How to Build a WordPress Site Migration Checklist for Agency-Scale Moves

Every migration your agency runs that starts from scratch adds hidden cost: scoping time, missed checks, inconsistent handoffs, and post-launch tickets that should never have been opened. The fix is not a better project plan. It is a runbook, a documented sequence of phases your team runs identically on every client site, regardless of size or complexity.

Most WordPress migration guides focus on the technical steps for a single site. This one is structured differently, because agencies running a client fleet need a framework that compounds across every move, not just a checklist that works once.

A migration runbook has four phases: pre-migration audit, pre-flight environment prep, cutover, and post-migration verification. Each phase ends with a signed-off checklist. The output is not just a moved site. It is a record of every decision made, every credential touched, and every test passed, which matters when a client calls three weeks later asking why their contact form stopped working.

Structuring migrations this way also changes how you staff them. When the steps are fixed, any trained operator on your team can run the migration, not just the person who built the original site. That is how agencies scale past their founding team without degrading quality.

A pre-migration audit is the single most important phase of any WordPress site migration, because errors caught here cost nothing to fix, while the same errors caught after cutover can cost hours of recovery time and client trust.

Before touching any file or database, capture and document:

• Hosting environment: PHP version, server type (Apache or Nginx), MySQL version, memory limit, max upload size, and any server-level caching layers
• Active plugins and themes: version numbers, license keys, and whether each is actively maintained upstream
• Custom functionality: custom post types, taxonomies, rewrite rules, and any code in functions.php or custom plugins
• Media library: total size, any external storage via offload plugins, and a check for broken attachments
• Third-party Connectors: payment gateways, CRM connections, form handlers, analytics scripts, and ad tags
• DNS records: current A, CNAME, MX, and TXT records documented in full before any changes
• SSL certificate status: expiry date and certificate authority
• Performance baseline: current load time and Core Web Vitals scores to compare against after migration

Running a structured pre-migration audit across your fleet, rather than ad hoc per project, also surfaces patterns you can act on at scale. See how to run a WordPress site audit across your entire client fleet for the fleet-level version of this process.

Cutover failures are rarely caused by the migration itself. They are caused by missing access discovered mid-move, when the cost of stopping is highest.

Confirm every item below at least 48 hours before your scheduled cutover window:

• SSH or SFTP credentials to both source and destination servers, tested and confirmed working
• WordPress admin credentials for both source and destination environments
• Database access on the destination: host, port, database name, username, and password all verified
• DNS registrar login confirmed and TTL lowered to 300 seconds at least 24 hours before cutover
• Email routing on destination: SMTP settings, MX records, and any transactional email service API keys
• A staging environment on the destination host with a temporary domain for full testing before DNS switch
• A complete backup of the source site, taken within 24 hours of cutover, stored independently of both hosts

If the destination is a managed WordPress hosting environment built for agencies, confirm explicitly which responsibilities the host handles at the server level (backups, SSL provisioning, object caching) and which remain yours. Document the boundary. Assumptions here create gaps that only appear after the site is live on the new host.

The cutover phase is where most migration errors are introduced, and where a checklist earns its keep. Run these steps in sequence. Do not skip a step because a prior migration went cleanly.

File and database transfer:

• Export the database from source using a method that handles large tables without timeout (WP-CLI or phpMyAdmin with chunked export)
• Transfer all files, including hidden files such as .htaccess
• Import the database on destination and verify row counts match the source export
• Update wp-config.php with destination database credentials
• Run a search-replace for all URLs using a tool that handles serialized data correctly, not a raw SQL replace

Staging verification before DNS change:

• Test all major page types: home, archive, single post, single page, and any commerce or membership pages
• Submit every form type and confirm delivery end-to-end
• Confirm user login and registration flows function correctly
• Verify all third-party Connectors fire correctly using browser developer tools to check network requests
• Run a crawl for broken internal links
• Confirm SSL is active and enforced on the destination domain
• Confirm redirects from any changed URL structures are in place

Do not proceed to DNS cutover until every staging verification item passes. A failed check on staging takes minutes to fix. The same failure discovered after DNS propagation takes much longer and affects real visitors.

DNS cutover timing determines how much data divergence your client’s site accumulates during the move, and how long visitors see an inconsistent state.

Before flipping DNS, confirm that your TTL reduction from the pre-flight phase has propagated fully. With TTL at 300 seconds, most resolvers will pick up the new A record within five to ten minutes of the change.

Enable WordPress maintenance mode only during the window when the live database on the source host is frozen for final export. For most migrations, this window is under 30 minutes. Maintenance mode beyond that window costs the client real traffic and should be avoided unless the site has an active transaction layer (e-commerce, membership, booking) where data divergence between source and destination would cause genuine loss.

Communicate the cutover window to the client before it starts: an exact start time, an expected duration, and a direct contact for the operator running the move. Do not give an estimate range for maintenance mode. Give a specific time and hold to it. Vague windows create unnecessary support escalations.

After the DNS change, monitor propagation from multiple geographic locations using a DNS propagation checker, and watch traffic on the source server drop off to confirm the switch is complete before decommissioning or repurposing the source environment.

The post-migration audit is not optional, and it is not a quick visual check. It is a structured verification pass that compares the live destination site against the baseline captured in the pre-migration audit.

Run these checks within two hours of DNS propagation completing, while you still have access to the source environment:

• Performance: run a fresh Core Web Vitals measurement and compare against the pre-migration baseline. Regressions almost always trace back to caching not configured or object cache not connected on the new host.
• Search indexing: confirm Google Search Console has the destination domain verified and submit a fresh sitemap. Check that no noindex tags from the staging configuration carried over to production.
• Email delivery: send a test from every contact form and a test transactional email (password reset, order confirmation) and confirm delivery, including a spam folder check.
• SSL and security headers: run the destination domain through an SSL checker and an HTTP headers inspector. Confirm HTTPS redirects are enforced and that HSTS is present if it was present on the source.
• Analytics and tracking: confirm your analytics platform is receiving sessions on the destination domain and that no duplicate tracking is firing.
• Broken links: run a full crawl of the destination and export any 4xx responses for immediate resolution.
• Backup configuration: confirm the destination host’s backup schedule is active and that at least one post-migration backup exists before closing the ticket.

Document the result of each check with a pass or fail and a timestamp. This record is your proof of completion if anything is disputed weeks later.

A checklist used once is a document. A checklist used on every migration is a runbook, and the difference is in how you store it, version it, and assign it.

Store the runbook in a format that can be templated per client. Each migration gets its own instance, pre-populated with client-specific details (source host, destination host, primary domain, DNS registrar), with the steps identical across all instances. Name each instance with a consistent convention, such as client shortcode, date, and migration type, so your team can find prior runs when a client question surfaces months later.

Review the runbook after every migration. If a check caught something real, keep it. If a step was consistently skipped without consequence, remove it. A runbook that grows without pruning becomes noise. The goal is a checklist your team can complete without referring back to documentation for every item.

For agencies operating on managed WordPress hosting for multiple clients, the runbook should also document what the host provides automatically so operators do not duplicate those steps or, worse, assume coverage that is not there. The runbook is the operating memory of your migration practice, not any one team member’s personal knowledge.

When migrations run consistently and every step is auditable, they become a commodity service your agency can price, staff, and hand off without the founding team in the room. That is the compounding return of treating your WordPress migration checklist as a permanent operating layer, not a one-time project artifact.