Why requesting EPP code for domain validation?
-
Hello WordPress!
Thank you for this great platform running the web for decades :)
In order to connect a subdomain to a managed wordpress.com website with a paid plan, I have to follow connect a domain steps.
My use case is to connect a subdomain blog.example.com (not to transfer, not to connect “full” domain) to an existing wordpress.com website.
It’s asking the EPP code to verify the ownership of the domain and I don’t understand why this method is used.
The official documentation connect existing domain is reassuring:"We only use the authorization code to verify your your domain ownership. We will not transfer the domain registration to WordPress.com."
But it’s a real problem to provide this code, because it requires to unlock domain transfer protection and initiate a transfer so it’s like we would transfer the whole domain to WordPress (or elsewhere). So either it’s difficult to obtain (if you have extra domain protections for instance) or just not safe to provide (and to ask for!).
NameCheap says in My hosting provider is asking for my Auth/EPP code. Is it safe to provide it?:"Some hosting companies may tell you that this is the only way to verify the domain for using hosting with them, but please be aware that it should be requested only if domain registration is being transferred to them, and there should be alternative methods of verification, such as change of nameservers, etc.“
Why not implementing other verification methods (e.g. TXT or CNAME in DNS)?
Thank you a lot in advance for considering my request.
Thibault -
Hi @thibaultduponchellewp , thanks for the feedback.
Just to clarify, are you able to get the EPP code without unlocking the domain? You won’t be able to transfer it that way, but since transferring it is not the goal, it shouldn’t matter.
Our interface allows you to get the code without unlocking, but if your registrar does not, that’s worth noting here. -
Hi @supernovia , thanks for your answer :)
“Just to clarify, are you able to get the EPP code without unlocking the domain? You won’t be able to transfer it that way, but since transferring it is not the goal, it shouldn’t matter.“
No.
And it’s like this in most of the registrar, the process of getting the auth code means you have to “unlock transfer” and often very explicitly “initiate a transfer out” :/ There is no such “Get the auth code just to verify”.
GODADDY – Under Domain Lock, you have to “Set lock to Off” then save, then you have to “Transfer out of GoDaddy” to get the auth code
GANDI – You have to select tab “Transfer Out”, disable “Set transfer lock” then you can see and copy the auth code
OVH – You have to disable “Protection against domain name transfer” then click on “AUTH/INFO” and you can see and copy the auth code
Using GoDaddy, what I did to mitigate was to lock again the domain transfer after the auth code retrieval so I provided the auth code to WordPress with a domain transfer locked. But still, it’s not the solution.
And there are even some relatively common cases where it will be almost impossible to retrieve the auth code, e.g.:
– When you activate GoDaddy Ultimate Protection, you can’t even unlock the domain without dropping this service.
– Think if you have a “Registry Lock” on the domain… -
This is a relatively new process for WordPress.com to avoid fraudulent use of domains not registered with us that are using our nameservers – if we don’t verify ownership, then anyone can connect a domain using a paid plan even if they don’t own the domain.
Since you don’t have any domains or paid plans under your account, we can’t advise in your specific case. If you can log into the WordPress.com account that owns the upgrades and let us know what domain you’re trying to set up and for which WordPress.com site, then we’ll be better able to advise on your next steps.
Thanks!
- The topic ‘Why requesting EPP code for domain validation?’ is closed to new replies.
WordPress.com Forums 