One of my blogger friends Hesham (FamousBloggers.net and others) got one of his domains hacked by a hacker. On top of that, the guy who stole his domain made him an offer of $999 to get the domain back.
Most newbies are not aware of the domain security features available on their domain manager account. Because of this, they miss out on many important settings which should be implemented from day one.
As we say:
- Prevention is better than cure.
In the domain business, once you’ve lost the domain, you will be sitting there wondering if you can get your domain back. In fact, chances are not good as there are many legal procedures involved.
So here I’m sharing some of the essential domain security settings which you should enable for your domain right now. These settings are available for most of the domain registrars such as GoDaddy and Namecheap.
Securing Domain Name Registration:
So now you are the proud owner of over 100 domains, and one fine day you wake up and realize your domain manager account is missing all of your domains. That’s what we call a WTF moment…
I personally hate that GoDaddy makes transferring domains from one GoDaddy account to another so easy. Anyone who gets access to your account can transfer your domain into their account in a few simple steps.
Have you taken care of all the privacy and security settings offered by your domain service?
Let’s outline some security measures for securing your domain name:
As we say:
“Sometimes we are so busy in learning the advanced stuff that we forget the basics..!!!”
Start with creating a secure and reliable password. Make sure it’s alphanumeric with special characters. Keep changing your password after every regular interval. I have set a date for maintenance of my blog, and that’s the day when I change all of my passwords.
Another thing is that many of us hire freelancers and companies to work on our sites, so we give them access to our domain panel. Make sure to change your password when the work is done. Also, check all settings like the primary email and the who.is of your domain to make sure nothing has been altered.
Don’t use emails to directly access your domain account
How many times have you used emails from your domain registrar to log in to your account for available discount and notification emails? If you are tech-savvy, you will always check the header of the email, or check the URL which you are using to log in to your domain account.
Phishing is the most common form of social engineering. This is what a hacker does to get access to your account. They will send you an email, which will look exactly the same as your domain newsletter, and in many cases, people click, log in to their account, and lose access.
It’s better to log in to your account by directly typing the login URL in the URL field:
Enable Privacy: Buy Who.is guard
Unless there’s a reason for you to display your contact details, you should enable Who.is privacy for your domain. This will make sure no one can find the contact details of your domain. Your Who.is record will be updated with an anonymous name, email, and address. Most domain registrars like ShoutMyDomain offer a free Who.is guard for a year.
Though, using a Who.is guard for every year could be a costly affair for newbie bloggers. In this case, make sure the email name used in the Who.is info is not the same as your domain access email. Domain hackers usually target such emails first by various social engineering skills.
Domain locking feature
When you are done purchasing your domain, make sure to take advantage of the domain locking security feature. This will avoid any unauthorized transfers and domain changes. You can easily find this setting in your domain panel. (Above is a screenshot of the GoDaddy domain manager panel.)
Use separate hosting and domain account
One of the biggest domain mistakes webmasters do is use the same hosting account for their domain and hosting plan. I would never recommend this. Once a hacker gets access to your hosting account, you will lose access to your domain and there is no option of recovery.
I’m sure these steps will help you add an extra layer of security to your domain.
Even if your domain hasn’t yet been hijacked, it’s always a good idea to keep a domain name transfer dispute form ready.
- Here is one handy link for GoDaddy domains which you can use in case one of your GoDaddy domains gets hijacked.
- Here is the ICANN guide on what to do when an unauthorized domain transfer happens.
I hope this quick tutorial will help you to increase your domain security and fight against domain theft. If you have more suggestions and ideas to avoid domain stealing, do let me know via the comments.