9 Steps to Keep a Secure Domain
Securing your domain name is crucial to safeguarding your domain name’s settings and control panel. Anyone with bad intentions who accesses this area can change your email and website accessibility settings.
It’s not only illegal access you need to be vigilant of; you don’t have to be the latest victim of cybercrime to lose control of your website. It could be snapped up and in the hands of a new owner perfectly legally if you simply forget to renew it.
Follow these nine steps to shield your domain from unauthorized changes to your domain name settings or from unintentionally slipping out of your hands.
Keep Your Accounts Secure
Use strong passwords - A strong password isn’t necessarily a complex series of numbers, letters and symbols as we were lead to believe. This advice has been deprecated by the guy who came up with it. Instead, consider using a password generator to create a random password that is harder to predict. Avoid using common names, birthdays, anniversaries, etc,. and, when you hire someone to work on your domain account, make sure to change the password when they leave.
Be your own firewall - Anyone with access to your domain can potentially hijack it. Never give your account information to anyone, including your webmaster. If someone needs access to your hosting account login details, use the Account Administrator feature to grant access levels to anyone who needs to manage domain names in your account.
2 step authentication - Using two-factor authentication on your account involves a two-step login process. It adds another layer of security when you need to access your account, using a password as well as another step, such as SMS authentication. Yes, it might be irritating for yourself and your domain users, but without this type of safeguard, a hacker can easily transfer your domain into their control.
Log in to your registrar account regularly - Check your account details are correct, or save yourself the hassle by purchasing Domain Monitoring. This service alerts your administrative email if any changes are made to your domain name’s settings.
Secure Email - Keeping the email linked to your domain safe is key to keeping your domain secure. Ensure your password is complex and change it frequently. Make sure to use a secure email server and notfree services that might expire with lack of use. If your email expires, someone else could snap it up. This leaves this person free to impersonate you in correspondence with your registrar. They might even use the forgotten password feature to have the password emailed to them.
Employ Anti Virus/ Spyware Measures
Prevent key-logging - Install antivirus/spyware software on your home computer to prevent key-logging software from capturing your usernames and passwords. Keep this software updated periodically to ensure your information isn’t handed to unauthorized persons.
Keep applications up to date - To secure yourself from hackers you have to keep up to date with security updates. This will deter viruses and malware. Out-of-date security is the most targeted way to break your security and steal data. Keep all the applications on your web account — for example, your domain account and your CMS, such as WordPress, etc —up-to-date with the latest security patches so hackers can’t exploit it. Any MySQL database used by those applications must also be kept updated to the latest version.
Keep Your Registration Records Up-to-date
Keep your domain contact information accurate with your registrar. If you move, update your information immediately. It’s not only a legal requirement from ICANN, but keeping up-to-date records is also the best way to ensure your registrar has a way of contacting you if any suspicious activity occurs.
Make sure you are available to receive notifications so that your registrar will be able to immediately alert you if there are any changes made to your account. This forewarning gives you the chance to halt a pending transfer.
Whenever there are any changes to the contact details that you have been using for domain name transfer communications, let your registrar know.
Keep your emergency and business contact information up to date.
Keep Track of Domain Renewals
The easiest way to lose a domain is by failing to renew it. After going through the process of buying a domain and creating a website, you will want to avoid your registration expiring. This is why you must make yourself fully aware of the renewal process for your domain. The most common arrangement is yearly renewal conducted automatically; however, it can vary from one registrar to another.
A simple way to avoid your domain being snapped up by someone else is by setting up a reminder. Many registrars allow you to renew domains for up to ten years in advance. The problem with anything you don’t regularly do is it is more likely to slip your mind. Consider setting a recurring reminder on your desktop annually. Another helpful tip is to synchronize domains, so they expire on the same date. Many domain registrars allow this, which makes things easier when you manage more than one.
Add Domain Privacy
WHOIS is a public database the supplies its users with information regarding domain name ownership. All website owners are obliged to provide correct contact information to their registrar. The information provided with your domain registration is associated with the domain name, and a WHOIS record is created. Anyone using the WHOIS search can access your contact information by searching the WHOIS database.
Thieves are after this information in particular because they can use your contact details to impersonate you and attempt to transfer your domain to a new owner. Alternatively, they might contact you to try fool you into revealing your account password.
If you don’t want this contact information available, opt for private domain registration. Domain privacy is a valuable add-on service most domain registrars provide for site owners who don’t want their contact information available publicly. The domain registrar will simply swap their contact details with yours. For example, if you are using the domain privacy service (from our chosen Whois privacy service provider Withheld for Privacy), anyone wanting to contact you will have to talk to Namecheap first.
Lock Up Your Domain
Permission to make changes - Most registrars offer a registry lock service to provide an extra level of security for domain name holders and their customers. Setting up a registrar lock (also known as domain lock and transfer lock) prevents anyone transferring your domain without your permission.
Consider the worse case scenario: someone with bad intentions accesses the control panel used to activate your domain. This area includes information about your domain’s nameservers, information which helps the DNS located your domain. If someone was to edit this information, they could drive traffic trying to reach your site somewhere else.
For a small fee, your registrar can apply a registry lock. Using a registry lock is similar to identity theft protections that block anyone using your credit card, without the special authorization of the card owner. Similarly, registrars are unable to make changes to your site’s DNS information without manual authorization from the registry.
Use a domain authorization code - An Extensible Provisioning Protocol, known as EPP, provides an extra layer of security at the time of domain name registration. A unique Authorization Information Code (AIC) is assigned by the registrar to the new domain owner. This code is needed to transfer the domain from one registrar to another. Keep your AICs secure and confidential for effective protection from unwanted domain transfers.
Be Vigilant with Emails
People will use creative tactics to get your to disclose your domain account details. A popular method adopted by hackers is to send an email which looks just like one you would get from your domain registrar. The e-mail will ask your to click on a link that takes you to a close replica of your registrar’s website. Once you enter your information, it can be captured. If you log in through a phishing link, you might lose access to your account.
Avoid this by being vigilant about the following:
Be suspicious of emails claiming to be from your registrar
Don't access your domain account directly from your email
Always enter the registrar’s address manually in your browser before logging in.
SSL certification - SSL protection is one of the best-known security features you can get. Protect your customers against identity theft with an SSL Certificate. A customer’s sensitive information, such as their name, bank account information and billing address is encrypted during transmission from their computer to your domain web server. This process ensures that their information can’t be stolen. TLS, the less well-known acronym, is a similar security protocol which succeeded SSL.
Customers will see they have accessed a secure website as they will see https:// at the beginning of its URL. If you’re conducting ane-commerce business or have access to any sensitive customer information, SSL technology is a must. Even casual internet users recognize it. You don’t need advanced computer knowledge to set this up, your host will likely provide shopping cart functionalityto conduct secure transactions, for example. Another perk of SSL or TLS certificates installed on your computer is that it is a positive factor in how your site is viewed by Google.
Enable DNSSEC - DNSSEC is a complicated topic that relates to the domain name system used to translate domain names into numeric internet addresses. When the DNS was first implemented, it wasn’t secure, and several vulnerabilities were discovered. The threat of name spoofing is an example. Name spoofing is whensomeone can intercept communication between you and a customer, and comes between the two partieshoping to victimize the customer.
Domain name system security extensions (DNSSEC) were created to tackle this problem. They are a set of protocols that add an extra layer of protection to the domain name system to prevent against unauthorized DNS hosts.
Reliable hosting - Hosting should be at the forefront of your battle against cyber crime. Check that your host is doing enough to ensure your site is secure from their side of things.
VPS - To be extra safe, use a VPS. Your domain exists on a slice of a much more powerful server in a secure data center. Unlike shared hosting, your domain is allotted a guaranteed amount of system resources.
Practice good server security habits - Performs regular updates on your CMS, disable unused services, plugins, widgets, etc., and control remote access.
Firewalls - Firewall the server so you can only access it from known safe locations/networks.
Choose the Right Registrar
Don’t buy your domain from the first registrar you come across. Be sure the registrar is authorized to sell domains, has a good reputation, and is trustworthy. When choosing a registrar, look beyond the price point alone; you need a quality service with good support.
Make sure your registrar provides additional security measures such as:
Notification of account changes, such as a pending domain transfer, which gives you time to respond before a domain is moved.
Readily available, knowledgeable technical support to assist implementing your domain name security.
Trained customer service agents who screen callers so no one can impersonate anyone in order to access an account.