Where is your website domain name and hosting?
We always ask new clients: “Do you know where your website domain name and website hosting are?” So often they say “No”. But it’s really important to know and here’s why.
One scenario that crops up more often than it should is when an organisation decides to build a new website, but then discovers they don’t know who owns their domain, where it’s accessed or even where the hosting is. This means that any new website that has been commissioned can’t go live until all these questions have been answered.
An experienced website design company will ask these questions as part of early project scoping. If they don’t, make sure you have the info to hand (…but also ask them why they haven’t asked for it as it’s kinda important!)
Not knowing where your domain is hosted is a bit like living in a house that you think you own. When you need to make some changes, you find that the deeds are in someone else’s name – and you don’t know how to contact them.
Often a situation like this arises because the owner of a domain name is someone who is no longer employed by the company. If you’re lucky, they might be easy to get in touch with and reasonably cooperative, but in other cases you might have no contact details (especially if they left under a cloud and have no interest in dealing with you). Other times, you might find it is in the name of your previous IT company.
First some facts:
- Your domain name (like www.aubergine262.com) is the key to your website, email and entire online presence. Sometimes, things like VPNs and other services use the domain, too. If your business does not control the domain, it basically means your website, email and entire IT infrastructure are in the hands of someone else and might fall apart at any time. Does your business have a contingency for that scenario?
- Your domain name won’t always be located where the website is hosted – often the domain will be in a registry account (such as GoDaddy or 123-reg) but the hosting (the place where all the website files live) is with another company, for example your current (or previous) web developer.
- Likewise, your hosting won’t necessarily be where the domain is or where your email provision is. Most likely it’ll be where your web developer set it up for you.
If any one of these things is allowed to expire (they are invariably annually renewable services) everything will stop – website, email – everything. Especially the domain.
From a security perspective, making sure you know where the access to these services resides and who has access to them is vital. In the event of a security breach – such as a website or email hack, or internal network breach – you need to be able to get fast access in order to sort the problem as quickly as possible.
Don’t forget, as part of the GDPR, you are responsible for the data of your website’s users and so the security of that data hangs in part with access to the domain.
Your organisation’s domain name is heavily linked with your online digital intellectual property – it’s how Google knows how to find you through your website. If you wanted to sell your business or affect some changes that relate to the name or ownership of the business, you also need to make sure your business is the one who actually owns the domain name – this is especially true if you bought the company from someone else. And don’t think that just because the domain name has the same name as your company that you are entitled to it. Domains are owned by the first person who registered it and who then maintain the annual registration.
If you don’t own it, in theory you could take legal action… but that’s expensive and time consuming – and not always successful. Sainsburys are reported to have paid a high six-figure sum many years ago because they hadn’t had the foresight to understand how important online presence would become. The domain name jsainsbury.co.uk was registered by someone who used to work there and left. He didn’t do anything with it, but as it was registered in his name and he wasn’t purporting to be the Sainsbury website, it was legally his. They had to settle out of court to get control of it.
As I have mentioned, just because you use the domain name for website and emails, doesn’t mean it’s yours. But it does mean that, as the website owner of the content, you are responsible for what information is on there and what you say and the safety of your site’s users. If there’s a hack, you are responsible for the data on the website. You must report the hack to the ICO – even if the name of the person who actually owns the domain is your ex-web developer who’s now on a world backpacking trip.
What to do – our top tips
So, here’s what to do to ensure you have absolute control over your online footprint. These tips will take a little time but are well worth it.
1.Find out who owns your domain name (e.g. www.aubergine262.com). To do this, you need to find out who the registrar is. Go to www.whois.com and enter your domain name – it’ll give the name of the registrar. It might be a name you don’t recognise – if so, ask your web developer to look this information up. Once you have the registrar and have accessed the account, make sure the account is in the name of you or your organisation. Making sure the domain name is registered to you and your organisation is vital and forms a key part of best-practice IT guidelines.
If you really get stuck, each year (or two) you’ll get an invoice from someone that relates to the website – look for details on that (follow the money!) Unfortunately, if it’s a .com and the domain is in the name of someone that you can’t contact, the likelihood of getting control of it is zero. This is because there are no governing bodies that control .com domains. However, the UK is almost unique because we have Nominet, which covers all .uk domains. If your domain is one of these and in the name of someone you can no longer contact, Nominet can begin the process of re-establishing identity and ownership. It’ll take 3-6 months, but is possible. If you don’t know where to get help to find this information, contact us.
2. Find out who hosts your website. Ask your web developer where the hosting is. It’s important to know this in case they disappear off to Bangkok and you need to take it over or move the site files to a new host. If you can’t do this, use free online tools to run DNS lookups on your domain – that will return the owners of the servers and may help point you in the right direction. We often use www.dnsstuff.com or www.mxtoolbox.com. Another method is to login to where you think your domain is registered. It should show you where the domain is pointed – often it’ll say whether the hosting is in that account or offsite with another provider.
3. Email – find out who provide the email service. Your organisation’s email may have the same host as the website or it may use Google (aka GSuite), Office 365 (aka O365) – or maybe you have an IT department that manages the mailservers. Either way, knowing where the service comes from is vital and you shouldn’t do any changes to hosting or domains until you know – if you did, in the worst case scenario your email could just suddenly stop and you wouldn’t know who to ask in order to get help.
Once you have the answers to these three questions, document them and save that document somewhere safe – we often refer to this as an ‘Armageddon’ document, but it’s useful to make sure it’s all noted down from a best practice IT Governance perspective as well. Maybe don’t save it with the passwords though, instead you could write a password hint if you think you’ll need it. It’s not essential to do that though – passwords can always be recovered (once you know where to ask!)
With this document to hand, every time you want to do some website changes – whether it’s building a new site, moving it to a new provider or changing the business name or structure – you won’t have to panic. As ever, if you need help with any of the points we’ve covered, get in touch.