Hello friend!! Hope you’re having a fantastic day today! This is my first real post on this blog and I am so excited to share these tips on how to protect your domain from hijackers!
It’s so important to make sure your domain isn’t hacked. First off: It’s YOURS! You own it- and it’s worth more than you think! It’s probably not been flagged by spam detectors, so a hacker could use it to send spam emails, or to get people to click malicious links to malware or simply to extort money from you! I’m not going to pretend to understand the criminal mind, but thousands of domain thefts are attempted each year, and some of them do succeed. It’s devastating, and none of us want to find ourselves in that situation.
Not to worry though! Just follow these tips on how to protect your domain from hackers and you will be taking major strides in making it hard- if not impossible- for someone to hijack your domain.
1. Create Strong Passwords
Personally, I think this goes without saying, but brute force password hacking attempts are very common and that’s why it’s important to create a strong password to thwart potential hackers.
Hackers are dangerously good at guessing dictionary-word passwords. And we continue making it easy for them by using some of the most common passwords, like this list from 2019.
Here’s a list I made from checking out Wikipedia’s report on the most commonly used passwords during the past decade.
Choosing a strong password can be easy. You can let your Chrome browser choose them for you, which will simply be a random selection numbers, letters and symbols. Chrome will remember them for you. If you prefer the Apple ecosphere, Safari can generate & remember passwords for you too.
As a general rule, the longer the password, the harder it is to crack. Anything over 11 characters is safe, less than that and a determined hacker could get in. The chart below shows times to potentially crack a password made of lowercase letters only.
Adding capital letters or special characters and numbers can increase the time it takes to crack your password exponentially. This is because these types of characters increase the entropy of your password. Follow these tips and you can be sure to thwart criminals and protect your domain from hijackers.
2. Choose a good registrar
Make sure your registrar is ICANN Accredited. Here is a list of all ICANN accredited registrars. ICANN is the organization that coordinates web addresses throughout the world. This way, each web address is different and your computer knows where you want to go when you type in Google.com. That is a specific address and there is no other “Google.com” you could be sent to other than the one we know. There would be no world-wide-web if ICANN did not make sure that each website has a different web address.
It’s important that they be ICANN accredited because ICANN is a regulatory body that has processes in place to protect the malicious transfer of your domain. They also may be able to provide you with advice or assistance if your domain if it has been stolen.
3. Make Sure Your WHOIS Information is Up-To-Date
Because your EPP code (the code that you’ll request from your domain registry if you ever want to change domain registries) can only be sent to the email address publicly listed in the WHOIS directory, it’s important to keep that information up-to-date! If you lose access to an email address or if your email address changes for any reason, be sure to change it in the WHOIS directory. Not only is this important for security purposes, ICANN could actually suspend your domain if it finds that your information is incorrect.
4. Keep Information On-File That Proves the Domain Belongs to You
If you bought a business that came with a website, or you have legal documents or payment records, even tax filings, all of these things can serve as proof that the domain name belongs to you. You can start a little file now just in case you need these in the future!
5. Beware of the Scam Email
Most people already know this, but if you get an email and it says “Urgent, Your Account is in Danger” and it asks you to click a link and sign in: DON’T DO THAT! If you have concerns about your account, go directly to the website of your registrar, sign in that way and/or call your registrar directly. Don’t click random links in emails.
6. Make Sure You Have A Security Plan
WordFence is a FREE plugin for WordPress that you can use when you first start your site to help protect it. A total of 10 brute force login attacks have been prevented so far on this site, so far! JetPack also provides security with a premium subscription along with other perks at $99/ month. But there are LOTS of ways to secure your site both free and paid, and it’s important to have a security plan for your site. That’s a post for another day! I’ll update this once I write it!
What Is Done To Protect You?
No one wants your domain to get stolen. No one. Your registrar doesn’t want this to happen, ICANN doesn’t want this to happen and you don’t want this to happen. So, in addition to the things listed above that can help prevent your domain from being stolen, there are people and organizations out there working to protect your domain from hijackers.
ICANN protects your domain by preventing transfers for 60 days after registration or any other transfer. This means that if you buy a domain, you can’t transfer it until 60 days have passed. This also applies if you transfer your domain. Once the transfer is completed, it can not be transfered for another 60 days. This protects you because you’re likely to notice within 60 days if your domain has been stolen and can report it. However, if a thief were to hijack it, and move it from registrar to registrar, retrieving it would involve all the registrars making it more difficult.
Registrars are there to protect your domain too! EPP (Extensible Provisioning Protocol) transfer codes are required by registrars when transfering domains. EPP codes may only be sent to the email address listed in the publicly-available WHOIS record. This protects you too! This way, only you can receive the EPP code required to transfer your domain!
I hope this article has helped you think of ways to protect your valuable domain from hijackers! I hope you never need to prove that you own your domain or that you receive fishy phishing emails, but the criminals are out there every day.
Please let me know in the comments if you have any tips for me and what you think in the comments below! Let’s learn from each other! Thanks for reading!