What is the domain password/EPP code/auth code?

When transferring a domain name between registrars or changing the ownership of a domain name, you will need to provide a Domain Authorisation code. A domain authorisation code can also be referred to as an auth code, an EPP code, or a domain password. Depending on which registrar your domain is registered through and what type of domain you have, the steps to obtain your domains authorisation code may differ. The instructions below outline how to obtain your domains authorisation code through Hostcake and by using the auDA website:

My domain is registered with Hostcake and I can access the account

If your domain is currently registered with us, the auth code may be found within the Console. Follow the instructions below to obtain your auth code.

  1. Log into your Account via the Client Portal
  2. Manage the domain you want to make changes to
  3. Click Domain Name
  4. The auth code will be displayed beneath the heading EPP Password Information, clickShow to view your password
  5. If you have a .au domain, you will need to click on View, located next to Current domain password (Auth-Info) in order to see your auth code

Depending on the type of domain you have registered, the domain auth code may not be visible in your Admin Console. If you have access to the Console and have followed the steps above but cannot locate your domain auth code, please contact our support team for assistance. We can organise to have the domain auth code emailed to the admin email contact listed in your domains WHOIS contact details.

My domain is registered with Hostcake and I can’t access the account

.au domain name (com.au, net.au, org.au)

Use this link below to have your Client Portal password reset.

If you no longer have access to the current registrant email address, then it will need to be changed in order to receive the EPP code. The best way to do this is to complete a Password Recovery Form.

Password Recovery Form

There are several pieces of information that you must provide in order for us to complete the password recovery process.

***Please note that this form is only used if you wish to change the registrant email address. If you still have access to the registrant email address, please logon your Hostcake Client Portal to obtain the EEP code.

We will need the domain name in question, as well as the current registrant details. If you are unsure of the registrant details, you can perform a Whois search on your domain name here.

It is important to note that the registrant and the registrant contact are two separate entities, and just because you are the registrant contact, does not necessarily mean you are the registrant. The nature of the registrant will determine what further documentation is required.


If the registrant entity is a Sole Trader (an ABN assigned to an individual), then all we require is the photo ID of that person, and the desired registrant email address.


If the registrant is a company or a similar entity, then additional information is required. In order to prove that you are authorised to act on behalf of this entity, we will need an offfical ASIC extract of the registrant entity. These can be obtained from the ASIC website.

This can be obtained by searching for your ABN/ACN on the ASIC wesbite. Once on the page, scroll down to the bottom of the page and click the link to obtain the Company Extract – Current company information.

An example extract can be viewed here.

Accompanying the ASIC extract, we will also need the Photo ID of one of the directors or proprietors listed on the extract, as these are the people authorised to act on behalf of this entity.

***While other documentation may be accepted, this is our preferred method of verification as it contains all of the relevant information, and is useful document to have for any future methods of verification, and is used in a number of other processes.

Generic TLD domains (com, net, org, biz)

  1. Visit http://who.is/
  2. Check the Admin Contact email address is one you have access to
  3. If the email is correct please contact us to get the password sent. If the email is not correct please contact Hostcake Support

My domain is not registered with Hostcake

.au domain name (com.au, net.au, org.au)

If you own a .au domain name, you may use the instructions below to get the auDA to email the domain auth code to the registrant email address listed in your domains WHOIS contact details, if the email is not correct you will need to contact your current registrAUDAar.

Visit the Auda Password recovery form.

  1. Enter the domain name and the captcha code
  2. Click [Recover]. The auDA auth code recovery service will display the Registrar of Record, the Registrant Name, and the Contact Email for the domain
  3. Click [Email] to have the auth code sent to the contact email address. If this email address is not correct, contact that Registrar of Record to request assistance

Generic TLD domains (com, net, org, biz)

To recover the auth code for a gTLD domain, contact the registrar of record for that domain for assistance. To find the registrar for a given gTLD:

  1. Visit http://who.is/
  2. Follow the onscreen instructions to perform a look up against your domain
  3. The results from the WHOIS look up will display the current registrar for your domain

How can I protect my website against hackers?

How can I protect my website against hackers?

you have been hacked


It is critical that your website is kept safe and secure from hackers. Although Hostcake employs a range of measures to keep our web servers secure, individual customer accounts can still be exposed and maliciously hacked. The following strategies should be used as precautions against hacker activity.

Keep your scripts and plugins up to date

This is an extremely important measure – make sure you keep abreast of the latest updates to any scripts you run, especially if they are popular and widely used (for example, Joomla and WordPress) well as any shopping carts, etc. Once a vulnerability is exploited, it spreads through the internet like wildfire. Most scripts cannot auto-update themselves, so you will have to do this manually. We also strongly suggest you consider subscribing to a website maintenance service that will take care of this task for you. Just like a car you can’t create your website and expect it to run trouble free without any form of servicing.

Hide your website admin area (very important!)

Hackers will scan and probe directories, using automated scripts, looking for tell-tale files like login.php, adminlogin.php and so on. It is certainly recommended that if you are using the well known “Word Press” website format that you DON’T name your admin user “admin”, try something more random. A WordPress plugin such as “WordFence” will help protect your site from repeated password guessing attempts.

Maintain strong passwords

Make sure you use strong passwords (at least 12 characters, with symbols and numbers where possible). This mitigates the possibility of a brute force and dictionary attack. Use different and unique passwords for your cPanel, MySQL databases, WordPress or Joomla and email accounts. If you need some secure passwords, try the random password generator in your Cpanel logon. It’s also good practice to change your passwords every month to maintain the security of your accounts.

Keep your own PC up-to-date and virus free

This tip is very important! Many customers have infected their own websites because their computer was compromised and used to attack the website. Make sure you set your Windows Update setting to ‘automatic’ (for Windows 10 users this is already in place) and always leave your firewall on (either the Windows firewall or the one provided by your antivirus software should do). Also, make sure you are running an up-to-date virus scanner. If your computer does get infected, hackers can potentially install a keylogger on your PC. Keyloggers record everything you type and send it back to the hacker, thereby compromising all your secure accounts.

Don’t log into your account at internet cafes or via unsecured wifi

You don’t know what is on the internet cafe PC, and therefore you shouldn’t trust it. Even if the internet cafe owner is legitimate, someone may have installed malicious software on the computer, capturing all your passwords and login details. Similarly, if you use a Wifi point, someone might be ‘listening in’ and intercepting your details.

Containment principle

Our servers are set up in a way that contains any damage or hacking activity to the affected user account. Therefore, if you make any mistakes and are hacked, only your user account will be affected. However, if you are affected, the best and quickest way to recover is to restore from backup.

Restoring from a backup

If your account is compromised, restoring from your last known good backup is preferred. Using this method you can be sure that none of your files have been tampered or modified. Although we keep our own backups of your websites, we urge all our customers to periodically make their own backup. Once your account is restored, you can then use the tips above to prevent it being compromised again.

Please contact us as Hostcake support if you would like further information.


Safe Browsing!