Don’t register your domains with Automattic

Automattic rearranged their domain business at the beginning of , and they didn’t bother telling their customers about the changes. I was afraid that my domain had been hijacked! This will be a fairly lengthy but thrilling tale of poor planning, execution, and customer communication.

Automattic, the company behind WordPress.com, secured the rights to the .blog top-level domain in . At launch, you could register a .blog domain name through WordPress.com or Get.blog, both operated by Automattic. Other registrars soon started offering the domain name as well.

I though it would be a good idea to register my own .blog domain through Automattic, and more specifically their Get.blog service. I don’t use hosted WordPress .com services so I wanted to keep my domain separate from that service. Cutting out a middleman registrar and getting the domain directly from Automattic was appealing to me.

As of , Get.blog was shut down as a separate registrar service. Customers were moved over to WordPress.com without any prior notice.

The first I heard of the changes was this scary looking email from WordPress.com on :

Custom Domain for ctrldotblog.wordpress.com

Howdy, you recently asked us to activate the domain mapping upgrade to use your domain name ctrl.blog as the address of your site ctrldotblog.wordpress.com

In order to get things working, you’ll need to visit your domain registrar’s site and update your name servers. The registrar is the company you own this domain through, either where you purchased it originally or transferred it to.

Your name servers are currently set to:
(my nameservers)

These will need to be changed to:

Once you make the update, it’ll take a few hours to display your WordPress.com site at ctrl.blog.

If you’re not sure how to update your name servers, please contact your domain registrar.

If you need to check the status of your domain mapping upgrade, visit the Me> Manage Purchases section of your dashboard.

Thanks for flying with WordPress.com

After receiving this email, I thought for sure that my domain had been hacked! I wasn’t a WordPress.com customer, I hadn’t registered “ctrldotblog.wordpress.com”, and I’d certainly not asked WordPress.com to make any changes to my domain name!

To me, this sounded like someone had managed to exploit a flaw in the WordPress.com management platform to hijack a .blog domain. I fired off an email to WordPress.com Support stating that I’d requested no such changes and asking for clarification.

I then proceeded to attempt to login to my account on Get.blog, but the website wouldn’t load. After an hour, the page did load but the login system was disabled “while we’re making changes”.

On , some 30 hours later, I heard back from WordPress.com:

Sorry about any confusion caused, the email was sent in error due to a glitch at our end.

No changes were made or are needed for your domain name and the email can safely be ignored.

“No changes were made or are needed for your domain name”, sounds reassuring. I was a bit upset that they’d not sent a follow-up immediately after having sent out the first email. Although I suspected that Get.blog would be merged into WordPress.com at this point, I’d just been assured that there wouldn’t be any changes needed.

Just 23 hours later, I received another email that went directly into my Spam folder titled “New login information for your domain” from WordPress.com:


We’re contacting you because you purchased a domain from get.blog, a WordPress.com service.

To give you the best experience we can offer, we’re merging the ease of use of get.blog with the power of WordPress.com. Starting today, get.blog domains will be managed at WordPress.com. This will give you advanced domain management tools, plus the ability to register other domain extensions (like .com, .org, and more!)

Nothing changes about the domain itself. Any websites, emails, or other services you use with your domain will continue working normally.“

You will now renew your domains and manage them through WordPress.com instead of get.blog.

Click "Create My Password" in this email. You’ll be asked to enter your email address — use the same email address you used on get.blog: […]

First thing first: never start an email asking customers to waste their time setting up new accounts and having to manage more passwords with “Howdy!” Secondly, there was no recognition in this email about the lack of prior notice and “glitched” automated emails.

I proceeded to set up a WordPress.com account to mange my domain. This is my third WordPress.com account, and I was not happy being asked to register yet another one under a different email. I wasn’t happy about this situation at all, actually!

After registering with WordPress.com, I was immediately presented with prompts to create my site on WordPress.com, and prompts to upgrade to WordPress.com Premium. I wasn’t surprised to see the upselling attempts, but it was more aggressive than I’d expected. WordPress.com had also helped themselves to my credit card information from my Get.blog account. The whole experience was quite unpleasant and left me with a bad impression of Automattic as a whole.

At this point, I decided to transfer my domains away from WordPress.com and find a more established registrar instead. This was, however, more difficult than expected. As it turns out, almost no registrar that let you register a .blog top-level domain will accept transfers of .blog domain names! I eventually found one, and will share my experiences with them in a separate update later.

However, transferring my domain away from WordPress.com was more difficult than expected. In the WordPress.com domain administration interface, you’ve a big green label that says “Privacy Protection: on”. Domain privacy hides your personal information form public domain registration records, and is generally a good thing. In order to transfer a domain from one registrar to another, you need to have a working email address in your public domain record (“whois information.”) I couldn’t figure out how to turn it off! Clicking on the on button took me to a screen that said it was enabled and offered me to change my details.

After three hours I found that I could cancel the domain privacy service next to the “Cancel Domain” option hidden away in the billing section of WordPress.com. After I finally managed to turn off the privacy service, I could initiate the domain transfer to my new registrar.

I moved a bunch of domains at the same time, and all transferred without incident within ten minutes. My .blog domain, however, took 14 hours to transfer. This was an early indication that WordPress.com didn’t have good procedures for handling domain name transfers.

As it turns out, WordPress.com apparently has no routines for handling domain transfers. After I’d moved my .blog domain name over to a new registrar, I can still manage it at WordPress.com. For whatever reason, the domain name and the ability to manage it haven’t been removed from my account. It has been five days since I transferred the domain away from WordPress.com. The interface lets me configure nameservers, change DNS entries and registration data, or even renew or cancel the domain.

I’ve contacted support to ask them why the domain haven’t been removed from my WordPress.com account following the transfer. I receive a reply a day later, and the domain was removed from my account. However, if you’ve similar problems you may not get it resolved as quickly:

Limited Support Sep 11 - 18

Private support will be closed from Monday, September 11 through Monday, September 18, included. We will reopen private support on Tuesday, September 19.

Why? Once a year, the WordPress.com Happiness Engineers and the rest of the WordPress.com family get together to work on improving our services, building new features, and learning how to better serve you, our users.

I don’t know what Automattic were thinking here. It shows poor planning when they choose to execute a customer account transition the week before a planned company-wide seminar. It’s not the best time to shut down one’s customer support department for a week.


Don’t register your domains through Automattic. The next time you’re looking for a domain registrar, go for an established and more experienced registrar.

This wasn’t a clean transition for .blog domain holders who had registered at Get.blog. Automattic should have communicated better about the transition, given prior notice (with enough time to choose another registrar), and they seriously need to work on their routines for handling domain transfers!

I’m embarrassed to admit that one of the reasons I registered with Get.blog was the dad-joke Automattic had given their domain business subsidiary: Knock Knock Whois There, LLC. I thought it would look cool in my whois-information. In hindsight, this was very poor judgment on my part. I also should have taken the silly company name as a red flag: Automattic seemingly don’t take their domain name business and customers all that seriously.