How to Keep Your Domain Name Safe

Word cloud in blue lettersWeb publishers, sooner or later, purchase one or more custom domain names to run their websites and blogs. A top-level domain, not only adds a brand and identity to your website but is also recommended from SEO perspective. Generally, purchasing or selling a domain name is not a cumbersome process and one can own his desired name within a few minutes. But, owning a domain name and keeping it secure from hackers are two completely different ball games. Often, negligence in properly maintaining a domain name leads to expiration or hijacking of the same. It can be a huge loss if your website is already receiving a decent volume of organic traffic. To avoid such catastrophic situation, one must be familiar with the basics of keeping a domain name safe. That's what this guide is all about. Investing some time in learning these vital domain management tricks is going to save you both time and money in the long run. Let's get started and master the art of domain name safety and management in an easy way. Here we go!

Word cloud in blue letters Pro Tip: If you own a large number of domains, divide them among two or more registrars instead of keeping them at a single location.

Choose Your Domain Registrar Carefully

From where you purchase a domain name matters the most when it comes to easy management of the same. There are several important things one must keep in mind before finalizing the registrar. To assess and compare all these points, one should not hesitate in taking feedback from existing users.

Here are some of the important things to consider.

Reasonable registration and renewal rates - If you find the rates too low or too high (except during seasonal promotions), hold on and try to find out the reason for the same.

Registrations at dirt cheap prices indicate the absence of vital and key features to easily manage and secure the domain. And, alarmingly high rates may indicate bundling of unnecessary and superficial features with the domain purchase package.

User-friendly interface - When it comes to domain management, a good user interface doesn't just mean visually appealing dashboard, but more importantly, it means easy-to-use settings for key domain related functions like adding host records.

If the latter system is confusing, the design itself is useless no matter how good are the visual elements.

Impeccable documentation and support service - Spend some time in reading the knowledgebase or documentation. Focus on how easily a layman can grab the tutorials to do the most common domain management tasks on his own.

The quality of support service can only be assessed through an existing user. The key things to note are different methods to avail help, average turnaround time, and the expertise of the support staff.

Keep Domain Registrar and Web Host Separate

Initially, it may seem that a better strategy is to keep everything within a single account and service. But, experts recommend keeping both these things, separate.

Let's discuss the two different reasons for the same.

Prevents loss of both in case of hijack or intrusion - Generally, domain owners activate various security measures (exp. 2-step authentication) to keep their accounts safe and secure.

But, in case the account is not secured properly and an intruder gains unauthorized access, the damage can be a total loss of everything. If both the accounts are separate you can still save one of the services minimizing the damage to a certain extent.

Minimizes or nullifies domain transfer issues - Domains are generally locked preemptively by the registrars to prevent unauthorized transfer attempts. In such case, you may see the status as 'Registrar lock' or 'Client Transfer Prohibited' within your dashboard.

Now, if your domain registrar does not provide an easy option to unlock your domain and you're looking to change the web host as well as the registrar which is currently the same. In such case, you'll face problems getting your domain transferred to a different company.

In such a situation, you can use this form to file a complaint to ICANN about domain transfer issues.

If both the services are separate, bad experience from a web host doesn't require domain transfer as well. Simply change the host and point your domain to the new servers. It's that simple.

Keep Your Domain Name Locked

As I mentioned in the previous section, domain is preemptively locked at the time of purchase to avoid any mishap and to follow the ICANN 60 day no transfer rule. Under normal circumstances, you must ensure without any fail that your domain is locked.

Failing to do so may result in loss of your domain through unauthorized domain transfer requests or a change in name servers.

The only reason to unlock a domain is either pushing the domain to a different account at the same registrar's platform or a domain transfer to a different registrar.

In both the cases, one has to ensure that the domain is relocked once the transfer process is complete.

Use WhoisGuard Protection to Safeguard Your Information

With every domain name registration, the owner has to submit his vital contact information to the registrar. This includes name, address, telephone number, and email address.

By default, this information is public and anyone can view it using the WHOIS Lookup service to exactly know who is the owner of a domain name.

Now, this is an ideal condition for spammers and hackers who use this information to bombard the domain owner with countless offers and promotions. In every such case, it's an agonizing experience for the domain name owner.

The solution to this problem is to use WhoisGuard service with your domain name. This service hides your original contact information replacing it with the service's own contact details.

This way you can not only deter spammers but can hide your identity if you want to do so for some reasons. The service itself is extremely affordable and I'll recommend it to every website owner.

WhoisGuard has partnered with several domain registrars to offer this protection. So, make sure your registrar offers this feature, out-of-the-box.

While doing the WHOIS lookup, if you've doubt if the domain information is served using the WhoisGuard service or not, use this tool to confirm it.

Keep Domain Contact Details Updated and Current

We've just discussed hiding our contact details from the general public in the previous section. So, why bother keeping this information updated and accurate?

For every domain, there are 3 types of contact details required for the WHOIS database. Following are those types.

Registrant Contact - This is the most important contact as the entity mentioned in this record is regarded as the owner of the domain. Without any fail, keep this record accurate and updated.

Administrative Contact - This contact is responsible for all the non-technical issues or tasks associated with the domain viz., domain transfer, or resolution of any dispute.

Technical Contact - And last but not the least, this person is the one who takes care of the technical issues (exp. setting up hosting records or activating a specific feature) associated with the domain.

In most cases, the information in all these 3 records is more or less the same. But the question arises that why this information should be absolutely accurate despite keeping it hidden from the general public?

If there's any dispute or an issue related to the domain, not only the authenticity of the domain caretakers can be established through this contact information, but one can also get timely notifications in a timely manner at the right address.

Practice Best Account Security Measures

Though this one is quite obvious, we'll still once discuss and go through brief details about securing our domain management account. Take it very seriously because weak account security can result in loss of your domain.

Use a strong password - Use a complex password combining alphanumeric and special characters to make it hard to crack for the intruders. I'll recommend using a specialized password management system instead of creating it manually.

Enable 2-step authentication - All reputed domain registrars provide 2-step authentication feature for the users. By default, it is disabled. Activate and start using it right from day one to harden your account's security.

Login & change password regularly - Often, website owners' login to their domain management account in long intervals. Change this habit and access your account at least once a month to inspect any unusual change.

Similarly, no matter how strong is the password, change it frequently for added security.

Store login credentials at a secure place - Unless you're using a password management system, keep it backed up at two different (online & offline) secure locations.

Enable account activity notifications - Another excellent security feature offered by good domain registrars is the email notification of all the account activity. This feature is generally provided for free.

These email notifications are instant and include the IP address, login time, login id, and the activities performed by the user during the session. Activation of this powerful feature becomes more necessary if you've given account access to a second person.

Be Aware of Expiration and Renewal Dates

I've often noticed few website owners consoling themselves on social media platforms about the loss of their domain due to their own negligence of failing to renew their domain in time.

Though it is not so common still one should not take chances and must take care of this important task, without any fail.

Whenever a domain expires, the owner gets both Auto-Renew Grace Period (0 to 45 days) and a Redemption Grace Period (30 days) during which he can grab his domain back via a renewal.

If you always keep enough funds or already have an active credit card within your domain management account, keep the auto-renewal mode, always on. This way, you'll never reach the redemption grace period and the domain will be secured automatically.

And, in case, you prefer the manual approach, keep the reminders about the renewal activated within your favorite task management tool. Though domain registrar sends timely reminders about renewal, there's no harm in setting up a secondary reminder system.

I'll also advise renewing your domains for a longer period of time especially if you prefer the manual approach.

Avoid Giving Account Access to Anyone

Generally, website owners perform all domain management tasks themselves without any need for a second person to give a hand.

But sometimes, giving restricted account access to someone else becomes inevitable. For example, if a person is technically challenged, he may ask a geeky friend to do the configuration on his behalf.

Similarly, for a large website or an account with a large number of domains, a dedicated and technically sound manager is required to take care of all the domain management tasks. In both these cases, releasing account access for others cannot be avoided.

Needless to say, such kind of access should only be given to your most trusted contact. And, make sure you create a new restricted account for the person instead of directly sharing the administrator account login credentials.

If all these cases do not apply in your case, never ever give access to the domain management account to a contact, no matter how closely you know him.