Overview
Your domain is valuable — protecting it from unauthorized transfers is essential. WHMCS includes several built-in features that help keep your domain secure.
1. Enable Registrar Lock
The Registrar Lock prevents unauthorized domain transfers. It should always be turned ON unless you are intentionally transferring your domain.
How to enable it:
- Log in at billing.vexoweb.com.
- Go to Domains → select your domain.
- Look for Registrar Lock.
- Ensure it is set to Enabled.
2. Keep WHOIS privacy enabled
WHOIS Privacy hides your personal details from public databases. This prevents attackers from knowing your contact email or using social engineering to steal your domain.
- Open your domain page → Enable ID Protection.
3. Use a secure account password
Your VexoWeb account controls your domains, so use:
- A long password (12+ characters)
- Uppercase + lowercase + numbers + symbols
- No reused passwords from other websites
4. Enable 2FA (Two-Factor Authentication)
This adds an extra layer of protection for your account.
How to enable 2FA:
- Log in to billing.vexoweb.com.
- Go to Account → Security Settings.
- Select Two-Factor Authentication.
- Scan the QR code with Google Authenticator or another app.
5. Keep your contact email secure
Domain transfer approvals are sent to the email address associated with your Registrant. If someone has access to your email, they could approve transfers without your knowledge or consent.
- Use a strong email password
- Enable 2FA on your email account
- Keep recovery methods updated
6. Never share your EPP/Auth Code
The EPP code works like a password for your domain. Only share it when you intentionally transfer your domain.
7. Monitor your inbox for transfer requests
If you receive a “Transfer Request” email you did NOT initiate, reject it immediately and contact support.
8. Keep your billing invoices paid
Expired domains may fall into Redemption or become available to the public, opening the risk of domain loss.
Need help?
If you suspect unauthorized activity, open a support ticket immediately. Our team can check transfer logs and lock your domain for protection.
