How To Keep Your Domain Name Safe From Hackers
Every day, several thousand domain names get stolen, and hundreds of WordPress blogs get hacked.
You cannot afford to be on the list of people losing their domain names under avoidable circumstances. You must avoid domain theft at all cost so that the asset you’ve invested in for years will not get stolen.
In case you don’t know, your domain is a part of your brand identity, and it’s also a potential gateway to wealth.
Do you know that there are easy ways you can protect your domain name against theft?
Knowing the various tactics employed by domain thieves will help you in taking proactive measures to keep your name safe.
Here’s How To Avoid Domain Theft
Keep your domain registration records and contact information accurate
Whenever there is a change of address, phone number, or email address that you’ve been using for domain name transfer communications, you must let your registrar know.
Make sure you also update your emergency and business contact information.
When any suspicious activity occurs, your registrar will be able to contact you and let you know ASAP.
Be wise in choosing your registrar
Don’t buy your domain name from just any registrar; be sure that the registrar has been in business for a long time and is trustworthy.
When choosing a domain registrar, you must look beyond price and find a company that offers quality services and support.
They should be able to provide more than the minimum registration and domain transfer services. The technical support should be readily available 24×7 irrespective of your location.
The registrar must also have a system that notifies you of a pending domain transfer and allows you some days to respond before the domain is actually moved. This is to ensure that the domain is not transferred without your knowledge.
Such notifications would allow you to halt a pending transfer.
Also, be sure the registrar has a way of notifying you of changes in your registration record or any ownership change requests. Check that they give you the option of specifying which communication method is best for you (email, phone, fax, etc.).
Does the registrar have additional security measures like two-step authentication? This is where you receive a code on your mobile phone every time you go to log in. You need to correctly enter this code before you’re granted access to your account.
It may be irritating to users, but without safeguards like this, a hacker can easily transfer your domain out of your account.
Note: GoDaddy is always a good choice.
Keep your domain registrant info private
You need to guard your account info the same way you would on any other account info on any other site (you need to be extra protective because your domain is a business asset).
You should never give your login details to a stranger or any other person except to someone authorized to manage your domain (e.g. a webmaster or a developer). Make sure you change the account details when this person leaves your organization.
Don’t use your contact email address as your username for your registrar account as hijackers will always guess this. Instead, create a different username that is not the same as the contact email.
Lock-up Your Domain
Ask your registrar to place your domain name under a registrar lock.
This makes it impossible to alter your registration information and DNS configuration without your consent; you have to unlock your name before anything changes.
If your registrar supports EPP (Extensible Provisioning Protocol), then they can help to add a second “lock,” the Authorization Information Code or authInfo.
Once the EPP is activated for your account, your registrar will send you the authInfo code within 5 days to have your domain transferred out. This code must be given to the gaining registrar before the domain can be accepted. In some cases, the registrars give you the right to set up the authInfo value.
In that case, you have to be sure that each domain name you register has its own EPP authInfo code that is unique to it. Only one domain name is in danger if for any reason the authInfo code is broken.
After locking your domain name, make sure you check who is periodical to ascertain that the status of the domain has not changed. If you notice any change in your domain name information, report it immediately to your registrar.
Don’t access your domain account directly from your email
You may occasionally get emails from your domain registrar to let you know of discounts or other promos.
Sometimes, you will log in to your account by clicking on the link in your email because you trust your registrar.
However, domain hijackers will try to send you a phishing email with links and logos that look exactly like your registrar’s. If you must use any link in your email, be sure to cross check it on your status bar before going ahead.
If you log in through a phishing link, you might lose access to your account.
To prevent such an ugly incident, it is always better to type your registrar’s address directly into the address bar without clicking on an email link.
Separate your domain from your hosting account
Some domain owners make a terrible mistake of using the same company to register their domain also host it.
If a domain hijacker gets access to your hosting account, they will take over everything, and you will not be able to recover your domain.
You should use separate providers for domain registration and for hosting.
Change your password periodically
While it is wise to create a highly secured password, it is advisable to change this password after some time.
To create a secure password, use a combination of uppercase, lowercase, numbers, and special characters.
Never use common names, dictionary words, birth dates, anniversary dates, etc. Hackers will easily guess these. And again, when you hire someone to work on your account, make sure you change the password after they leave.
You should enable privacy WhoIsprivacy (Eg: WhoIsGuard) for your domain. Make sure your contact details are not visible to anyone.
Domain thieves can easily use this info to locate you and set bait for you using phishing emails. Once you enable Whoisprivacy, your details (name, email, address, phone number, etc.) will not be visible to the public.