Guidance

What to do if your domain name is compromised

Check who to contact if you think your domain is compromised.

From:
Central Digital and Data Office and Cabinet Office
Published
19 December 2019
Last updated
30 June 2022 — See all updates

Domain names are regularly attacked and sometimes compromised within the domain name system (DNS). You must work with your IT team or supplier to keep your domain name secure and take action if attackers have compromised your domain name.

Contact your .gov.uk Approved Registrar or DNS supplier immediately if any services like your website or email go offline or look like they may have been compromised by a malicious attacker

If your supplier confirms that your domain has been compromised you must immediately:

Threats can escalate quickly and cause irreparable damage. If the Domains Team finds a severe vulnerability we may make emergency changes to your domain to protect any impacted public sector services.

Published 19 December 2019
Last updated 30 June 2022 + show all updates

  1. Restructured to confirm you should contact your supplier in the first instances and then take additional steps if necessary

  2. The Domain Management team has now moved to the Central Digital and Data Office. This update removes any references to the Government Digital Service (GDS).

  3. First published.

Part of Apply for a .gov.uk domain name: step by step

  1. Step 1 Check if your organisation can apply

    1. Benefits of getting a .gov.uk domain
    2. Check your organisation can get a .gov.uk domain name
    3. Get permission to apply

  2. Step 2 Identify a registrant for your .gov.uk domain name

    If your organisation is eligible for a .gov.uk domain name, you must identify a registrant who is going to be responsible for the domain and then choose a .gov.uk Approved Registrar.

    1. Identify a registrant for your .gov.uk domain name
    2. Choose a .gov.uk Approved Registrar

  3. Step 3 Choose your domain name

    1. Choose your .gov.uk domain name

  4. Step 4 Apply for your domain name

    1. Apply for your .gov.uk domain name

  5. Step 5 Appeal your rejected domain name application

    1. Appeal your rejected .gov.uk domain name application

  6. Step 6 Use your domain name

    Registrants must follow the Cabinet Office guidelines once their .gov.uk domain is live, or Cabinet Office will withdraw it. For example, registrants must keep contact details up to date.

    1. Get started with your .gov.uk domain name
    2. Keep your domain name secure

  7. Step 7 Manage your domain name

    Registrants or their Technical Points of Contact can make changes to a .gov.uk domain name.

    1. Renew your domain name
    2. Create and manage .gov.uk subdomains
    3. Modify or transfer your domain name

    If your organisation no longer needs a domain name, you must take steps to protect it.

    1. Stop using your domain name
    2. You are currently viewing: What to do if your domain is compromised