9 Steps to Keep a Secure Domain
Securing your domain name is crucial to safeguarding your domain name’s settings and control panel. Anyone
with bad intentions who accesses this area can change your email and website accessibility settings.
It’s not only illegal access you need to be vigilant of; you don’t have to be the latest victim of cybercrime
to lose control of your website. It could be snapped up and in the hands of a new owner perfectly legally
if you simply forget to renew it.
Follow these nine steps to shield your domain from unauthorized changes to your domain name settings or unintentionally
slipping out of your hands.
Keep Your Accounts Secure
Use strong passwords - A strong password isn’t necessarily a complex series of numbers,
letters and symbols as we were lead to believe.
This advice has been deprecated by the guy who came up with it. Instead, consider using a
password generator to create a random password that is harder to predict. Avoid using common
names, birthdays, anniversaries, etc,. and, when you hire someone to work on your domain account,
make sure to change the password when they leave.
Be your own firewall - Anyone with access to your domain can potentially hijack it.
Never give your account information to anyone, including your webmaster. If someone needs access
to your hosting account login details, use the Account Administrator feature to grant access
levels to anyone who needs to manage domain names in your account.
2 step authentication - Using two-factor authentication on your account involves a two-step
login process. It adds another layer of security required to access your account using a password
as well as another step such as SMS authentication. Yes, it might be irritating for yourself
and your domain users, but without this type of safeguards, a hacker can easily transfer your
domain into their control.
Login in to your registrar account regularly - Check your account details are correct,
or, save the hassle by purchasing Domain Monitoring. This service alerts your administrative
email if any changes are made to your domain name’s settings.
Secure Email - Keeping the email linked to your domain safe is key to keeping your domain
secure. Ensure your password is complex and change it frequently. Make sure to use a secure email
server; free services that might expire with lack of use. If you email expires, someone else
could snap it up. This leaves the, free to impersonate you in correspondence with your registrar.
They might even use the forgotten password feature to have the password email to them.
Employ Anti Virus/ Spyware Measures
Prevent key-logging - Install antivirus/ spyware software on your home computer to prevent
key-logging software capturing your usernames and passwords. Keep this software updated periodically
to ensure your information isn’t handed to unauthorized persons.
Keep applications up to date - To secure yourself from hackers you have to keep up to
date with security updates detering viruses and malware. It’s the most targeted way to break
your security and steal data. Keep all the applications on your web account such as domain account,
CMS such as WordPress, etc. up-to-date with the latest security patches so hackers can’t exploit
it. Any MySQL database used by those applications must also be kept updated to the latest version.
Keep Your Registration Records Up-to-date
Keep your domain contact information accurate with your registrar. If you move, update your information immediately.
It’s not only a legal requirement from ICANN. Keeping up to date records is also the best way to ensure
your registrar has a way of contacting if any suspicious activity occurs. Make sure you are available
to receive notifications so that your registrar will alert you to any changes to your account. This forewarning
gives you chance to halt a pending transfer.
Whenever there are any changes to the contact details that you have been using for domain name transfer
communications, let your registrar know.
Keep your emergency and business contact information up to date.
Keep Track of Domain Renewals
The easiest way to lose a domain is failing to renew it. After going through the process of buying a domain
and creating a website, you will want to avoid your registration expiring. This is why you must make
yourself fully aware of the renewal process for your domain. The most common arrangement is yearly renewal,
conducted automatically; however, it can vary from registrar to another.
A simple way to avoid your domain being snapped up by someone else is setting up a reminder. Many registrars
allow you to renew domains for up to ten years in advance. The problem with anything you don’t regularly
do; it is more likely to slip your mind. Consider setting a recurring reminder on your desktop -annually.
Another helpful tip is to synchronize domains, so they expire on the same date. Many domain registrars
allow this which makes things easier when you manage more than one.
Add Domain Privacy
WHOIS is a public database the supplies it’s users with information regarding domain name ownership. All
website owners are obliged to provide correct contact information to their registrar. The information
provided with your domain registration is associated with the domain name, and a WHOIs record is created.
Anyone using the WHOIS search can access your contact information by searching the WHOIS database.
Thieves are after this information in particular because they can use your contact details to impersonate
you and attempt to transfer your domain to a new owner. Alternatively, they might contact you try to
fool you into revealing your account password.
If you don’t want this contact information available, opt for private domain registration. Domain privacy
is a valuable add-on service most domain registrars provide for site owners who don’t want their contact
information available publicly. The domain registrar will simply swap their contact details with yours,
for example, if you are using Namecheap’s
WHOISguard, anyone wanting to contact you will have to talk to Namecheap first.
Lock Up Your Domain
Permission to make changes - Most registrars offer a registry lock service to provide
an extra level of security for domain name holders and their customers. Setting up a registrar
lock (also known as domain lock and transfer lock) provides prevents anyone transferring your
domain without your permission.
Consider the worse case scenario; someone with bad intentions accesses the control panel used to
activate your domain. This area includes information about your domains nameservers, those which
help the DNS located your domain. If someone was to edit this information, they could drive traffic
trying to reach your site, onto somewhere else.
For a small fee, your registrar can apply a registry lock. Using registry lock is similar to identity
theft protections that lock anyone using your credit card, without the special authorization
of the card owner. Similarly, registrars are unable to make changes to your site’s DNS information
without manual authorization from the registry.
Use a domain authorization code - An Extensible Provisioning Protocol, known as EPP
provides an extra layer of security at the time of domain name registration. A unique Authorization
Information Code (AIC) is assigned by the registrar to the new domain owner, this code is needed
to transfer the domain from one registrar to another. Keep your AICs secure and confidential
for effective protection from unwanted domain transfers.
Be Vigilant with Emails
People will use creative tactics to get your to disclose your domain account details. A popular method adopted
by hackers is to send an email which looks just like one you would get from your domain registrar. The
e-mail will ask your to click on a link that takes you to a close replica of your registrars website.
Once you enter your information, it can be captured. If you log in through a phishing link, you might
lose access your account. Avoid this by being vigilant;
Be suspicious of emails claiming to be from your registrar
Don't access your domain account directly from your email
Always enter the registrars address manually in your browser before logging in.
SSL certification - SSL protection is one of the best-known security features you can
get. Protect your customers against identity theft with an SSL Certificate. Customer sensitive
information such as name, bank account information and billing address is encrypted during transmission
from their computer to your domain web server. This process ensures their information can’t be
stolen. TLS, the less well-known acronym is a similar security protocol which succeeded SSL.
Customers will see they have accessed a secure website as they will see https:// at the beginning
of its URL. If your conducting business such as e-commerce or have access to any sensitive customer
information, SSL technology is a must. Even casual internet users recognize it. You don’t need
advanced computer knowledge to set this up, you host will likely provide shopping cart functionality
for example to conduct secure transactions. Another perk of SSL or TLS certificates installed
on your computer; t is a positive factor in
how your site is viewed by Google.
Enable DNSSEC - DNSSEC is a complicated topic that relates to the domain name system
used to translate domain names into numeric internet addresses. When the DNS was first implemented,
it wasn’t secure, and several vulnerabilities were discovered. The threat of name spoofing for
example. Name spoofing is where someone can intercept communication between you and a customer.
Coming between two parties, they hope to victimize the customer.
Domain name system security extensions (DNSSEC) were the answer to this problem. They are a set of
protocols that add an extra layer of protection to the domain name system to prevent against
unauthorized DNS hosts.
Reliable hosting - Hosting should be at the forefront of your battle against cyber crime.
Check your host is doing enough to ensure your site is secure from their side of things.
VPS - To be extra safe, use a VPS. Your domain exists on a slice of a much more powerful
server in a secure data center. Unlike shared hosting, your domain is allotted a guaranteed amount
of system resources.
Practice good server security habits - Performs regular updates on your CMS, disable
unused services, plugins, widgets, etc., and control remote access.
Firewalls - Firewall the server so you can only access it from known safe locations/networks.
Choose the Right Registrar
Don’t buy your domain from the first registrar you come across. Be sure the registrar is authorized to sell
domains, has a good reputation and is trustworthy. When choosing a registrar, look beyond the price point
alone, you need a quality service with good support. Does the registrar provide additional security measures
Notification of account changes such as a pending domain transfer gives you time to respond before
a domain is moved.
Readily available, knowledgeable technical support to assist implementing your domain name security.
Trained customer service agents who screen callers so no one can impersonate anyone to access an