Ways to avoid losing your domain

Imagine you're sitting in your office, and you start noticing emails coming in asking if you'd like to buy your domain.

"Huh, that's weird, I already own that domain" you think to yourself.

A few more emails come in, and they're getting past the spam filter, so you decide to double check your domain manager. Doubt starts creeping into your mind, you start panicking, and you frantically scroll down to where the domain should be, and...

It's gone.

The only option you have is to pay the person that grabbed your domain $3000 USD.

Hold up, rewind...

This sort of scenario can be avoided, yet an entire industry of domain squatters exists due to how commonly it occurs.

In this article, I'll provide advice you can do today to keep your domain secure in the long run.

Table of contents

Enable 2FA

If your domain registrar supports it, enable 2FA (two-factor authentication, also known as MFA/multi-factor authentication). It'll send you an email/SMS/push notification when logging into your domain manager.

While not a foolproof way of stopping hackers (hackers could still phish your employees for their 2FA code - YubiKey devices don't have this issue), it'll slow them down and alert you if your account has been compromised.

Check that your domain is set to auto renew

Some domain registrars don't enable auto renew by default, particularly when transferring domains.

Check your domain registrar to see that it's enabled. You can usually find it in settings when managing your domain.

Lock your domain from transfer

While you're checking your domain manager has auto renewal enabled, also double check that your domain's "transfer lock" is also enabled.

Enabling transfer lock for your domain is effectively like a car alarm for your domain. If someone manages to get into your domain manager account, and tries to transfer the domain, you'll receive quite a few emails about it.

Enabling transfer lock might slow you down in the future when you want to change domain registrars, but if you don't plan on moving any time soon, you may as well turn it on.

Check your payment details

I know this one sounds obvious, but if the payment fails, your domain doesn't get renewed, and you typically have about 30 days to notice before your domain disappears.

The most common mistake is that your credit card expires, and you forget to update the payment details your domain registrar has on file.

On the off-chance your domain registrar accepts PayPal (or similar), also double check that the payment details that PayPal have are also up to date.

Use a reputable domain registrar

There are a few ways to interpret "reputable" - I mean large companies trust them with their services, and the business itself is trustworthy. Certain domain registrars also own companies that "drop catch" domains that expire from their services. Would you want to use a domain registrar that's financially incentivized to let your domain expire?

Here are some reputable domain registrars that immediately come to mind:

  • AWS Route 53
    • Some of the largest internet companies trust AWS to host their services
  • Cloudflare Registrar
    • 20% of the internet's traffic runs through them, and the domain registrar service is provided at-cost
  • NameCheap
    • Decent reputation, has been around a very long time, used to make you pay for privacy, now doesn't
  • Gandi
    • Decent reputation, has been around a very long time

I've personally had negative experiences with GoDaddy and CrazyDomains (in Australia), and would strongly recommend to anyone reading this: transfer your domain ASAP to somewhere else.

Be sure you actually own your domain

If you purchased your domain through a third-party, like Wix, WordPress, or maybe the agency or contractor that helped build your site, chances are you're not fully in control of your domain.

Sure, it might be easier for you to have a third-party manage the domain for you, and pass the bill along each year, however this sort of arrangement can become problematic when you want to cancel the service, or move to another provider.

If you're having an agency or contractors build your site for you, and they become unresponsive, you risk losing the domain if you also let them manage it for you. By keeping the login to your domain manager to yourself, you can cut ties with rogue third-parties and move to a different provider.

Extend your domain registration

Most domain registrars will let you extend your registration for around $12 USD per year for .com domains. This lets you remove the risk of your automatic renewal not going through by manually renewing.

For example, AWS offers the following:

AWS Extend Domain Registration

Considering the amount of money domain squatters will try to get from you if you let your domain expire, it's a pretty good deal.

Be aware of any TLD-specific rules around renewals

While it's great fun to grab a domain from a country half way across the world from you so you can spell out your brand, different countries have different rules around domain renewals.

As an example, Spain (.es) charges a renewal fee on top of an annual fee. As well as that, if you let the domain expire, there's another renewal fee that ranges from 30 USD to hundreds of dollars (depending on your registrar).


OnlineOrNot is a monitoring service for websites, APIs, web apps, and scheduled jobs/repeating tasks.

Learn more about OnlineOrNot.