website will Hacked, then how i can retrive my Website from hacker?

  7. as per the 6th point i have changed my hosting a/c to namechep… whereas my domain remains with godaddy

  8. Shubham Asthana

    Hi Harsh,
    There is no option to hide my who.is data in godaddy.com Dashboard, How to enable it for my domain.

  9. Hi Harsh,
    Very nice article on domain name. Its very simple to understand also. I just want to know should we buy domain security service at the time of registering our domain. If not can we buy this service later ?

  10. Hi Harsh,

    To tell you the truth, I really don’t pay attention to domain theft, but after reading this post, I think I am going to take some time today to make sure that it is protected.

    I never purchase my domain from my hosting account. I always purchase all my domains from Namecheap and have great success.

    They offer a free Who.is Guard for the first year. I never renew it, but I may have to after reading this.

    It’s kind of nerve racking that we have to pay attention to things like this. We all focus on WordPress security because we know that our sites are vulnerable if we don’t.

    Now we have to start paying attention to domain theft as well.

    Thanks for sharing these tips, now I am off to check my domain and make sure that everything is updated and renew my Who.is Guard subscription.

    Have a great day ๐Ÿ™‚

    Susan

  11. Hi Harsh, Nice post and very helpful. In many way I can say your ShoutMeLoud is the best place for newbies.

  12. Madhvi Sharma

    I do agree that securing our domains is must but hackers are always too smart. regisrar lock really helps?

  13. Thank you @Harsh Agrawal this post is really helpful for all the bloggers. I need to ask a question that I have a domain and I want to provide updated apk files on the domain. Is there will be any copyright infringement please reply.

  14. Hey Harsh,

    In the past few years, I have bought many domain names and I also protect the information.

    Buying the domain protection is the best idea. People shouldn’t know about the details of yours.

    Having a legitimate domain registrar is a major factor to focus on. And it’s a better idea if people don’t buy the domain name from their web hosting providers.

    ~Ravi

  15. Hi Agarwal
    A very good article about how to protect your domain from hackers. I read articles like this but this articles have distinction and very practical approach. The language was simple and steps you take to understand are very good. Great article please keep writing articles like this

  16. Rakesh Kumar

    Hi, really this is very important for webmasters to protect domain name. These steps as you discussed we must follow to protect our domain name. Very very thanks for providing such information.

    Regards.

  17. Munna Hossain

    Hi, Harsh.
    Another helpful article from you. I lost one of my favorite domains. So I am very much worried about the security of my domain name. Your article is helpful to protect us from the hackers.
    These tricks must increase the security of the domain name. I will try on my own domain. Thank you very much for the informative article.

  18. Amanpreet Singh

    Thank you again, sir, for keeping us updated in each field. This is the reason I have purchased my domain from Namecheap. They have provided who is guard free for one year and yes sir we really need to separate our domain name from hosting account. Working on important topics as you said here.
    Thanks –
    Amanpreet Singh

  19. Very useful tips for site owners. Many of us don’t know that we should use different providers for hosting and the domain registration.

  20. Ketty Tailor

    Thanks For This Article Mate !!

    I have changed my passwords of all my domains and using privacy protection of the domain ๐Ÿ™‚

    Only one doubt bro, Which one is better for better domains? Godaddy Or Bluehost?

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top
148 Shares
[i]
[i]
[i]
[i]
Share via
Copy link