WHOIS is a public database that stores registration information for every domain name, including the registrant, expiry date, nameservers, and contact details.

Why is WHOIS important for security?

WHOIS reveals if a domain is about to expire (risk of hijacking), whether privacy protection is enabled, and if nameservers are correctly configured.

How do I protect my WHOIS information?

Enable WHOIS privacy through your domain registrar, turn on registrar lock to prevent unauthorized transfers, and set up expiry date reminders.

What is WHOIS? Domain Registration Security Guide

WHOIS is a public database that stores registration information for every domain name on the internet. It records who registered the domain, when it expires, which nameservers it uses, and contact details for the registrant. While it may seem like simple administrative data, WHOIS records are critical for security.

Why WHOIS matters for security

An expired domain can be registered by anyone, including attackers. If your domain expires and someone else registers it, they control all email sent to your domain, can impersonate your business, and can intercept traffic intended for your website. Domain expiry is one of the most preventable yet damaging security failures.

Key WHOIS security checks

1. Expiry date monitoring. Know exactly when your domain expires. Set calendar reminders at 90, 60, and 30 days before expiry.
2. Privacy protection. WHOIS privacy hides your personal contact details from public view, reducing targeted phishing and social engineering attacks.
3. Registrar lock. Enable registrar lock (also called transfer lock) to prevent unauthorised domain transfers.
4. Nameserver verification. Ensure your nameservers point to your actual hosting provider. Unexpected nameserver changes can indicate a domain hijack.

Common WHOIS risks

Domain expiry. The domain lapses and is re-registered by a malicious actor. They now control your email and web traffic.
No privacy protection. Your personal name, address, and phone number are publicly visible, making you a target for social engineering.
No transfer lock. Without registrar lock, an attacker who gains access to your registrar account can transfer the domain away.
Suspicious nameservers. Nameservers pointing to unexpected providers may indicate DNS hijacking or misconfiguration.

How CQwerty Shield checks WHOIS

Our RECON agent automatically queries WHOIS records for your domain and checks registration health, expiry dates, privacy protection status, registrar information, and nameserver configuration. If your domain is expiring soon or lacks privacy protection, we flag it in your report with specific recommendations.

What is WHOIS and Why Does It Matter for Security?

Why WHOIS matters for security

Key WHOIS security checks

Common WHOIS risks

How CQwerty Shield checks WHOIS