Overview
WHOIS privacy (also called ID protection or domain privacy) replaces the registrant's real contact information in public WHOIS results with proxy contact details provided by the registrar. The real contact data is still held internally by the registrar and Commerce.
Prerequisites
WHOIS privacy is only available if the TLD has whois_privacy_available = true in the TLD Manager. Not all TLD registries permit WHOIS privacy — many country-code TLDs (ccTLDs) require accurate public WHOIS data by registry policy.
Enabling WHOIS Privacy
Admin:
- Go to Admin → Domains → [domain].
- Find the WHOIS Privacy toggle.
- Toggle on. Commerce calls
setPrivacy(domain, true)on the active registrar module. - A success/failure message is shown inline.
Client:
- Go to
/client/domains/{domain}. - Toggle WHOIS Privacy.
- Same API call fires.
The toggle state is stored as whois_privacy (boolean) on the domains record after a successful API response.
Disabling WHOIS Privacy
Toggle the switch off on the same screens. Commerce calls setPrivacy(domain, false). The registrant's real contact details become publicly visible in WHOIS results within the registrar's propagation time (usually minutes).
Registrar-Specific Implementation
| Registrar Module | WHOIS Privacy Service | API Calls Used |
|---|---|---|
| ResellerClub | Privacy Protect | privacy-protect/enable, privacy-protect/disable |
| Enom | WhoisGuard | PurchaseServices + SetWhoisGuardEnabled |
| OpenSRS | ID Protect | set_privacy action |
| Namecheap | WhoisGuard | AddWhoisguardPrivacy + EnableWhoisguardPrivacy / DisableWhoisguardPrivacy |
| CentralNic | Privacy Service | ModifyDomain with X-WHOIS-RSPRO flag |
The Commerce module abstracts these differences — the admin/client toggle works the same way regardless of the underlying registrar.
Cost Considerations
Some registrars charge for WHOIS privacy as an add-on service. Commerce does not automatically bill for this separately — it is factored into the domain pricing or offered as an included feature depending on your business model.
If you want to charge for it separately:
- Create an add-on product (e.g. "WHOIS Privacy Protection — $1.99/year").
- Require clients to add it to their cart before the toggle is available.
- This is a manual workflow — Commerce does not enforce a paywall on the toggle.
WHOIS Privacy and GDPR
Since GDPR (2018), most registrars redact registrant contact information from public WHOIS by default for EU registrants regardless of the privacy toggle. Even with privacy off, many registries no longer display full contact details. The WHOIS privacy toggle remains useful for non-EU registrants and for registrars/registries that have not implemented GDPR redaction.