The Ultimate Guide To Domain Name Security
Registering a new domain through WPMU DEV? This Domain Security Guide provides all the information you need to learn how to keep your domains safe, secure, and protected.
Keeping your online presence safe, secure, and protected from hackers, malicious software, and unforeseen events that can compromise your business is complex. Web security involves many areas, including web hosting security, website security, password security, the security of WordPress itself, and domain name security.
In this article, we cover all you need to know about securing your domain name. You will learn how to keep your domain name(s) safe, adding another layer of protection to the overall security of your business for greater peace of mind.
- What Is Domain Hijacking?
- Why Is Domain Name Security Important?
- Domain Name Security: Who Is Responsible For What?
- How Domains Get Hijacked
- Domain Hijacking – Common Scenarios
- What To Do If Your Domain Is Hijacked
- Domain Name Security Improvements And Recommendations
- Domain Name Security Best Practices: What You Can Do To Keep Your Domain Name Safe
- Additional Domain Security Tips
- Make Your Domain Name Security A Priority
What Is Domain Hijacking?
Domain hijacking or domain theft, is taking wrongful control of a domain name from the rightful name holder.
Domain hijacking is usually associated with cybercrime. It involves the theft of a domain name via unauthorized access to the domain management account, or changing a domain’s name servers by illegally accessing the domain name system (DNS), also known as DNS hijacking.
Domain hijacking also takes place more often than you can imagine.
Verisign is a global provider of domain name registry services and internet infrastructure. They are not only the authorized registry for top-level domains (TLD) like .com, .net, .name, .cc, etc., but every quarter, they also review the state of the domain name industry and provide a brief highlighting important trends in domain name registrations.
According to Verisign’s Domain Name Industry Brief (DNIB), there are currently over 350 million registered domains around the world. Based on this figure and the number of domain transfer disputes and other claims related to domain hijacking handled by GoDaddy’s Domain Compliance and Advanced Support Team (DCAST) team, GoDaddy calculated that malicious cyber-criminals make around 170,000 attempts every year to steal domains from their registered name holder (RNH).
This means that every hour of every day, around 20 attempts are made to steal someone else’s domain name.
Why is Domain Name Security Important?
Devices connect and communicate with each other on the web using unique IP addresses.
As an IP address is just a string of numbers (e.g. 2607:f8b0:4004:815::200e), it’s difficult for the human brain to remember these, so we map domain names to IP addresses to make finding sites easier.
For example, the string of numbers shown above is the IP address for Google’s website. It’s much easier to remember Google.com than to tell someone searching for answers online to “just 2607:f8b0:4004:815::200e it,” wouldn’t you agree?
This example also illustrates just why domain names are so important and necessary to protect. Domains not only represent your brand and your identity online, they are also the primary method the rest of the world has to communicate with your business online.
If someone takes over your domain, they not only control your online brand and identity, they also control all email addresses based on that domain, and can wreak absolute havoc with your website and your business.
As ICANN, the organization responsible for managing domain names worldwide puts it…
“Domain hijacking can have a lasting and material impact on a registrant. The registrant may lose an established online identity and be exposed to extortion by name speculators.
Domain hijacking can disrupt or severely impact the business and operations of a registrant, including (but not limited to) denial and theft of electronic mail services, unauthorized disclosure of information through phishing web sites and traffic inspection (eavesdropping), and damage to the registrant’s reputation and brand through web site defacement.”
Once a hijacker gains access to a domain’s account and its control panel, they can make account administrator and password changes, and redirect the domain to a new server (“DNS hijacking”), effectively gaining complete control of the domain.
If you want to read about the kind of hassles you can expect to deal with if your domain name gets hijacked, check out this insider account of the domain name hijacking of perl.com.
So, what can you do to protect your domain from being hijacked?
To answer this question properly, first let’s look at who is responsible for ensuring the various aspects of domain security.
Next, we’ll look at industry-wide domain name security recommendations and what you can do to keep your domain name(s) safe and secure.
Domain Name Security: Who Is Responsible For What?
Domain name security involves many players. These include:
- ICANN (Internet Corporation for Assigned Names and Numbers). This is the global not-for-profit public-benefit corporation responsible for ensuring a stable, secure, and unified global Internet and the authority in charge of overseeing the infrastructure that allows any browser to connect to any domain on the internet anywhere in the world. ICANN also maintains the global database containing all of the world’s IP addresses and domain names, called the Domain Name System (DNS) and often referred to as the phonebook of the Internet, connecting web browsers with all websites.
- Domain Registry – Every allowed top-level domain (TLD) – e.g. .com, .net, .store, .site, etc. is supervised by an organization officially appointed by ICANN. Domain registries, then, are the official organization responsible for managing all domains under that TLD.
- Domain Registrar – An ICANN-accredited entity that makes the purchase and registration of domain names available to businesses and individuals. Essentially, they are domain name providers who can make adjustments to the domain name’s information in the database maintained by ICANN. A domain registrar can source and sell domains from different domain registries.
- Domain Reseller – These are also domain name providers but not ICANN-accredited. Domain resellers are a distribution outlet for domain registrars. They pass on information to domain registrars, who then update ICANN’s global database.
- Domain Registrant – These are the entities (companies, businesses, or individuals) who purchase and register domain names. It’s important to note that domain names cannot be owned, only leased.
See the chart below if you need help understanding how the domain name world is organized.
A report compiled by ICANN detailing incidents and threats of domain name hijacking found that domain name hijacking incidents often result from a combination of security failures that can involve all of the above parties.
These failures include:
- Flaws in registration and related processes
- Failure to comply with the transfer policy
- Poor administration of domain names by registrars, resellers, and registrants
How Domains Get Hijacked
In the above-mentioned report, ICANN found that many security incidents leading to domain name hijacking occur when registrars and resellers fail to adhere to its transfer policy and their registrant identity verification processes are insufficient to detect and prevent fraud, misrepresentation, and impersonation of registrants.
ICANN, however, also plays a role in this. Its policy on transfer of registrations between registrars makes transfer contact email addresses an acceptable form of identity.
All a domain hijacker needs to hijack a domain is the domain name and an administrative contact’s email address.
Registrant email addresses and contact information are often accessible via the Whois service. This allows anyone with an email address matching the transfer contact email address to impersonate registrants.
From there, it’s not difficult for malicious users and attackers to apply their ill-gotten social engineering skills to target a domain. They can do this by gathering contact information using Whois services and by registering expired domains used by administrative contacts.
Given the above, it’s no wonder that so many domain hijacking attempts are made every year.
Consider just how simple it can be for a fraudster to obtain the information needed to impersonate an authorized account administrator and contact a domain registrar hoping to gain access to a domain’s control panel:
- It can be an “inside job” if someone in the company has access to the owner’s account information.
- It can come from security breaches and compromises such as hacking the owner’s device or email account, or from the theft of personal documents containing account information.
- It can even be someone calling up the registrar with a made-up story feigning a dire need to gain immediate access to the account as a result of an “emergency.” For example, by pretending to be a family member or an employee of a business that has closed down or saying that the account owner has died and the business needs urgent access to the domain to continue trading.
Other contributing factors to the high incidence of domain hijacking attempts mentioned in ICANN’s report include:
Registrants allowing registration records to become stale
ICANN’s policy requires registrars to request registrants to update their records annually, but registrars have no obligation to take any action other than to notify registrants.
A lack of accurate registration records and Whois information in the transfer process makes a domain name vulnerable to attacks.
Domain resellers can become “invisible” to ICANN
ICANN and registries deal with domain registrars, but have no relationship with domain resellers.
While resellers can operate with the privileges of a registrar when registering domain names, it is the responsibility of the registrar to ensure that policies are enforced by resellers and that records of domain name transactions are accurately maintained.
This “gap” in the business relationship chain leading from registrants to ICANN has been identified as an area with potential opportunities for attackers to exploit.
Dispute mechanisms are not designed to resolve urgent issues
ICANN’s Inter-Registrar Transfer Policy is not designed to prevent incidents requiring immediate and coordinated technical assistance across registrars and has no provisions to resolve the urgent restoration of domain name registration information and DNS configuration.
Registrants also have a part to play
ICANN, registries, registrars, and resellers need to do everything in their power to ensure that domains remain secure and protected.
As we’ll explore later in this guide, however, registrants also have an important part to play in keeping their domains secure.
After all, as the saying goes, a chain is only as strong as its weakest link, and often domain name registrants become the weakest link by failing to take all the necessary precautions and then falling prey to social engineering tactics (e.g. phishing emails, domain spoofing, etc.) leading to identity theft or impersonation. Once this happens, hackers can easily hijack and take control of a domain name.
Domain Hijacking – Common Scenarios
Before we move on to what can be done to improve domain security, let’s look at some of the most common types of domain hijacking scenarios and then briefly discuss what to do if you experience any of the incidents described below:
Domain Name Transfer
Typically, when someone attacks your domain, they are usually aiming for one of two (or both) outcomes:
- Change your domain registration contact information to gain control of any domains registered under your account, or
- Modify the DNS settings so that your domain name’s resolution is handled by another server (this is called DNS hijacking and we cover it further below)
If the aim of the domain thieves is to maintain the name, they may update the registration data (WHOIS) linked to the domain name, change payment details, and then attempt to transfer the domain name to a new registrar so as to erase the history of their registration activity.
As mentioned earlier, once a hijacker gains access to your domain’s account and its control panel, they can take complete control of your domain by making account administrator and password changes, redirect the domain to a new server, and wreak havoc in your business.
In worse case scenarios, a hijacker can cause significant loss of revenue and damage to your brand.
This is exactly what happened to ShadesDaddy.com in 2015 when hackers took over their registrar account and transferred the domain to an account in China which sold counterfeit merchandise, causing the company to suffer great loss of traffic, revenue, and damage to their brand.
If a hijacker takes over a valuable domain name, they can sell it or extort the owner by holding them up for ransom.
As was made clear in the hijacking of Perl.com article described earlier, if your domain account email contact details are tied into your domain and your domain is hijacked, all business communications over email are effectively hijacked too.
Domain hijackers can do anything from disabling and interfering with communication channels like your website and email to sending out fake emails, to completely blanketing out all business communications online.
As explained in this article, if a hacker is able to modify the information in the DNS server, they can potentially send someone to an IP address that isn’t necessarily where they thought they were going.
There are many ways to do this, most of which involve taking control of the DNS server. This is called DNS hijacking or DNS poisoning.
With domain hijacking, hackers don’t need to change anything in the existing DNS server. They can simply change the domain information in the domain registration account (where all of the primary DNS information is input) and point to a domain server that they control.
Pharming is when a hijacker takes control of your website and points it to a malicious site or posts offensive content on your site. This can cause serious damage to your reputation, as all traffic is directed to content that you have no control over.
Domain hijackers can cause even wider damage when taking over your domain by using your website to collect valuable information from users such as credit cards, social security numbers, logins, etc. and engage in serious criminal activities that can impact the lives of many people.
What To Do If Your Domain Is Hijacked
Recovering a hijacked domain may take time and involve a lot of hassle and expense, but it is possible, so if it happens to you, don’t despair…take action!
In the previous section, we mention the hijacking of ShadesDaddy.com. Here is a first-hand account from the domain owner describing what it took to recover their domain.
As Pablo Palatnik, owner of ShadesDaddy.com states in the article, it’s important to understand the role that companies like ICANN and Verisign play in domain names.
We have covered ICANN quite a bit in this guide. If you are the victim of domain hijacking, ICANN recommends contacting their Security Team for guidance. They will then ask about the circumstances relating to the attack.
It’s also important to note, that as mentioned in the above article, Verisign is the only organization with the authority to transfer a domain name in the case of a hijack (with a court order or ICANN compliance notice).
As the article also points out, as soon as you become aware that your domain name may have been attacked, the first step is to alert and inform your domain registrar immediately and push them to take immediate action and start putting ICANN procedures like the Registrar Transfer Dispute Resolution Policy in place to communicate with the registrar that currently has your domain name.
Request that the transfer be revoked right away. Registrars usually apply a 60-day transfer lock to the transfer procedure, so if your domain has been transferred to an internal account with the same registrar, you have a better chance of recovering it.
Don’t wait too long, as the domain thief may attempt to move the domain name several times to cover their tracks and this will only complicate things and make recovering your domain more difficult.
Next, you should change all of your passwords to prevent the hacker from getting into your other accounts.
If you have a registered trademark, the Uniform Domain-Name Dispute-Resolution Policy (UDRP) is a contract that all ICANN-accredited registrars must follow to handle disputes about domain name ownership. It permits quick banning of the domain, preventing its data from being modified or moved to another registrar, and also preventing internal transfers between registrar accounts.
Keep in mind, however, that the UDRP was primarily developed as a way to counter cybersquatting or trademark breaches, so if your domain name is not associated with a trademark, it may not be very helpful.
According to ICANN, documentation is key to recovering hijacked domain names.
Since it is crucially important that you be able to demonstrate to your sponsoring registrar that the registration or use of the domain is rightfully yours, ICANN provides a list of documentation you should maintain to create a “paper trail” should a dispute ensue over domain ownership with whoever is listed as the registrant in a hijacked domain name.
Some of the basic documentation you should be able to provide includes things like:
- A domain history (copies of registration records that show you or your organization as the registrant, billing records, email receipts, web logs, archives, tax filings, etc.).
- Financial transactions linking you to the hijacked domain name (e.g. credit cards or bank statements showing purchase details)
- Correspondence from your registrar relating to the hijacked domain name (e.g. domain renewal notices, notices of DNS change, telephone call records, etc.)
- Legal documents mentioning the domain name (e.g. a contract for the sale of a business listing the domain name as being included).
Some additional things you can do, according to Pablo Palatnik (who eventually did manage to get his domain name back) is to get an experienced lawyer, try to expedite things with a court order, and start making some noise about what happened to you (e.g. post about it on social media).
Reverse Domain Hijacking
One more thing to keep in mind is that if you own a valuable domain name, you may also become a victim of “reverse domain hijacking” (RDNH).
This is where a trademark owner attempts to obtain your domain name by initiating a domain name dispute and fraudulently claiming that you are cybersquatting (i.e. registering domain names that are identical or similar to trademarks, service marks, company names, or personal names in the hope of reselling them at a profit.)
Where domain name hijacking (which is also known as reverse cybersquatting) is usually associated with cybercrime, reverse domain hijacking is basically acting in “bad faith” to attempt to deprive a registered domain name holder of their domain name.
Now that we have seen just how damaging and serious domain hijacking can be, let’s take a look at what can be done to minimize and prevent the threat of incidents.
Domain Name Security Improvements And Recommendations
ICANN’s report not only points out factors that can result in domain hijacking incidents but it also offers registries and registrars various recommendations for improving domain security and helping to protect and safeguard registrants from having their domains hijacked.
These recommendations cover areas like:
Strengthening identity verification requirements in electronic correspondence
ICANN recommends raising all identify verification requirements to the same level as used when verifying by mail or in person.
ICANN recommends investigating additional methods to improve the accuracy and integrity of registrant records.
Registrar-Lock and EPP authInfo implementations and best practices
A registrar-lock is a status code set on a domain name by the registrar to prevent unauthorized, unwanted or accidental changes to the domain name.
When set, the domain registry prohibits certain actions from taking place, such as modifying, transferring, or deleting the domain name, changing domain name contact details, etc.
The EPP authInfo code (also known as an Auth-Code, EPP code, authorization code, transfer code, or Auth-Info Code), is a generated passcode required to transfer a domain name between domain registrars and indicates that the domain name owner has authorized the transfer.
ICANN recommends that the same EPP authInfo code not be used for all domains by a registrar and that registries and registrars provide resellers and registrants with Best Common Practices describing appropriate use and assignment of EPP authInfo codes and risks of misuse when unique EPP codes are not used.
ICANN recommends investigating whether making pending transfer notices between registries and registrars to registrants mandatory instead of optional would reduce incidences of domain name hijacking.
Providing emergency channels and procedures
ICANN recommends that registrars should obtain emergency contact information from registrants and share emergency support staff contact information with other registrars, resellers, and registries to provide 24 x 7 access to registrar technical support staff in an emergency situation.
Additionally, ICANN recommends emergency procedures and policies to be defined by registrars for allowing registrants to obtain immediate intervention and restoration of their domain name registration information and DNS configuration.
Improving public awareness
ICANN recommends providing better education to registrants on areas like:
- Threats of domain name hijacking and registrant impersonation and fraud.
- Procedures for requesting intervention and obtaining immediate restoration of a domain name and DNS configuration.
- Keeping registration information accurate.
- Protection mechanisms like Registrar-Lock, EPP authInfo, etc.
ICANN recommends investing stronger enforcement mechanisms for dealing with registrars that fail to comply with the transfer policy, and holding registrars more accountable when working with resellers.
Domain Name Security Best Practices: What You Can Do To Keep Your Domain Name Safe
Now that we have covered all that is being done and proposed by ICANN to improve domain security for registries, registrars, and resellers, let’s turn our attention to what domain name registrants can do to keep their domain names safe.
Choose a Reliable Domain Provider
Ideally, you want to purchase your domains from an accredited registrar or a reputable domain name reseller offering a secure DNS management panel and 24×7 technical support.
Having access to an online support team focused on protection and security is important, as they will be your first point of contact if you experience any issues with your domains and need immediate help or assistance.
Assign Your Domain Ownership To A Business Entity
Always register domains to a business or corporate entity. Avoid registering a domain name under an individual’s name. This ensures business continuity regardless of the individuals who may come and go from the business.
As an example, suppose your business manager registers a domain name under their own name and then leaves the company. Your business risks losing the domain, being disrupted, or if there are any issues involved, going through a lot of hassle to reclaim domain name ownership.
Lock Your Domain Name
Domain locking (Registrar Lock) provides extra protection to domain names by preventing the transfer of your domain to another registrar by unauthorised third parties.
Leaving a domain “unlocked” creates an opportunity for domain hijackers to try and transfer your domain name or redirect your domain’s name server without your permission, so lock your domain name through your domain name management system immediately after securing your domain registration.
Activate Domain Privacy
As mentioned earlier, all a domain hijacker needs to hijack a domain is the domain name and an administrative contact’s email address.
It’s critically important, then, to protect the email account associated with your registered domain. The best way to do this is to consider using private domain registration when registering your domain.
Private domain registration (also referred to as Domain Privacy, Domain Privacy & Protection, WHOIS Privacy, or WHOIS Privacy Protection) provides a simple and inexpensive way to hide your name, phone number, and email address from public viewing within the WHOIS database, ensuring online anonymity.
Note: Some domain registries do not allow domain privacy services.
For example, when registering .com.au domains or any other .au extensions, auDA‘s (the authorized .au name space overseer) notes in section 2.4, clause b) of its Registrant Contact Information Policy that:
“registrants must not do anything which may have the effect of concealing the true identity of the registrant or the registrant contact (eg. by using a private or proxy registration service)…”
Choose A Strong Password
In today’s world of rampant cybercriminal activity, we shouldn’t even be discussing password security anymore. Weak passwords, however, remain one of the top threats to data security, so don’t choose weak passwords for your registrar account. You will only be inviting trouble.
Choose a strong password instead so that guessing it becomes next to impossible. Follow basic password security recommendations: Generate a password that’s at least 8 characters long (the longer, the better), with at least one numeric value, one symbol and randomly selected letters.
Regularly Update Your Passwords
This is another basic but important area of password security. Despite all security advice, many businesses end up sharing passwords internally with team members, who may then share it with other team member. Over a period of time, having the information being shared around multiple times can present a real security threat, especially if people who are no longer with the company have access to it.
So, make sure to regularly change your domain registration account passwords. A good time to do this is when registrars send out requests to verify and update your contact details, as they are required to do per ICANN’s policy.
While still on the subject of password security…
Never Share Your Domain Registrar Login Details
The less people who have access to your domain registration account, the less chances of security breaches coming from inside the organization.
If possible, try to restrict access to your domain registrar login details only to those who absolutely need to know it. And if they are no longer part of the organization, then change the login details immediately.
Register Your Domain Name For 10 Years
Choose the maximum registration period available. Many registrars allow you to secure your registration for up to ten years.
If you plan to be in business for a while, consider registering your domain for the next 10 years.
Turn On Auto-Renew
If you miss your domain name renewal reminder and forget to renew your domain name, you run the risk of having it expire and having someone else register it.
You can avoid losing your domain name by choosing maximum registration periods and turning on auto-renew.
Provide Backup Payment Details
If your domain name account allows more than one payment method to be input, then provide details for a second payment method.
This will minimize the risk of losing your domain name due to a failed domain renewal charge (e.g. an expired credit card).
Provide Backup Contact Information
If your domain name account allows you to provide backup contact information (including a backup contact email address), this helps to make it easier for authorized users to retrieve access to your domain name account if anything happens to the main contact email.
Which brings up another important point…
Use A Different Contact Email Address Than Your Registered Domain’s Email
As the domain hijacking case of Perl.com illustrates, if your registration account’s contact email address is tied to the same registered domain name, your entire organization could be “incommunicado” if your domain is hijacked (i.e. the hijackers will have complete control of your domain AND your email).
For this reason, it’s best to use a different email address than the one associated with the registered domain. Also, having a backup contact email address on the account helps.
Regularly Monitor Your Domain Name Status
One of ICANN’s recommended practices for registrants to protect their domains includes routinely monitoring domain name status and performing timely and accurate maintenance of the domain’s contact and authentication information.
Making proactively monitoring your domain name registration status a part of your regular business reviews will help you detect any issues sooner rather than later.
Additional Domain Security Tips
Here are some other options to explore to keep your domains and online presence secure:
Register Domain Name Variations
Scammers and hackers often look to register domain names similar to other known domains so they can impersonate the brand or trick unsuspecting users into providing confidential details like login details, banking information, etc.
Registering popular variations of your domain name not only protects your brand, it also creates an additional layer of protection against common hacking techniques like phishing or domain name typosquatting (a type of social engineering attack that targets internet users who incorrectly type a URL into their web browser and land on another registered domain name containing a typo, mispelled variant, alternative spelling, singular/plural variant, or a different domain extension. Typosquatting is also known as domain mimicry, URL hijacking, sting sites, or fake URLs).
Use Domain SSL Certificates
Adding an SSL Certificate to your domain prevents hackers from being able to “listen in” to encrypted connections between user’s devices and your website and steal sensitive data such as credit card numbers, bank login details, contact details, email addresses, etc.
Use Multi-Factor Authentication
Multi-factor authentication (MFA) is a security measure that requires at least two or more proofs of identification in order to grant users access.
A 2-step verification method like two-factor authentication (2FA) adds an extra layer of protection by making sure that only you can sign in to your account.
Domain Name System Security Extensions (DNSSEC) is an advanced DNS feature that strengthens DNS authentication using cryptographic digital signatures and adds an extra layer of security to domains by attaching digital signature (DS) records to their DNS information to determine the authenticity of the source domain name.
When DNSSEC is enabled, DNS lookups use a digital signature to verify that the source of your site’s DNS is valid. If the digital signature doesn’t match, web browsers won’t display the site.
Although DNSSEC can improve domain security, protect your domains from potential cache poison attacks and DNS spoofing, and is useful if you have valuable data to protect, it is not automatically enabled as implementation often requires significant effort and expense and needs to be specifically enabled by network operators and domain name owners.
DNSSEC can also reduce site performance, make DNS more prone to failure, and some domain extensions (e.g. country code domains) don’t support it. Hence support and adoption of DNSSEC worldwide is currently slow.
Use A VPN
If you have the need to be extremely security-conscious about your site, you can use a Virtual Private Network (VPN) to access your domain name account and stave off hackers on the lookout for unsecure connections where they can siphon valuable data.
A VPN hides your public IP address and adds security and anonymity when connecting to web-based services and sites.
Don’t Let Your Security Guard Down
In addition to all of the above recommendations, it’s important to also use common sense and remain vigilant to scams, malware, and other attempts to trick you into giving up valuable details that could see your domain name account being hacked and hijacked.
Some basic precautions you can take include:
- Don’t share logins, passwords, and email addresses. Especially not for administrative accounts.
- Use SPAM filters. Yes, spammers have ways of getting around filters, but any suspected spam you can automatically send into a junk mail folder will provide at least a modicum more protection than not using any spam filters at all.
- Never open attachments sent from unknown sources. Unfortunately, even family and friends can forward you emails with attachments containing viruses, so it’s important to be extra vigilant. If you are unsure about an attachment, check with the sender to make sure it’s legit.
- Don’t click any links inside spam messages. Not even the “Unsubscribe” link. It not only makes you vulnerable to viruses and malware, it also confirms to spammers that your email address is active.
Make Your Domain Name Security A Priority
Hopefully, this guide has helped to increase your awareness of how important it is to keep your domain name safe, secure, and protected. The security of your entire digital presence depends on it.
As mentioned at the beginning of this article, keeping your business secure is a complex undertaking. It requires hardening on many levels, and working with trusted partners and solutions.
At WPMU DEV, our aim is to become more than your all-in-one WordPress platform provider. We want to be the business partner you can trust and rely on to grow your business profitably and securely.
If you sell WordPress web development services or plan to start a web development business, consider becoming a WPMU DEV member and buying your domains through our white label integrated domain and hosting reselling platform (soon to be fully automated).
When you register a domain with WPMU DEV either for your own business or on behalf of your clients as a reseller, you get the following security features to help keep your domain safe and protected included at no additional cost:
- Registrar Lock
- Privacy Protection
- HTTPS (if your site is hosted with us, we provide free SSL and force HTTPS).
- Longer Registration Periods (up to 10 years)
- Contact Info Update Verification (whenever you update your contact information, we check our database and if we don’t have that data, you will receive a verification email before updating the information.)
- 2FA Options For Members (should your WPMU DEV account password ever become compromised, unauthorized users will still require a 2FA code to be able to login).
- 24/7 Technical Support. Receive expert support on all things WordPress, hosting, and domains any time, any day.
Learn more about the benefits of registering your domains with WPMU DEV or visit our documentation section.