To prevent unauthorized domain transfers, enable registrar lock, use strong unique passwords and 2FA, and keep WHOIS contact emails secure. For high-value domains, consider registry lock and monitor for DNS or contact changes. Most hijacks succeed via compromised email or weak account security, tighten those first.
How Hijacking Happens
Domain hijacking rarely involves sophisticated hacking. Most attacks exploit weak passwords, phished credentials, or compromised email accounts.
Attackers access your registrar account through credential stuffing, phishing emails, or social engineering. Once inside, they unlock the domain, request authorization codes, and initiate transfers.
Your WHOIS email is another vector. Transfer confirmations go there, if attackers control that inbox, they can approve transfers without your knowledge.
Level 1 Security: Registrar Lock
Registrar lock is free, easy, and essential. This setting prevents transfers from initiating without first unlocking.
When locked, transfer requests fail automatically. Attackers must take an additional step, unlocking, which triggers notifications if monitoring is enabled.
Enable registrar lock on every domain. There's no downside; unlock temporarily only when legitimately transferring your domain to another Registrar.
Level 2 Security: 2FA and Email Security
Two-factor authentication blocks attackers even with your password. Without your authentication device, they cannot log in.
Equally important: secure your WHOIS contact email with its own strong password and 2FA. If attackers compromise your everyday email, domain notifications remain protected.
Level 3 Security: Registry Lock
Registry lock places protection at the registry itself, the authoritative database for your TLD, requiring manual, offline verification to modify.
Unlocking requires identity verification through phone calls or documentation. This defeats automated attacks entirely.
Registry lock is typically paid and involves manual processes. It's designed for high-value domains, corporate brands and business-critical properties where inconvenience is worth the protection.
Common Mistakes: Sharing EPP Codes Carelessly
Authorization (EPP/auth) codes unlock transfers. Sharing via email or chat creates records attackers can find if those accounts are compromised.
Never email auth codes. Use secure channels and delete messages afterward. Treat EPP codes like passwords, they grant transfer permission to whoever has them.
Other mistakes would include reusing passwords, ignoring transfer notifications, and outdated WHOIS contact information.
What This Means for You
NameSilo maintains registrar-level locks on all domains by default. Domain Defender adds two layers: Account Protection: Set up to 5 security questions required for domain changes. Even with account access, attackers cannot modify domains without answering correctly.
Proactive Notification: Receive email or SMS alerts for nearly 15 change types, nameserver updates, lock changes, contact modifications, and auth code requests. Know immediately if unauthorized changes are attempted.
Combined with 2FA, Domain Defender creates multiple barriers protecting your domains.
Frequently Asked Questions
A setting preventing transfer initiation until unlocked. Free, instant, should be enabled on all domains.
What is registry lock and who needs it?
Registry-level lock requiring manual verification. For high-value domains needing maximum protection.
How does 2FA protect domains?
Requires second verification beyond passwords, blocking attackers with stolen credentials.
What are signs of a hijack attempt?
Unexpected password resets, transfer notifications you didn't initiate, or DNS changes you didn't make.
How do I secure my WHOIS email?
Use a dedicated address with a unique password and 2FA separate from everyday email.
DNS changes, contact updates, lock status, and authorization code requests.
What is an EPP code and how should I store it?
Authorization code enabling transfers. Store securely, never email, regenerate after exposure.
What to do if unauthorized transfer starts?
Contact your registrar immediately. Most have dispute processes to halt transfers within the 5-day window.
.png&w=2048&q=75)
.png&w=3840&q=75)
.png&w=3840&q=75)