Each account has an option to enable additional security feature for domain push. NOTE: Do not mix up Push authorization code with Transfer authorization code (EPP). The latter is needed only for domains transfer between registrar, while the Push auth code is needed when transferring domains between Namecheap accounts If you would like your account to accept any domain pushed to your account, please select "Allow All" under Push Security Settings in Manage Profile section. If "Requires Authorization" option is selected, a code will be required for domain push to your account. "One time use code" is valid one time only and gets reset after being used. You can also set a permanent code for domain pushes to your account.

You can renew your domain at any time through your Namecheap control panel. In order to renew your domain please do the following:

• Sign in to your Namecheap account
• Click on your username - it will be on the black bar located at the top of the page
• Click on Manage Domains
• Click on the domain name you wish to renew
• Find Add More Years to Domain option in the left side menu
• Select the number of years you wish to renew your domain for and proceed with the checkout

If the domain name is expiring within the next 30 days or less, you can renew it by clicking on Renew Now red flag next to the domain name in your domains list.

Once the domain is expired it disappears from your list of domains. However, you can still reactivate most of the TLDs during 27 day grace period at a regular renewal price following the instructions below:

• Sign in to your Namecheap account
• Click on your username - it will be on the black bar located at the top of the page
• Go to Manage Domains
• Choose Reactivate Domains from the left side menu
• Select the domain, click on Add To Cart button and proceed with checkout

After expiration, domain name can be reactivated for 1 year only. If the domain cannot be found under Reactivate domains then it has most likely passed the expiration grace period and is now in the redemption period. More details on how a domain was placed in this status and recovery costs can be found in this knowledgebase article. Alternatively you may submit a ticket or contact us via live chat with us for further assistance.

Internal Protection “.htaccess” (Manual setup). This part is applicable only for cases, when you wish manually set up all the necessary settings and rules. All these settings can be done automatically with secure plugins (especially BulletProof Security). We recommend using the secure plugins first and only if they fail to deliver necessary control, perform manual configuration. If you do need to make specific changes to the .htaccess file manually, kindly use the guide provided below: .htaccess (hypertext access) is the default name of directory-level configuration file specific for web servers running Apache It is the one most often modified when dealing with redirects and is often used to change file types to make them executable. It is also the one you will be using to harden your environment. To protect it you apply a few simple rules:     Set Low Permissions Deny Access Apply Low Permissions The basic guidance for permissions is simple, the lower the number the harder access becomes. Good rule of thumb is keep the number as low as possible where the performance or functionality is not impacted. For most users, setting it to 640 will grant level of access that you need. Add .HTACCESS Directives What’s important to note here is that this only works if the attack is external. This won’t protect you from internal attacks (if entire cPanel accout is hacked, for example) This is the .htaccess directive you can use: #PROTECT HTACCESS <Files HTACCESS> Order Deny, Allow Deny from All </Files> Note: This only protects the file from external access.   - Disable directory browsing If you do not want to allow your visitors to browse through your entire directory, simply add the piece of 2 lines in your .htaccess in the root directory of your WordPress blog. # disable directory browsing Options All –Indexes   - wp-config file protection. Wp-config.php is important because it contains all the sensitive data and configuration of your blog and therefore it should be locked through .htaccess. Add the code below to the .htaccess file in the root directory: # protect wp-config.php <files wp-config.php> Order deny,allow Deny from all </files> The code denies access to the wp-config.php file to everyone.   - Access to wp-content directory Wp-content contains all content for your WordPress installation. This is a very important folder and it should be secured. Users should be only able to view and access certain file types like images (jpg, gif, png), Javascript, css and XML. Place the code below in the .htaccess file within the wp-content folder (not the root). Order deny,allow Deny from all <Files ~ “.(xml|css|jpeg|png|gif|js)$”> Allow from all </Files>   - wp-admin files Wp-admin should be accessed only by you and your fellow bloggers (if any).  You may use .htaccess to restrict access and allow only specific IP addresses to this directory. If you have static IP address and you always blog from your computer, then this can be a good option for you. However, if you run a multiple user blog then either you can opt out from this or you can allow access from a range of IPs. Copy and paste the code below to the .htaccess in wp-admin folder (not root folder) # deny access to wp admin order deny,allow allow from xx.xx.xx.xx # This is your static IP deny from all The above code will prevent browser access to any file in these directories other than “xx.xx.xx.xx” which should be your static IP address.   - Prevent script injection. To protect your WordPress blog from script injection, and unwanted modification of _REQUEST and/or GLOBALS copy and paste the code below to your .htaccess in the root # protect from sql injection Options +FollowSymLinks RewriteEngine On RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR] RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) RewriteRule ^(.*)$ index.php [F,L] We sincerely hope this article helped you enough in securing your web-site.

This article will provide you with 4 easy steps to optimize your WordPress blog. If you follow them you will get better performance of your site and will minimize usage of server’s resources: 1. Reduce the number of posts on the main page of your blog. This will speed up the loading of your blog in the browser and will optimize its work on the server. The best number of posts will be around 5-10 posts on the page. 2. The important thing is to have Caching plugin installed for your WordPress. This plugin generates static html files from your dynamic WordPress blog. After an html file is generated your webserver will serve this file instead of processing the comparatively heavier and more resource expensive WordPress PHP scripts. You can download Caching plugins on its official pages: Super Cache - http://wordpress.org/plugins/wp-super-cache/ W3Total Cache - http://wordpress.org/plugins/w3-total-cache/ The main point of its work is to reduce the usage of server’s resources while WordPress loads in the browser. Caching plugins will help you to make your blog load quickly and make it more attractive to browse for people with low connection speed. Installation process of plugins is described here: http://wordpress.org/extend/plugins/wp-super-cache/installation/ and here: http://wordpress.org/plugins/w3-total-cache/installation/ . It is really easy to setup these plugins and the main advantage of it – is that you install it once and forget about it – it will work without any further actions from your side. 3. As an alternative to Caching plugins, we suggest using CloudFlare CDN that servers for the same purposes but makes its caching in another, sometimes even more efficient, way. In order to power your Wordpress with CloudfFare, please follows the steps in this tutorial - How to enable CloudFlare for your hosted domain name. 4. Also you can have anti-spam modules setup for your WP blog. We recommend you to use Akismet plugin. It is the most useful one as it has powerful system of spam detection and it is easy to work with. You can read more about Akismet itself and about its installation on the official WordPress page: http://codex.wordpress.org/Plugins/Akismet 5. We would also recommend you to check the DataBase of your WordPress site once a week and remove unnecessary records to keep your WordPress database clean and up to date. This will also help to reduce loading time of your site and will decrease recourse usage as a result. In case you are not able to to that in phpMyAdmin, the easiest way to do that is to install another WordPress database management plugin that will allow you to optimize your database automatically. Please find the top DB optimization and management plugins below: Adminer - http://wordpress.org/plugins/adminer WP Optimize - http://wordpress.org/plugins/wp-optimize/ WP Clean Up - http://wordpress.org/plugins/wp-clean-up/ Participants Database - http://wordpress.org/plugins/participants-database/installation/

All files on servers have access permissions. They show to the operating system how to deal with requests to access such files. There are three types of access:

• Read - Files with read access can be only read by the user.
• Write - Files with write access can be edited by the user.
• Execute - Files with execute access can be executed as programs by the user.

These types of access are applied for three types of user groups:

• User - The owner of the file.
• Group - Other files which are in the same folder or group.
• World - Anyone else.

In order for your files to be displayed properly in a browser the following permissions need to be set: - For all HTML files and images the permissions have to be set to 644. Thus they will be readable by User, Group, and World + writable by User. These permissions are set automatically when files are uploaded. - For all folders the permissions have to be set to 755. Thus they will be executable by others: readable by User, Group, and World, writable by User, executable by User, Group, and World. These permissions are set automatically when you create a folder. - For all CGI files (all files in the cgi-bin folder) the permissions have to be set to 755. Thus they will be executable by others: readable by User, Group, and World, writable by User, executable by User, Group, and World. These permissions are not set automatically when you upload files. You need to change file permissions manually. It is important that none of your files or folders is writable by anyone else. Any file or folder which is writable by others can be erased by them. Generally there is no problem, just be careful how you set your permissions.

Why was my site blacklisted by Google?

Unfortunately, the majority of blacklisted web-sites are in reality legitimate websites into which hackers have inserted a malicious content. Here are some popular reasons:

1) Your HTML or PHP code was hacked;

2) The redirects to harmful and infected sites were inserted through iframes or JavaScript;

3) Flash .swf files were added to your web-site.

What is Malware?

It is a malicious software that is specifically created to gain access or damage a computer without the knowledge of the owner. Viruses, worms, and Trojan horses are examples of malicious software that are often grouped together and referred to as malware. Malware can open the access to your personal information, such as passwords and credit card numbers or alter your search results without your knowledge.

How to fix the issue:

Below are some suggestions on ways to resolve this issue if it is happening to your site:

1) Scan and remove the malicious content from your site. You can use a Virus Scanner option in cPanel or contact our Live Chatteam for a help.

2)Scan your PC;

3) Register and verify your site in Google’s free Webmaster Tools.

4) Sign into Webmaster Tools and check the Security Issues section to see details of sample URLs that may be infected;

5) Find the cause of the security issue and fix it. Otherwise, your site is likely to be reinfected.

6) Request a review in the Security Issues section in Webmaster Tools when your entire site is clean and secure. Once Google determines your site is fixed, they will remove the malware label.

Yes, we provide SEO and Marketing Tools with our shared, reseller and business hosting plans. These tools will help you to get more traffic and to show up in Google and other search engines. The services are provided by Attracta, the world's largest SEO service.

You can flush your local DNS cache in Windows by following these easy steps: 1. Open Start menu. 2. Click Run. 3. Type cmd and press enter. 4. In the command prompt type ipconfig /flushdns and press enter. It is advisable to clear up your browser's cache as well, instructions for most popular browsers can be found Windows Mac OS Mobile OS

You can push a domain to another Namecheap account in the following way:

• Sign in to your Namecheap account
• Mouse over your username at the top of the page
• Click on Manage Domains
• Click on the domain name you would like to push. If you need to push several domains, tick check boxes near the domains and click Edit Selected below
• Click on Push Domain To User on the left-side navigation bar

You will need to enter your account password for authorization and the destination username the domain will be pushed to. Please note that destination account user has an option to enable additional security feature. If it's enabled, you will be required to enter authorization code during the push. NOTE: Do not mix up Push authorization code with Transfer authorization code (EPP). The latter is needed only for domains transfer between registrar, while the Push auth code is needed when transferring domains between Namecheap accounts How to get the authorization code? Please contact the destination user to find out what the code is. The destination user should follow the steps below to get the code: - mouse over Namecheap username on the black bar at the top of the page; - click on Manage Profile; - click on Push Settings tab in the left-side navigation menu. If the option is disabled (i.e. Allow All is selected), please leave the code field blank during the push. If you are the owner of both original and destination accounts, copy the codefrom the destination account by following the steps above, log out and sign in to the original account. The push is free of charge, and the domain you push is not renewed. Also you should select whether or not you wish to change the contact information for the domain to the one of the new user. If you select to change it, the domain's contact information will be set based on the information available in the destination user's profile, otherwise your contact details will be left intact. Please mind that the push is final and we will not be able to reverse it. If you need the domain back you will have to contact the new owner of the domain.

Tips on how to prevent your account from being hacked The menace of hacking is a very serious issue for the today’s World Wide Web. It is really important to pay a lot of attention to security of your cPanel account. It should be well-protected against manual attacks as well as against automatized means of getting access to your hosting account. The security of our clients is of the highest priority for us. On our servers we have an effective firewall system along with a complex of other security measures. However, some aspects of cPanel account protection depend not on Namecheap but on the owner of the account. In this article you will find several useful tips you can use to significantly improve your cPanel account’s security.   1. Use safe username and password. This is a quite obvious thing but having a secured password is definitely among the most important aspects of web security. Some people set a password which is easy to remember in order to avoid keeping it somewhere except for memory. It is strongly recommended to avoid using passwords which consist of dictionary words, names of your relatives, friends or pets, important dates, cities, etc. These passwords are not secure as it is really easy to find such information about you especially if you have an account in any of social networks. In Internet security there is even a special term «social engineering» which suggests that some person can get your personal data without any additional means such as special software using methods of psychological manipulation. For example, some important personal data can be gathered during several online conversations with you by means of e-mail, forum, chat or in social network. So in case your password is a date of your mother’s birth then do not be surprised if your account gets hacked. Also, hackers have special tools for cryptanalytic attacks (also known as Brute-force attacks) which are intended to get your password. The main idea of such attacks is checking all possible words until the correct one is found. Such attacks can be successful if your password is a simple word from a dictionary. It is strongly recommended to use passwords which consist of randomly mixed low and capital letters, special symbols and digits. Such password’s length should be not less than eight symbols. You can use any special program for passwords generation as well as in-built cPanel password generator. It can be found in cPanel -> Change Password. Another important aspect is a cPanel username. By default in a hosting welcome guide you receive a generated username which consist of a part of your main domain name in complex with several random letters. cPanel username can be changed only by our representatives per your request in chat or ticket. There are some restrictions triggered by cPanel functionality. Your username can consist only of alphanumeric characters (digits are also permitted, however they are not permitted as the first symbol in the username). Also cPanel username cannot be longer than eight symbols. It is not recommended to change it to your actual name or nickname as this information can be obtained easily by any other person.   2. Change your password regularly It is strongly recommended to change your password from time to time. Also we advise changing the password right after receiving a hosting welcome guide e-mail. cPanel password can be changed in cPanel -> Change Password. By the way, we recommend checking «Allow MySQL password change» as this option lets you synchronize the password with the password for phpMyAdmin. Additionally, it makes sense to change passwords for your e-mail accounts as well. This can be done in cPanel -> E-mail Accounts.   3. Keep your username and password in a safe place. For example, avoid keeping your hosting welcome guide in the inbox of an e-mail account in case you are not the only person who has access to it. Also, please, avoid storing your cPanel login details in a text file on your desktop especially if you are not the only user of this computer. You can use roboform, lastpass or any other similar password saving software in that case. Needless to say it is not recommended to share your username and password with anyone.   4. Pay attention to security of your computer. It is strongly recommended to have an effective firewall and antivirus software with the up-to-date databases on your personal computer. Please, perform a full scan of your computer from time to time. Some viruses are intended to steal your login details and transmit them to someone who needs them. Also there are special applications which are known as keyloggers. They gather a log of keyboard buttons pressed by you, make screenshots of your desktop and send this information to a hacker. Such software can be detected by a good antivirus program so do not forget to check your PC regularly.   5. Use a secured connection when it is possible For example, with Namecheap you can connect by FTP in two ways. You can use a conventional port 21 or you can connect using a non-standard secured port 21098. If there are no network restrictions then it is recommended to use port 21098. Also, it is better to access your cPanel using non-standard port 2083 instead of standard port 80. A link which looks like http://cpanel.yourdomain.com uses port 80. If you wish to use port 2083 then, please, use link which looks like https://yourdomain.com:2083   6. Scan your webspace To avoid having the files located in your hosting account being at hazard it is recommended to use different means of scanning for malicious software. First of all you can use an in-built cPanel virus scanner. Also you can use some free online scanners such as this: http://sitecheck.sucuri.net/scanner/ It is better to combine these two ways of checking your account for viruses. In order to prevent having viruses and malware on your account it is recommended to use themes and plugins only from trusted providers. In case you have any suspects regarding your account’s security then, please, feel free to contact our Support Team at any moment.   7. Always have a backup. Even though backups are scheduled on a weekly basis on our shared servers it is recommended to keep a backup of your account somewhere in a safe place on your PC or third party server. Please do not forget to update it from time to time in order to avoid losing the important information. You can create a full cPanel backup in cPanel -> Backups. Please be informed that if your account gets bigger than 10GB or contains more than 150 000 inodes then it will be automatically excluded from weekly backups. Even more advanced and convenient solution for creating backups is CodeGuard (later, CG). It’s main advantage is the possibility of creating *automatized* backups of your site. Using CG you can partially completely restore your site if there any changes arose, which you wish to get rid of. As CG is fully integrated in your cPanel, only several clicks are required for you to start taking advantages of this great feature we have!   8. Enable CloudFlare. We recommend you enabling CloudFlare in your cPanel. It is a great solution which improves your account’s performance and security. It can help you in protecting your account against DDoS attacks, SQL injections and other similar threats. You can find more information in our guide “How to enable CloudFlare for your domain name”. Update all third party scripts to the latest versions (e.g. Joomla!, WordPress, Magentoo or any other CMS) Don't load your website with every script, theme, gadget, feature, function, and code snippet you can find on the web. Each of them could let a hacker into your site. Before you use something new, read its vulnerability report.   9. CMS security tips. If your site is build on Wordpress we recommend you to read our Wordpress security guides: CMS Security Issues. WordPress Security and Optimization Internal Protection “.htaccess” (Manual setup) and use the security tips listed there to prevent hack attempts in the future.   Following these simple recommendations you can improve your account’s security greatly. From our side we do our best to keep your account safe but if you undertake these measures a level of security increases drastically. We recommend our clients not to ignore the safety of data and always feel free to contact our Support Team in case you have any questions or complications.