Beginner Blogging Basics

Hello! Are you curious about whether it is smart or necessary to spend an extra $10 or $15 per year on GoDaddy’s additional Privacy Protection offers? I check out all three options below!

Basic VS Full Domain Privacy & Protection

Basically, at checkout, GoDaddy presents you with this choice:

Clicking “View Details” on “No Thanks” shows you:

Your domain comes with Basic Privacy Protection. Your personal data will be redacted in our WHOIS directory. But your domain will not be protected against accidental expiration & malicious transfers.

So, let’s talk about WHOIS directory redaction. The WHOIS directory is just a list of who owns what website. GoDaddy actually already redacts most of your information with their free/ basic privacy protection. With the additional $10 Full Privacy & Protection offer, GoDaddy will redact your state/province of residence and your company or organization- if you list one. All your other information is already redacted with the free option including your name, address and phone number.

Next, let’s discuss “accidental expiration.” What GoDaddy means when they talk about “accidental expiration” is that if your credit card is expired or for some reason the payment doesn’t go through when it’s time to renew your domain, GoDaddy will provide a grace period for you to get your credit card updated and put your payment through again. I spoke to customer service and they said the grace period is 90 days. Personally, I don’t feel that this is valuable because GoDaddy accepts PayPal, and if one payment method fails, PayPal will try the next payment method. I have 3 methods of payment on PayPal- one debit and two credit cards. If my PayPal fails, I have bigger problems that a lost domain! haha

GoDaddy Customer Service chat about Full Domain Privacy & Protection

Finally, GoDaddy warns that you won’t be protected against malicious transfers if you choose the free, basic privacy protection. In fact, they state that 170k thefts are attempted each year! That can be scary!

It is possible to have your domain hijacked or stolen and that is awful. There are lots of security measure that you can take to protect yourself that I will discuss in an article I am working on. So, if you’re interested in seeing that, please subscribe! Personally, I like the idea of domain monitoring, but to be honest, I imagine that if my domain were hijacked that I would notice. Maybe I am misunderstanding the additional options GoDaddy offers, but to my knowledge, what they provide is a monitoring dashboard.

GoDaddy Monitoring Report feature offered with Full Domain Privacy & Protection

GoDaddy Suspicious login warning — This is what it looks like if they find a suspicious login. This was a false positive. I was not logging in from a new device (and did not use VPN). But at least I got this screenshot to show you!

To be fair, I even reached out to customer service to ask for more specifics about how malicious transfers are prevented. I was hoping for a more technical answer, so if you know more, please reach out to me!

As you can see in the first screen shot, I ask how they prevent malicious transfers and they say it is prevented via two-factor authentication. They also mention that Full Domain Privacy & Protection “puts your domain on lockdown” and “Deadbolt Transfer Protection” in their advertisement of the Full Domain Privacy & Protection product, so I was curious about that. They said they “have eyes on your domain,” which I believe is in reference to the monitoring report you can get if you click on the “Manage Protected Registration” button in the “Domain Settings” area. At the bottom of the second screen shot you’ll see that they direct me towards an article. Here is the link to that– Although, I imagine if you’re here, you’ve already seen it, as I had as well.

I think that there is one more feature that I haven’t mentioned yet, then there are some comparison videos below. The basic and the Full DP&P have an option in the dashboard to turn off “Domain Lock.” which prevents domain transfers. With my basic site, I was able to easily toggle this option on & off.

However, with my site that has Full Domain Privacy & Protection, there is a button that you have to press as shown in the above photo. If you click “Remove Protection”, it takes you to the screen shown below. I clicked the “Yes, I consent to remove protection for the selected domain.” button. Then, it brought me back to a screen that said “We’ve removed Protected Registration from your domain. This may take a minute or two to update on your account.” That was pretty easy, in my opinion. I wonder if there was something going on behind the scenes to verify my identity. Now, I can just toggle off the Domain Lock button like in my unprotected domain.

Clicking “View Details” on “Full Domain Privacy & Protection” shows you:

Protects against domain hijacking and malicious transfer.
Prevents accidental domain loss due to an expired credit card and other billing failures.

I wanted to understand the exact differences between the two offerings, so I bought one domain with the $10 “Full Domain Privacy & Protection” and one domain with no extras.

In the video below, you’ll see the dashboard differences between the Basic/ Free Privacy Protection and the Full Domain & Privacy Protection. It is sped up in places, so feel free to pause it if you need to spend more time reading the headlines or seeing the extra options.

The Difference between Full Domain Privacy & Protection by GoDaddy and basic/ free options automatically provided by GoDaddy.

I also checked my WHOIS details in the public directory, as shown below:

This video shows the difference between ICANN WHOIS public directory listings for GoDaddy users who select the free Privacy & Protection offer vs the $10/year Full Privacy & Protection offer

Full Domain Privacy & Protection vs Ultimate Domain Privacy & Protection

Then, there is also Ultimate Domain Privacy & Protection, which includes all the benefits of Full Domain Privacy & Protection plus: “automatic malware scans & continuous security monitoring” and monitoring of “blacklists for Google and other search engines to make sure your website appears in search results.”

Clicking “View Details” on “Ultimate Domain Protection & Security” shows you:

Provides Full Domain Privacy & Protection.
Protects your domain with automatic malware scans and continuous security monitoring and notifies you if anything is wrong.
Monitors search engine blacklists to ensure your domain reputation is protected.

The WHOIS registration benefits are the same between the “Full” and “Ultimate” options. The additional benefit is in the malware scans and blacklist monitoring.

I had to make sure that the options described by the advertisement were the only ones offered by GoDaddy since they advertise their Ultimate Domain Protection product in this article entitled “How Can I protect My Domain Name” and in this page, they talk about the Ultimate Domain Protection and Security product and link out to their Web Security product stating that “This [Ultimate] option includes all the features of Full Protection, along with our Website Security Basic.” If, however, you open the linked webpage, you’ll see 4 options, none of which are “Basic.” That’s because the Basic option only includes the malware scans and blacklist monitoring already listed and none of the additional features on the linked website. I had to make sure, so I asked customer service. In this conversation, I did mention the linked webpage, but it was a lengthy conversation overall- here is the most pertinent screenshot.

Of course, I had to try the fancy Ultimate Domain Privacy & Protection offer!

I see a new area in my dashboard now that looks like this.

If you click Set Up, it quickly (in seconds for me) sets up your site. Then it brings you to a screen that says that your site has been scanned for Malware and has none, (hopefully!) and that your site does not appear on any blacklists.

Then, after you “x” out of the pop up screen with the scan results, you’re taken to a screen that looks like this. I have not yet enabled backups, but if I do, they’ll show up here. And, as you can see, my monitoring is on. NOTE: Backups are not included in the Ultimate DP&P plan. They are an addon.

As far as Malware scans go, I actually love the JetPack plugin for this, it’s $99 a year, but comes with amazing customer service and backups too! But there are tons of options out there including WordFence, which has a free version.

I, personally, don’t find the blacklist monitoring useful. The only reason your site will get blacklisted is if your site is a security risk to those who visit it. If your site is infected, or you personally are doing something scammy (which I know, you, dear reader, are not going to do!!!) Google will blacklist you. So, just keep your site healthy and do the awesome things you wanna do and you’ll be good in the watchful eyes of Google. OK, I’ll admit- there is a possibility that your site could accidentally be flagged, but you could easily find this out on your own by going to https://mxtoolbox.com/blacklists.aspx to check to see if your domain is on any of the blacklists they check. Of course, you won’t know immediately, but usually your first clue that your site has been blacklisted is a 90% drop in organic traffic. I think you would notice that first. Then, you could go to a site like MX Toolbox and check to see if your site has been blacklisted. They also offer services to help you get your site off these lists, but that is a post for another time.

Why you might want to choose to upgrade to Full Privacy and Protection:

I actually like that GoDaddy redacts the state I live in with the “Full” option. Truth be told, it is not hard to find out that I live in Memphis, Tennessee, if you’re looking- but you have to look! I really don’t know why I like this additional redaction. Maybe it just looks cleaner on WHOIS and it’s an aesthetic thing. I just made myself laugh. I learn new things about me every day. Another reason to choose the extra privacy protection is the spam filter. Especially if you have a popular website, I can recommend the spam filter. You could get all sorts of spam, with potentially malicious links and phishing inquiries if you don’t have the extra spam filter, and it gives a little extra piece of mind to have it. However, if your current email provider has a good spam filter, it’s possible that you wouldn’t need this additional feature.

Why You might want to choose Ultimate Privacy & Protection:

If you don’t have any security plans for your website, a basic Malware scan is a good to have. I imagine that you have security plans, and they can include GoDaddy, but I must admit that there are more affordable providers out there. If you’re not interested in doing any backend integration at all though, GoDaddy is very convenient.

Conclusion:

I think that these extra options are largely optional. While some of them offer additional piece of mind, and require no additional setup on your part, almost all of them can be achieved by other means either for less money or free. I do stand by my opinion above about the spam filter and additional redaction on the WHOIS directory, so I will personally be keeping the “Full” Domain Privacy & Protection once the term on the Ultimate one I bought for this blog post runs out, but I think there are people out there who could do just fine without. At the end of the day, I hope I have given you enough information to make up your own mind about it.

Please let me know what I can do to improve this article if you have any advice. I spent many hours trying to find this information and even a couple of hours over a few conversations chatting with customer service.

I hope you found this useful, and if you did, I would love for you to share it with your communities that might find this information useful too.

Thank you so much for reading! I hope to see you again! And if you’re interested in more in-depth advice on creating a blog you’ll love, subscribe! I have a few articles in the works already!

PS: If you are thinking about using GoDaddy, use this link for 30% off. It’s actually not an affiliate link, but I hope to be invited to their program soon 🙂

Hello friend!! Hope you’re having a fantastic day today! This is my first real post on this blog and I am so excited to share these tips on how to protect your domain from hijackers!

It’s so important to make sure your domain isn’t hacked. First off: It’s YOURS! You own it- and it’s worth more than you think! It’s probably not been flagged by spam detectors, so a hacker could use it to send spam emails, or to get people to click malicious links to malware or simply to extort money from you! I’m not going to pretend to understand the criminal mind, but thousands of domain thefts are attempted each year, and some of them do succeed. It’s devastating, and none of us want to find ourselves in that situation.

Not to worry though! Just follow these tips on how to protect your domain from hackers and you will be taking major strides in making it hard- if not impossible- for someone to hijack your domain.

1. Create Strong Passwords

Personally, I think this goes without saying, but brute force password hacking attempts are very common and that’s why it’s important to create a strong password to thwart potential hackers.

Hackers are dangerously good at guessing dictionary-word passwords. And we continue making it easy for them by using some of the most common passwords, like this list from 2019.

Here’s a list I made from checking out Wikipedia’s report on the most commonly used passwords during the past decade.

List of most used passwords over the last ten years

Choosing a strong password can be easy. You can let your Chrome browser choose them for you, which will simply be a random selection numbers, letters and symbols. Chrome will remember them for you. If you prefer the Apple ecosphere, Safari can generate & remember passwords for you too.

As a general rule, the longer the password, the harder it is to crack. Anything over 11 characters is safe, less than that and a determined hacker could get in. The chart below shows times to potentially crack a password made of lowercase letters only.

Amount of time it takes to cracks a password if it is only made of lowercase letters

Adding capital letters or special characters and numbers can increase the time it takes to crack your password exponentially. This is because these types of characters increase the entropy of your password. Follow these tips and you can be sure to thwart criminals and protect your domain from hijackers.

2. Choose a good registrar

Make sure your registrar is ICANN Accredited. Here is a list of all ICANN accredited registrars. ICANN is the organization that coordinates web addresses throughout the world. This way, each web address is different and your computer knows where you want to go when you type in Google.com. That is a specific address and there is no other “Google.com” you could be sent to other than the one we know. There would be no world-wide-web if ICANN did not make sure that each website has a different web address.

It’s important that they be ICANN accredited because ICANN is a regulatory body that has processes in place to protect the malicious transfer of your domain. They also may be able to provide you with advice or assistance if your domain if it has been stolen.

3. Make Sure Your WHOIS Information is Up-To-Date

Because your EPP code (the code that you’ll request from your domain registry if you ever want to change domain registries) can only be sent to the email address publicly listed in the WHOIS directory, it’s important to keep that information up-to-date! If you lose access to an email address or if your email address changes for any reason, be sure to change it in the WHOIS directory. Not only is this important for security purposes, ICANN could actually suspend your domain if it finds that your information is incorrect.

4. Keep Information On-File That Proves the Domain Belongs to You

If you bought a business that came with a website, or you have legal documents or payment records, even tax filings, all of these things can serve as proof that the domain name belongs to you. You can start a little file now just in case you need these in the future!

5. Beware of the Scam Email

Most people already know this, but if you get an email and it says “Urgent, Your Account is in Danger” and it asks you to click a link and sign in: DON’T DO THAT! If you have concerns about your account, go directly to the website of your registrar, sign in that way and/or call your registrar directly. Don’t click random links in emails.

6. Make Sure You Have A Security Plan

WordFence is a FREE plugin for WordPress that you can use when you first start your site to help protect it. A total of 10 brute force login attacks have been prevented so far on this site, so far! JetPack also provides security with a premium subscription along with other perks at $99/ month. But there are LOTS of ways to secure your site both free and paid, and it’s important to have a security plan for your site. That’s a post for another day! I’ll update this once I write it!

What Is Done To Protect You?

No one wants your domain to get stolen. No one. Your registrar doesn’t want this to happen, ICANN doesn’t want this to happen and you don’t want this to happen. So, in addition to the things listed above that can help prevent your domain from being stolen, there are people and organizations out there working to protect your domain from hijackers.

ICANN protects your domain by preventing transfers for 60 days after registration or any other transfer. This means that if you buy a domain, you can’t transfer it until 60 days have passed. This also applies if you transfer your domain. Once the transfer is completed, it can not be transfered for another 60 days. This protects you because you’re likely to notice within 60 days if your domain has been stolen and can report it. However, if a thief were to hijack it, and move it from registrar to registrar, retrieving it would involve all the registrars making it more difficult.

Registrars are there to protect your domain too! EPP (Extensible Provisioning Protocol) transfer codes are required by registrars when transfering domains. EPP codes may only be sent to the email address listed in the publicly-available WHOIS record. This protects you too! This way, only you can receive the EPP code required to transfer your domain!

I hope this article has helped you think of ways to protect your valuable domain from hijackers! I hope you never need to prove that you own your domain or that you receive fishy phishing emails, but the criminals are out there every day.

Please let me know in the comments if you have any tips for me and what you think in the comments below! Let’s learn from each other! Thanks for reading!