The steps below assume the following configuration:

  • Media Temple web hosting
  • WordPress
  • Avada theme

Migration Steps

  • Day before
    • Install Velvet Blue Update URLs plug-in
    • Archive files and database from production website
    • Archive files and database from test website
    • FTP upload to a temp folders on production
      • “wp-content” to “new-wp-content”
      • “wp-admin” to “new-wp-admin”
      • “wp-includes” to “new-wp-includes”
    • Prepare migration wp-config.php file with production database info
    • Prepare database restore command
    • Create redirections in HTACCESS
    • Save current URLs via Screaming Frog
  • Migration
    • Delete all files from production website using SSH & FTP
    • SSH
      • rm –R wp-content
      • rm –R wp-admin
      • rm –R wp-includes
    • delete remaining files with FTP except for temp folders
    • Rename temp folders in FTP
    • Copy all other folders and files in FTP
    • Copy new database in FTP
    • Restore database in SSH
    • Edit site URLs in database via phpMyAdmin
    • Delete database
    • copy wp-config.php
    • copy HTACCESS
    • Login into admin dashboard
    • Activate Update URLs tool
      • Run Update URLs tool
      • Enter old and new URL
      • Replace all except GUIDs
    • Avada Options -> Logo
      • Save
    • Correct remain migrate issues that cause password prompt
    • Change quote email to info@
  • Initial quick test
    • Test quot
    • Run crawl using Screaming Frog
      • Look for errors
      • Look for broken links
    • Check that Google Analytics code is present
    • Check that AdWords Conversion Tracking code is present

Additional Configuration

  • if new website
    • Google Webmaster
    • Google Analytics
    • Pingdom monitoring
  • WP Updates Notifier by Scott Crisss
    • Install and Activate
    • Settings
      • Confirm email address to send to
      • Save settings with test email
  • BackWPup by Inpsyde GmbH
    • Install and activate
    • Go to the Dashboard and follow the First Steps links
      • check the installation
      • Create a job
        • Name – Nightly
        • Job Tasks – check database backups, file backup, Installed plug-ins list
        • archive name – nightly_%Y-%m-%d_%H-%i-%s
        • Archive Format – Zip
        • Job Destination – Backup to Folder
        • confirm email address and from address to send log
        • Save changes
      • Run the created job
        • Run the job now
      • Check the job log
    • Schedule
      • Start job – check “with WordPress cron”
      • Scheduler type – basic
      • Scheduler – daily at 3:00
      • Save changes
    • To: folder
      • File deletion – 30
      • Save changes
  • WP Security Audit Log
    • Install and activate
      • Settings -> Audit Log
      • Alerts Timestamp – WordPress’ timezone
  • Wordfence
    • Install and activate
    • Close Tour
    • Click to start configuration
      • Click End the Tour
      • Web Application Firewall
        • Click continue to accept server configuration
        • Download copy of HTACCESS file
        • Click Continue
    • Scan -> Scheduling
      • Confirm automatic scans is checked by default
    • Scan -> Options
      • Check – Scan plugin files against repository versions for changes
      • Save Options
    • Firewall -> Brute Force
      • Lock out after how many login failures – 5
      • Lock out after how many forgot password attempts – 5
      • Save Options
    • Options
      • Basic Options
      • Enter email address to send alerts
      • Email Summary
      • Email Summary frequency – Once a day
      • Advanced Options
      • Check – alert me when a non-admin user signs in
    • Scan
      • Click start a Wordfence scan
      • Fix any issues
    • Wordfence Premium
      • Purchase key
      • Blocking -> Country blocking
        • Check – Block countries even if they are logged in
        • Check – block access to the login form
        • uncheck – block access to the rest of the site
      • Password Auditing
        • Start a Password audit
      • Scheduled scans
        • Schedule for nightly at 4:00 AM
      • Options
        • Check – Check if this website is being “spamvertised”
        • Check – Check if this website IP is generating spam
        • Check – Scan public facing site for vulnerabilities
        • Save
      • Run scan

    • Harden WordPress – https://codex.wordpress.org/Hardening_WordPress
      • WP-Admin folder and password protect
        • Media Temple
          • Password Protect Folder command
            • Create user
            • Select folder
        • Fix admin-ajax.php error in HTACCESS in WP-Admin folde
      • WP-Content\Uploads folder and PHP execution
        • Add to new HTACCESS file and add to Uploads folde
      • WP-config.php to prevent viewing
        • Add to top of HTACCESS fil
      • Disable File Editing
        • Add to end of wp-config.php

    Final Steps

    • Tests
      • Spot checks of links/pages
      • Redirections
      • Spell check
    • Monitor
      • Real-time visitors in Google Analytics
    • Check in a few days
      • AdWords conversions
      • Analytics – new pages
      • Google index
      • Check to see if Wordfence firewall rule is enabled