You’ve read 17 guides, watched three YouTube tutorials, and somehow feel more confused than when you started. WordPress migration shouldn’t be this chaotic, but it often is.
That’s why this checklist takes a different approach: it tells you what to do when everything goes right and it prepares you for when things go wrong.
Migration touches every part of your site – files, databases, DNS settings, plugins, themes, and sometimes, your SEO rankings. It’s a delicate process, and even one missed step can break your site or expose it to vulnerabilities.
This guide is built around a security-first mindset, assuming the worst so you can ensure the best. Each step includes not just the action, but how to verify it worked – and what to do if it didn’t.
Here’s your clear, dependable path through the migration maze!
To successfully migrate a WordPress site, you’ll need several credentials: SFTP access to your site files, database access (username, password, host), cPanel or control panel credentials, and WordPress admin login
Phase 1: The WordPress site pre-migration security scan
Experienced professionals always scan for malware before exporting a site because migrating an infected site only spreads the issue to the new host.
For example, a backdoor hidden in a theme’s functions.php file could remain undetected, allowing attackers to regain access after the migration. Without a security scan, you’re essentially moving the infection, making it harder to pinpoint later.
ShieldPRO’s file integrity and malware scanners offer an effective solution. These tools check your site’s files for any changes or malware signatures, ensuring that only uncompromised, verified data makes it to the new host. Running these scans ensures your source site is free from hidden threats.
To optimise this process, scan your site during low-traffic periods, as identified through analytics. This reduces the impact on site performance and allows for a thorough check without disrupting the user experience.
Phase 2: Creating WordPress backups that don’t fail when you need them
Backup plugins often promise a “complete” archive, but many fail when it’s time to restore due to issues like timeouts, especially on larger sites.
This is a serious problem – having a backup doesn’t mean you can rely on it to restore your site properly. In some cases, incomplete backups or errors during the restoration process can leave your site in an unusable state.
A true backup is one that can be fully restored, not just one that looks complete on the surface.
For instance, if the backup fails to restore your database properly or if some files are corrupted or lost, your site will be left in a broken state. You need to be testing your backups regularly to ensure their reliability.
ShieldBACKUPS addresses this issue by creating on-demand full-site snapshots, which include an integrated database export. This ensures that everything – files, themes, plugins, and settings – is captured and ready for a smooth migration.
Phase 3: Migration, DNS Configuration, and timing for zero downtime
Step 1: Choose your migration method
Select between migration plugins like Duplicator or UpdraftPlus, manual transfer, or hosting provider tools based on your technical expertise and site complexity.
Plugins offer guided processes and handle most technical details automatically, but you’ll need to verify the restored site manually as they can miss custom configurations, serialised data, or files over certain size limits. Manual migrations give you complete control but require more technical knowledge.
Step 2: Set up a testing environment
Use your host’s staging feature or the hosts file technique to create a parallel testing environment. This allows you to test the entire migration process while keeping your live site completely untouched. Test all functionality, including forms, eCommerce features, and custom integrations, before proceeding to the live migration.
Step 3: Export and transfer your data
For plugin migrations, follow the guided export/import process, ensuring all files and databases transfer completely.
For manual migrations: Export your WordPress database using phpMyAdmin (excluding unnecessary tables), transfer all WordPress files via SFTP or file manager, create a new database on your target host, import the database file, and update wp-config.php with the new database credentials.
Verify at each checkpoint that files, themes, plugins, and database connections work correctly.
Step 4: Configure DNS for minimal downtime
Lower your domain’s TTL (Time to Live) to 300 seconds at least 24 to 48 hours before migration. This ensures faster DNS propagation when you switch hosts, reducing potential downtime from 48 hours to just 5 to 10 minutes when you update your DNS records to point to the new server.
Step 5: Go live and perform final DNS checks
Update your DNS records to point to your new host – this is the point of no return, as your site becomes live on the new server. Immediately check for SSL certificate mismatches that can trigger security warnings, test for plugin conflicts during DNS propagation, and verify all site functionality.
ShieldPRO’s keyless licensing ensures your security settings remain intact even when URLs change, providing uninterrupted protection.
Phase 4: Post-migration testing and SEO preservation
Post-migration, testing goes beyond just checking if the homepage loads.
A thorough checklist ensures your site’s functionality: test forms, user accounts, eCommerce elements, and custom post types. For WooCommerce, ensure that order processing and payment gateways work smoothly after migration.
Implement 301 redirects to signal search engines that pages have permanently moved, and verify this with tools like Screaming Frog or Redirect Path.
Use a pre-migration SEO audit to document metadata and, post-migration, use Google Search Console to monitor crawl errors and 404s.
Phase 5: Preventing common migration errors and ensuring security
Several common errors can break your site during migration, including:
- The white screen of death due to PHP version mismatches.
- Database connection issues often from incorrect wp-config.php settings.
- Serialised data corruption causing plugin/theme malfunctions.
Make sure your PHP version matches the old server, double-check wp-config.php settings, and use tools to fix serialised data.
Once both old and new servers are live, there’s a vulnerability window that could expose your site to attack. Ensure that firewalls, bot protection, and SSL certificates are active immediately after migration.
Use ShieldPRO’s Import/Export feature for quick replication of security settings across environments, ensuring consistency across all sites.
Additionally, remember to update webhook URLs and API endpoints, as these can break integrations with third-party services if not adjusted.
Get your WordPress migrations right every time with ShieldPRO
Migrating a WordPress site is all about doing it safely and without disrupting your site’s functionality or search presence.
From running a malware scan to verifying backups, managing the DNS transition, and conducting post-migration testing, each phase is critical for a smooth handoff with zero downtime and no security risks.
Mistakes during migration can lead to broken pages, lost SEO rankings, or worse – exposing your new site to malware carried over from the old one. That’s why using the right tools is just as important as following the right steps.
ShieldPRO ensures your site is clean before the move, protecting your reputation and preventing hidden backdoors from being carried over. And with ShieldBACKUPS – included in most plans – you get full-site, on-demand backups you can rely on, ready for restoration when you need them most.If you’re planning a migration or just want to be ready when the time comes, start with the right foundation. Check out ShieldPRO to safeguard your site throughout the process.
