Move from explanation to action with the matching DomainCheck.co.uk tools for this topic.
Start with a live domain check before deeper ownership or registration research.
Pull domains from source text when you need to audit or investigate many names.
Check UK registrar TAG details when UK domain control is part of the question.
This article focuses on one specific decision: whether a basic registrar lock is enough or whether a higher-friction registry lock is worth it. It deliberately avoids broad domain security advice and incident response steps so the reader can compare the two controls clearly.
Registrar lock and registry lock both aim to make unauthorised domain transfers harder, but they do not work in exactly the same way. The difference matters because people often assume “locked” means the domain is fully protected. It does not.
The right choice depends on how important the domain is, which TLD you use, and what your registrar or registry actually offers. The terms also vary slightly between providers, so it is worth checking the service description rather than relying on the label alone.
When you want the standard baseline protection that should stay on for almost every domain.
When the domain is business-critical and the cost of a takeover is higher than the cost of extra friction.
When the domain deserves the strongest practical protection your provider and TLD can support.
A registrar lock is usually the standard protection most domains have by default. When enabled, it helps prevent a transfer to another registrar unless the lock is removed first.
In many cases, the lock is a simple and sensible barrier against accidental changes or straightforward unauthorised transfers. It is easy to manage and generally should stay on for ordinary domains until you intentionally need to transfer the name.
That said, registrar lock is only as strong as the registrar account behind it. If an attacker can log in, reset passwords, or persuade support to unlock the domain, the lock can be removed. It is a useful control, but not a complete defence.
A registry lock is typically a more restrictive service applied at the registry level, not just inside the registrar interface. In practice, that often means extra verification steps and manual approval before certain changes can be made.
Depending on the provider and extension, registry lock may cover transfers, nameserver changes, contact updates, or unlock requests. The exact scope varies, so do not assume the same protections apply everywhere.
Registry lock is usually considered for high-value or business-critical domains, such as the main company brand, a heavily used customer-facing domain, or a name that would be difficult to replace. It is often more expensive and less convenient than a registrar lock, but that inconvenience is part of the protection.
| Control | Where it lives | Typical effect |
|---|---|---|
| Registrar lock | Registrar account | Blocks or slows normal transfer changes until it is removed |
| Registry lock | Registry-side service | Adds stronger process and approval before sensitive changes |
The simplest way to think about it is this:
That does not automatically mean registry lock is always “better” in every sense. It is stronger for some risk scenarios, but it can also be slower and more operationally demanding.
Neither lock stops every kind of domain incident.
They do not:
This is why lock settings should be treated as one layer, not the whole security plan.
The domain carries brand risk, customer email risk, or direct revenue risk and losing it would hurt the business more than extra admin friction.
For many ordinary domains, registrar lock is sufficient if you also have:
If the domain is low risk, low value, and easy to replace, a basic registrar lock may be the right balance of convenience and protection.
Registry lock becomes more attractive when the cost of losing the domain is high. That is often true when:
It can also make sense where domain change control is tightly managed, such as for regulated businesses, larger organisations, or organisations with many internal stakeholders.
This is the part that catches people out. Not every TLD supports registry lock, and not every registrar offers it even when the registry technically can.
The feature may be described differently across providers. Some services use “registry lock” as a branded product name, while others use alternative terms that still involve registry-side protection. The operational details also vary by extension. For example, the process for a .uk domain may differ from a gTLD such as .com.
Before you rely on the feature, ask:
Higher protection usually means more friction. That can be acceptable for a critical domain, but it is not always ideal for a name you change often or hand between teams.
If your business frequently updates DNS, transfers domains as part of acquisitions, or uses temporary campaign domains, a registry lock may slow legitimate work. In that case, stronger registrar security and process controls may deliver better value than a heavy operational lock.
The right question is not “which lock is strongest?” It is “which lock level matches the real risk and the amount of change this domain needs?”
If the domain would be painful to lose, keep the basic lock on and ask whether the stronger option is available. If the answer is yes and the cost is acceptable, the extra friction is usually worth it.
For most businesses:
If you only remember one thing, remember that a lock is not a guarantee. It is a control that buys time and raises the difficulty of abuse. That is valuable, but only if the rest of your account and recovery setup is also strong.