Your domain is the central spoke of the wheel that is your company’s web presence. Keeping your domain secure is a crucial part of maintaining your overall security. Domain security is actually pretty simple, but it’s also easily overlooked. Taking a proactive approach to domain security when you register your website goes a long way toward keeping your website secure.
Let’s start with the basics. Your domain is the web address or URL where your website can be found. For example: wordzite.com. Many domains also have subdomains, for subsites that branch off from a main site. A common example of this is a company that has a main site as well as an online shop. In that case, a subdomain would look something like: shop.yourcompany.com.
yourcompany.com → domain
shop.yourcompany.com → subdomain
To get control of a domain, you first have to purchase it. Any given domain is purchased through a registrar — platforms like Squarespace, GoDaddy, and many others all offer domain registration services. These platforms usually offer tiered payment plans, in which the “free” tier website is actually a subdomain of the host website, while paid tiers allow you to register your custom domain.
Your domain name is the address of your website. In its URL form, it serves to let your users and customers know where to find you on the web. Domain registrars will also translate your URL into a machine-readable form called the IP address, which lets computers know where your site is located, and allows them to access it via the Domain Name Server (DNS).
While some domains are more expensive — especially highly sought-after dictionary words that someone is trying to resell — purchasing a domain that is not yet owned is affordable. An initial domain registration often costs less than $50.
It’s important to keep in mind that your domain is the key to securing your entire web presence. It’s not unusual for companies to purchase a domain on a whim, or for the task of domain registration to be relegated to whatever employee has time to do it. But a lax approach like this can sometimes lead to problems down the road.
Even if you’ve taken all the steps to secure your servers, files, and local network, if you don’t have adequate domain security, a malicious hacker can easily take control of your website. While your domain alone won’t allow a hacker access to your servers and company secrets, it does mean that they can steal all your incoming traffic — including paying and potential customers — resulting in a loss of revenue, and potentially, of your business’ professional reputation.
Securing your domain is quite simple, but it requires you to take action right from the start, when setting up your login credentials with your registrar.
Two-factor authentication is an option that you can set up with almost any login these days, and you want to use it for your registrar. What is two-factor authentication? When you log in to a website using a username and password, you can think of that as one-factor authentication. The authentication factor, in this case, is your password. Two-factor authentication requires an additional “factor” — usually in the form of a numeric code sent via SMS, email, or an authenticator app.
It’s important to keep the number of people who have access to the domain registrar to a minimum. In small businesses especially, it’s not uncommon for login credentials to exist on post-it notes at someone’s desk, where they’re freely accessible to anyone who walks by. While this can be convenient, it’s not ideal from a security standpoint. The more people who can access your domain registration, the higher the risk of a security compromise.
Keep the credentials confidential. Use a password manager, if possible. Access should be limited to one or two key people in your company.
Do you know who originally registered your domain? Do you know what email address or credit card is listed with your account? Regularly confirming that the registration information on file is correct and up-to-date can save you a lot of grief when your domain comes up for renewal. It’s a common occurrence for a website to go down because key company personnel are not notified of the renewal date, or because the credit card on file is expired when the automatic renewal rolls around. This is why it’s important to know exactly who is in charge of monitoring the domain, and to update credit card and contact information whenever there’s a change.
Speaking of bills…
You never really own a domain outright. Every domain is a lease, for a period of time. In some cases, domains will require monthly or annual renewal payments. Sometimes it’s possible to pay a lump sum to secure that domain for several years. Either way, your website is eventually going to require a renewal payment. Setting up alerts to notify you in advance of renewal dates is a key part of effective website monitoring, and of keeping your domain secure.
Registrars are accessible to anyone with an internet connection, and much of the information about the registration of individual domains is also freely available by default. There are plenty of reasons why you wouldn’t want the general public to be able to see the name and contact information of the person who registered your domain. Most registrars offer options to make this information private. Before you purchase a domain, confirm that your registrar offers this option, and don’t forget to set it up.
Where and to whom is your domain registered? Do you know whether the credit card info on file is up to date? Do you know when your next renewal payment is due? If you can’t answer these questions, do you know which of your colleagues or employees could?
Domain security is a simple process, but it shouldn’t be an afterthought. If you’re unsure of your domain’s security status, Wordzite can help you explore options and understand your website’s unique security needs.