The steps below assume the following configuration:
- Media Temple web hosting
- WordPress
- Avada theme
Migration Steps
- Day before
- Install Velvet Blue Update URLs plug-in
- Archive files and database from production website
- Archive files and database from test website
- FTP upload to a temp folders on production
- “wp-content” to “new-wp-content”
- “wp-admin” to “new-wp-admin”
- “wp-includes” to “new-wp-includes”
- Prepare migration wp-config.php file with production database info
- Prepare database restore command
- Create redirections in HTACCESS
- Save current URLs via Screaming Frog
- Migration
- Delete all files from production website using SSH & FTP
- SSH
- rm –R wp-content
- rm –R wp-admin
- rm –R wp-includes
- delete remaining files with FTP except for temp folders
- Rename temp folders in FTP
- Copy all other folders and files in FTP
- Copy new database in FTP
- Restore database in SSH
- Edit site URLs in database via phpMyAdmin
- Delete database
- copy wp-config.php
- copy HTACCESS
- Login into admin dashboard
- Activate Update URLs tool
- Run Update URLs tool
- Enter old and new URL
- Replace all except GUIDs
- Avada Options -> Logo
- Save
- Correct remain migrate issues that cause password prompt
- Change quote email to info@
- Initial quick test
- Test quot
- Run crawl using Screaming Frog
- Look for errors
- Look for broken links
- Check that Google Analytics code is present
- Check that AdWords Conversion Tracking code is present
Additional Configuration
- if new website
- Google Webmaster
- Google Analytics
- Pingdom monitoring
- WP Updates Notifier by Scott Crisss
- Install and Activate
- Settings
- Confirm email address to send to
- Save settings with test email
- BackWPup by Inpsyde GmbH
- Install and activate
- Go to the Dashboard and follow the First Steps links
- check the installation
- Create a job
- Name – Nightly
- Job Tasks – check database backups, file backup, Installed plug-ins list
- archive name – nightly_%Y-%m-%d_%H-%i-%s
- Archive Format – Zip
- Job Destination – Backup to Folder
- confirm email address and from address to send log
- Save changes
- Run the created job
- Run the job now
- Check the job log
- Schedule
- Start job – check “with WordPress cron”
- Scheduler type – basic
- Scheduler – daily at 3:00
- Save changes
- To: folder
- File deletion – 30
- Save changes
- WP Security Audit Log
- Install and activate
- Settings -> Audit Log
- Alerts Timestamp – WordPress’ timezone
- Wordfence
- Install and activate
- Close Tour
- Click to start configuration
- Click End the Tour
- Web Application Firewall
- Click continue to accept server configuration
- Download copy of HTACCESS file
- Click Continue
- Scan -> Scheduling
- Confirm automatic scans is checked by default
- Scan -> Options
- Check – Scan plugin files against repository versions for changes
- Save Options
- Firewall -> Brute Force
- Lock out after how many login failures – 5
- Lock out after how many forgot password attempts – 5
- Save Options
- Options
- Basic Options
- Enter email address to send alerts
- Email Summary
- Email Summary frequency – Once a day
- Advanced Options
- Check – alert me when a non-admin user signs in
- Scan
- Click start a Wordfence scan
- Fix any issues
- Wordfence Premium
- Purchase key
- Blocking -> Country blocking
- Check – Block countries even if they are logged in
- Check – block access to the login form
- uncheck – block access to the rest of the site
- Password Auditing
- Start a Password audit
- Scheduled scans
- Schedule for nightly at 4:00 AM
- Options
- Check – Check if this website is being “spamvertised”
- Check – Check if this website IP is generating spam
- Check – Scan public facing site for vulnerabilities
- Save
- Run scan
- Harden WordPress – https://codex.wordpress.org/Hardening_WordPress
- WP-Admin folder and password protect
- Media Temple
- Password Protect Folder command
- Create user
- Select folder
- Fix admin-ajax.php error in HTACCESS in WP-Admin folde
- WP-Content\Uploads folder and PHP execution
- Add to new HTACCESS file and add to Uploads folde
- WP-config.php to prevent viewing
- Add to top of HTACCESS fil
- Disable File Editing
- Add to end of wp-config.php
Final Steps
- Tests
- Spot checks of links/pages
- Redirections
- Spell check
- Monitor
- Real-time visitors in Google Analytics
- Check in a few days
- AdWords conversions
- Analytics – new pages
- Google index
- Check to see if Wordfence firewall rule is enabled