Who controls your digital products?

If you were an 80s kid, you probably remember this PSA.

I want to make a new one for the digital age. Do you know where your digital products are?

---

Today’s post is super important, and it is filled with tales of woe. Stories of people who were trusting, or forgetful, or busy… or all of the above. And lost access to their domain, their hosting, their website, or their social media accounts.

How to avoid losing your domains

Let’s start with a few tales of woe. These are real situations that I have encountered. A new client came to me because they lost their website. When I went to the domain for the website, a writer’s website, I was greeted with pornography. Whoops! That’s not right. The domain had been allowed to expire and someone had scooped it up… and directed it to porn.

I have seen this exact scenario played out in multiple ways. The porn was an extreme one. But I’ve seen domains purchased and redirect to spam, gambling, and any variety of uncool websites.

I’ve also had a situation where the domain was purchased and then held for ransom. That’s right, someone bought it and tried to sell it back to the original owner for a big profit.

These situations are more common than you think, and it happens for a few reasons, but I have some tips to make sure it doesn’t happen to you.

When you own a domain, it is registered with a company somewhere. This could be GoDaddy, Register.com, NameCheap, etc. You can buy domains from a lot of places and honestly, it mostly doesn’t matter where you buy it so long as you know where you have it registered and have access to that account.

Do you know where your domain is registered?

It is so easy to forget where you bought a domain, especially if you paid for 5 or 10 years up front and haven’t had to think about it. But eventually something will come up and you will need to login. Most often this is when your payment method expires. Sometimes you need to make changes to your DNS for your website, emails, or other app. So having access to this account is key.

If you don’t know where your domain is registered, don’t feel bad. This happens a lot. The first step is to find out where it’s registered. A handy dandy tool is the ICANN Lookup. When you visit this site, you can enter your domain name and see details about it’s registry, and usually it’ll tell you where it’s registered. For example, if you go there and enter sumydesigns.com, you can pull up details about the domain and if you scroll down enough, you can see it’s registered at GoDaddy. If I was trying to access my domain and I saw it was at GoDaddy, I could visit godaddy.com and try to login, try to reset my password, or even call them to regain access to it. These steps work for almost any domain registrar.

The hiccup here comes when someone else registered the domain for you and now you don’t have access or control of it. Hey, don’t beat yourself up. This was a pretty common practice for web design agencies to purchase domains on behalf of their clients. I used to do it myself because as a convenience for my clients. But the trouble was, if a client needed access to it and I wasn’t around, they were stuck. And this didn’t sit well with me.

If you had your developer or assistant or friend buy your domain, it is time to set up your own account and transfer that domain into it. Like I said above, where you register it is less important than knowing where it is and having access to the account. There are a lot of places to register it, but I’ll share this set of instructions from GoDaddy to help you get control of your domain if someone else has it in their account.

Another situation arises when folks accidentally set up more than one account for domain registrations. I’ve seen an account that had 10 domains and then the person had a separate account at a different domain registrar with just one domain. Why were they all not together? I don’t know. Usually that happens when domains are purchased at different times and someone forgets they have another account somewhere else. I think it’s usually a good policy to keep all your domains in the same account unless those domains below to different businesses that need to be kept separate.

Other domain issues

• Your credit card expires. This happens a lot. You have your domain registered, and you have it on auto renew, but your credit card expired and didn’t get updated. Keep this up to date. If you get a new card, login and update it.
• You missed the renewal emails. Every domain registrar will send a lot of emails to remind you to renew your domain. They don’t want you to lose it. And if it does expire, there’s a redemption period where you can get it back before it’s released. But if you aren’t getting those emails, you may not notice.
  • Are the emails going to spam? Check your spam folder to see if your domain emails are there.
  • Did your email change? This one is super common, people get new email accounts and forget the one they used to set up their domain account. If this happens to you, resetting the password won’t work if you don’t have access to the old email anymore.
  • Did you miss it because you get a lot of junk messages from your domain registrar? This is common too. But you can login to your account and control the communications you get from your domain registrar. You don’t have to get all the junk, turn those off and select to only get communication about your products.

In conclusion, make sure you own your domain, it’s in your own account, and you know how to access it. You may rarely need to do that, but it’s a good policy.

---

How to avoid losing your social media accounts

How can someone lose their social media account? I wish these tales of woe were not true, but unfortunately they are. One day I was on Facebook and I happened to notice that a client of mine, one that provides services for the community, was selling pet food on their Facebook page. Now, this client did not sell pet food.

I immediately sent a message to ask what was going on. Not only were they selling pet food, but they were getting a lot of sales.

Upon digging, an employee with Facebook admin access had their Facebook account hacked, and they hacker started selling pet food on their page. We were able to remove their access and get it under control, but this was one of the few situations where a resolution was easy.

In another situation, a Facebook account was hacked. The hacker then added a new admin to their Facebook page and removed the existing ones, so the only person with access was the hacker. And that Facebook page started posting unfortunate posts on the page. This one took a lot of work to undo, which involved contacting the Facebook authorities, which is not easy, and then providing proof that the page was yours to begin with.

And finally, another situation when an employee set up the business page, moved to another state, and got a new email address. The business couldn’t reach this person anymore because they had changed their email. And so they couldn’t regain access to their page. The page still existed. Nothing bad happened to it. But they couldn’t post it anymore and eventually the solution was to create a new page.

Tips for keeping your page secure

1. Always be the owner of your accounts, don’t have someone else set it up for you. You can grant access to people who need it, and you can manage their level of access. If you want employees to post, that’s fine, add them as an editor but not as an admin. There are levels of access for almost every situation, from occasional poster to advertising manager.
2. Add a backup admin on your page. Someone you know and trust, not an employee who might leave. This person should have admin access to the page. This way something happens to your Facebook account, someone can always grant you access to your business page again. If you have a business partner, that’s a good option, but I’ve even seen people add their mom.
3. Use a super secure password, and change it regularly. Your password should not include your kids’ names, your dog’s name, your birthday, or anything like that. It should be at a MINIMUM 12 characters (I like 30!) and it should use letters, symbols, and numbers. You may be asking how you will remember that and my response is if you can remember it, it’s not secure. Sign up for a password manager like LastPass to track passwords for you. And using two factor authentication is never a bad idea.
4. Don’t click on suspicious messages or links. I have seen honest to goodness PhDs click on links they got in Facebook messenger and have their entire Facebook account get hacked.
5. Set up Facebook Business Manager. Creating a page for your business is one thing, but you can also create a business manager to own and manage your business tools on Facebook. It can help you control and organize your business, allows you to create and manage people, ads, and more. If the page is “owned” by a business manager, it’s much less likely to be lost to a hacker.

I used Facebook for my example here, but these apply to all your social media accounts. Use secure passwords, make sure you have access to all the accounts, use two-factor authentication, don’t share passwords, and don’t grant admin access to anyone you don’t know and trust.

---

How to avoid losing your website

Lost websites happen too. And for a lot of reasons. Many are similar to the things I wrote about for domains, but here are a few reasons why people lose their websites and how to avoid it.

You don’t have access to your web hosting account. Be sure you set up and own your own web hosting, and you know how to access it. The most common problem I see is when a credit card expires and so the web hosting account is suspended. If this happens long enough, your entire website will be deleted and you can’t even restore it.

Your developer set up your hosting and disappeared. “I can’t get my web developer to respond to my messages” is a sad tale that I hear more often than I’d like. Another reason you should set up your own hosting and have it in your own account.

Your website got hacked. This can happen. There is no 100% bulletproof way to avoid it, but I do have a few tips.

• Use strong passwords. Seriously.
• Make regular backups. I am a backup of a backup of a backup kind of person. I have trust issues. But you should be making a backup as frequently as you update your site. If it’s once a month, then you need a once a month backup. And store those backups somewhere other than your web host! The first thing a hacker does when they break in is delete those backups. Ask me how I know? Off site backups are super important.
• Set up security precautions. Many hosts, like my favorite Kinsta, have a lot of security built in. I don’t know why other hosts don’t do this. If you pay $4 a month for hosting, that’s probably why. Cheap hosting requires more security interventions. I typically add and configure iThemes Security on sites on less secure web hosts.

An email tip for you

A lot of folks lose access to their accounts because they set up new email and cancel old email accounts. When that old email account is associated with a digital account, you will have effectively given up the ability to reset your password because you can’t access the password reset emails sent to that email address anymore.

There is no issue with you changing email addresses or getting a new email address, but never give up access to an old account because you never know when something will arrive there you need. What I recommend is setting up a redirect of the old emails to come into your new inbox. That way you still get those emails just in case.

Final Thoughts

I know this is a book of a blog post, but I’ve been hurt so many times. I never, ever want someone to lose their website, their social media accounts, etc. Not only is it stressful, but it can be harmful to your business. And it’s a hassle to try to undo!

Your website will have at the very least a domain and web hosting. My advice to you today is if you don’t know where those are set up, find out today. Write that information down. Put it in a place you’ll remember. It’s not uncommon for your domain and web hosting to be in the same account. It’s fine to do that. Just know how to access it.

Use secure passwords. Don’t share passwords. Grant access levels appropriately.