(This is an article from OnlineOrNot.com. You can read the original by clicking here.)
Imagine you're sitting in your office, and you start noticing emails coming in asking if you'd like to buy your domain.
"Huh, that's weird, I already own that domain" you think to yourself.
A few more emails come in, and they're getting past the spam filter, so you decide to double check your domain manager. Doubt starts creeping into your mind, you start panicking, and you frantically scroll down to where the domain should be, and...
The only option you have is to pay the person that grabbed your domain $3000 USD.
Hold up, rewind...
This sort of scenario can be avoided, yet an entire industry of domain squatters exists due to how commonly it occurs.
In this article, I'll provide advice you can do today to keep your domain secure in the long run.
Table of contents
- Enable 2FA
- Check that your domain is set to auto renew
- Lock your domain from transfer
- Check your payment details
- Use a reputable domain registrar
- Be sure you own your domain
- Extend your domain registration
- Be aware of any TLD-specific rules around renewals
If your domain registrar supports it, enable 2FA (two-factor authentication, also known as MFA/multi-factor authentication). It'll send you an email/SMS/push notification when logging into your domain manager.
While not a foolproof way of stopping hackers, it'll slow them down and alert you if your account has been compromised.
Some domain registrars don't enable auto renew by default, particularly when transferring domains.
Check your domain manager to see that it's enabled.
While you're checking your domain manager has auto renewal enabled, also double check that your domain's "transfer lock" is also enabled.
Enabling transfer lock for your domain is effectively like a car alarm for your domain. If someone manages to get into your domain manager account, and tries to transfer the domain, you'll receive quite a few emails about it.
I know this one sounds obvious, but if the payment fails, your domain doesn't get renewed.
The most common mistake is that your credit card expires, and you forget to update the payment details your domain registrar has on file.
On the off-chance your domain registrar accepts Paypal (or similar), also double check that the payment details that they have are also up to date.
There are a few ways to interpret "reputable" - I mean large companies trust them with their services, and the business itself is trustworthy. Certain domain registrars also own companies that "drop catch" domains that expire from their services. Would you want to use a domain registrar that's financially incentivised to let your domain expire?
Here are some reputable domain registrars that immediately come to mind:
- Some of the largest internet companies trust AWS to host their services
- Decent reputation, has been around a very long time, used to make you pay for privacy, now doesn't
- Decent reputation, has been around a very long time
- Google Domains
- I hesitated to put this one on the list. Google has a reputation for killing products once it realises it won't be a billion dollar business. Despite this, I've heard Google's Support has been slowly improving over time.
I've personally had negative experiences with GoDaddy and CrazyDomains (in Australia), and would strongly recommend to anyone reading this: transfer your domain ASAP to somewhere like AWS.
If you purchased your domain through a third-party, like Wix, WordPress, or maybe the agency or contractor that helped build your site, chances are you're not fully in control of your domain.
Sure, it might be easier for you to have them manage the domain for you, and pass the bill along each year, however this sort of arrangement can become problematic when you want to cancel the service, or move to another provider.
If you're having an agency or contractors build your site for you, and they become unresponsive, you risk losing the domain if you also let them manage it for you.
By keeping the login to your domain manager to yourself, you can cut ties with rogue third-parties and move to a different provider.
Most domain registrars will let you extend your registration for around $12 USD per year for .com domains. This lets you remove the risk of your automatic renewal not going through by manually renewing.
For example, AWS offers the following:
Considering the amount of money domain squatters will try to get from you if you let your domain expire, it's a pretty good deal.
While it's great fun to grab a domain from a country half way across the world from you so you can spell out your brand, different countries have different rules around domain renewals.
As an example, Spain (.es) charges a renewal fee on top of an annual fee. As well as that, if you let the domain expire, there's another renewal fee that ranges from 30 USD to hundreds of dollars (depending on your registrar).
Got any tips I'm missing? Feel free to tweet them at me!