Closing the deal is only the midpoint of an online business acquisition. The real risk often appears in the handoff: a missed DNS record, a forgotten admin account, an email service left under the seller’s control, or a payment processor that stops deposits on day one. This website transfer checklist is designed as a practical post-close guide you can return to whenever you buy, sell, or restructure a digital asset. It covers domains, hosting, email, payments, files, access, and the operational details that make a transfer complete rather than merely signed.
Overview
Use this article as a post acquisition transfer checklist for websites, content sites, ecommerce stores, SaaS products, and domain-based digital assets. The goal is simple: make sure the buyer can operate the asset independently, and make sure the seller can fully step away without leaving security or continuity problems behind.
A clean transfer usually has five outcomes:
- Control is clear: the buyer owns the domain, infrastructure, and key accounts or has direct admin rights to them.
- Operations continue: the website stays live, payments keep flowing, and customer communications do not break.
- Access is audited: old credentials, shared logins, and informal permissions are replaced or removed.
- Records are preserved: backups, billing history, renewal dates, licenses, and vendor relationships are documented.
- Risk is reduced: the transfer is tested, monitored, and confirmed before the seller disappears from the workflow.
That sounds straightforward, but in practice transfers fail in small places. Source material on website migration consistently points to the same safe sequence: document the current setup, back up files and databases, understand the hosting environment, move components carefully, update DNS deliberately, and test after migration. In acquisition terms, that means your website handover checklist should cover both technical movement and account ownership.
Before you start the handoff, gather one master document shared between buyer and seller. It should include:
- Asset list: domains, subdomains, websites, staging sites, apps, landing pages, and related digital assets
- Hosting and registrar details
- CMS, plugins, themes, and custom code locations
- Email providers and key inboxes
- Payment processors and payout destinations
- Analytics, search, ads, social, and tracking tools
- Renewal dates, billing owners, and subscription dependencies
- Named transfer owner on each side and a target completion date
If you are still pre-close, pair this article with a broader website due diligence checklist for buyers and your transaction documents such as the LOI for buying an online business. If funds are still being released, an online business escrow process can help keep the transfer milestones tied to payment.
Checklist by scenario
This section gives you a reusable website transfer checklist by asset type. Start with the universal checklist, then add the scenario-specific items that apply to your deal.
Universal post-close website transfer checklist
- Confirm the asset inventory: verify every domain, subdomain, code repository, CMS install, database, CDN, and third-party tool included in the sale.
- Capture backups before changes: export site files, database snapshots, configuration settings, and platform-level backups. Keep at least one seller-side backup and one buyer-side backup during transition.
- Document the current setup: host, registrar, nameservers, DNS records, SSL status, cron jobs, web server settings, redirect rules, and any custom integrations.
- Set a transfer window: choose a low-risk period for DNS changes and hosting migration, especially if the site has active traffic or sales.
- Transfer or delegate the domain: move the domain to the buyer’s registrar account or push it internally where supported. Confirm who controls nameservers and DNS immediately after.
- Move hosting or grant admin access: either migrate the site to buyer-owned hosting or create buyer-owned top-level credentials on the existing environment.
- Update email ownership: transfer inboxes, aliases, forwarding rules, and sending domains. Make sure password reset emails now route to buyer-controlled addresses.
- Transfer payment operations: update processor ownership where allowed, or create replacement accounts and switch checkout, billing, and payout settings.
- Rotate credentials: replace all shared passwords, API keys, SSH keys, tokens, webhook secrets, and backup recovery codes.
- Audit user access: remove the seller, old contractors, and dormant users from hosting, CMS, registrar, plugins, repositories, analytics, support tools, and no-code platforms.
- Test everything: front-end pages, forms, checkout, login, search, backups, email sending, analytics, and mobile behavior.
- Monitor after cutover: watch uptime, traffic, indexing signals, payment events, and support inboxes for several days after the handoff.
Scenario 1: Content site or SEO website
If the asset is a content site, the biggest transfer risks are SEO loss, broken plugins, analytics gaps, and ad or affiliate interruptions.
- Transfer the main domain and any redirecting domains
- Export the CMS database and media library
- Move theme files, custom templates, and plugin settings
- Recreate caching, CDN, security, and image optimization settings
- Verify robots.txt, sitemap, canonical tags, and redirect rules
- Transfer Google Search Console, analytics access, and tag manager ownership
- Update affiliate account payees and contact emails where contracts allow
- Confirm ad network permissions, ads.txt, and payout destination details
- Check top landing pages manually after DNS or host changes
If the site’s value came from search visibility, compare the post-transfer setup against whatever informed valuation. This is especially important if you used frameworks from a content website valuation guide when pricing the deal.
Scenario 2: Ecommerce store
Ecommerce transfers are less forgiving because a broken setting can affect live orders within minutes.
- Transfer the domain, storefront, theme, and product database
- Verify checkout, tax rules, shipping settings, and transactional email
- Update payment gateway ownership or replace the gateway cleanly
- Transfer inventory systems, SKUs, supplier contacts, and return workflows
- Move support inboxes, FAQ tools, and help desk access
- Confirm app subscriptions tied to upsells, reviews, subscriptions, and analytics
- Test discount codes, abandoned cart flows, and order notifications
- Update legal pages if the operating entity, address, or contact details changed
For larger stores, also align this checklist with an ecommerce business due diligence checklist so post-close transfer matches what was actually purchased.
Scenario 3: SaaS or web app
For SaaS, the transfer includes the customer-facing product and the underlying operating stack.
- Transfer the production domain and application hosting
- Move repositories, deployment pipelines, environment variables, and infrastructure accounts
- Rotate secrets, API keys, and cloud credentials immediately after handoff
- Transfer databases, backups, logs, and observability tools
- Update billing system ownership, subscription webhooks, and payout destinations
- Transfer support systems, status pages, and incident alerting
- Review license ownership for paid components and frameworks
- Check that admin roles are reassigned and seller super-admin access is removed
If the acquisition included code quality, revenue quality, or churn review, keep your transfer plan consistent with the findings from a SaaS acquisition checklist.
Scenario 4: Domain-only or domain-led asset
Some deals are mostly about the domain marketplace value of a name rather than a full operating website. In those cases, transfer discipline still matters.
- Unlock the domain and confirm transfer eligibility
- Verify registrar account details and authorization steps
- Push the domain internally or transfer it to the buyer’s registrar
- Confirm renewal date, auto-renew status, and registrant contact information
- Check DNS records, parked pages, and redirect destinations
- Transfer related brand assets if included: logo files, landing page code, email aliases, sales pages
- Verify no marketplace listing remains active after the sale closes
If the name itself drove a meaningful part of purchase price, preserve the valuation memo or comps used in your domain name valuation guide process for future reference.
Scenario 5: Asset stays on the same platform temporarily
Sometimes the cleanest immediate path is not a full migration. The seller may keep the website on the same host, CMS account, or storefront platform for a short transition period while ownership changes in stages.
- Create buyer-controlled owner or admin access first
- Move billing responsibility off seller payment methods
- Separate shared inboxes and recovery emails
- Document every dependency before any later migration
- Set a deadline for full separation
- Record which party is responsible if the platform fails during the transition
This staged approach can work, but only if both sides know it is temporary. A half-transferred asset often becomes a permanently messy one.
What to double-check
These are the items most likely to create problems after everyone thinks the transfer is done.
1. Domain control versus hosting control
Many buyers assume hosting access means website ownership. It does not. If the seller still controls the registrar or nameservers, the buyer does not fully control the website. Confirm registrar ownership, nameserver settings, and DNS edit rights separately.
2. DNS records beyond the website
DNS is not just the root domain. Review A records, CNAMEs, MX records, TXT records, verification records, subdomains, and redirects. Email and third-party tools often break because a single TXT or MX record was left behind or overwritten during migration.
3. Backups that can actually be restored
A backup is only useful if it is complete and readable. The source material on migration emphasizes preserving files, databases, and settings before moving anything. For acquisitions, test whether a backup can be restored to a staging environment, not just downloaded.
4. Recovery paths and two-factor authentication
Old phone numbers, backup codes, and recovery addresses are easy to miss. Update them for domain accounts, hosting, payment tools, cloud services, and email providers. A seller should not be able to reset the buyer’s access after the transfer, and the buyer should not be locked out because recovery still points elsewhere.
5. Payment processor limitations
Some payment setups do not transfer cleanly between legal entities or account owners. When ownership transfer is not supported, the safer route is to create new buyer-controlled accounts and update the site’s payment and payout settings methodically. Test transactions before declaring the handoff complete.
6. Analytics continuity
Traffic dips are hard to diagnose if the analytics setup changed at the same moment as the infrastructure. Confirm analytics, tag manager, search console, and event tracking continue to work. If the site was purchased as a traffic asset, continuity matters as much as control.
7. Licenses and paid tools
Not every plugin, theme, app, or API plan is transferable. Make a line-by-line list of paid dependencies and decide whether each one will be assigned, relicensed, or replaced. This is especially important for premium plugins, commercial themes, CDN plans, and proprietary integrations.
8. Seller access after training
It is common to leave the seller with temporary access during a handover period. That is fine, but make it explicit. Set an expiration date, document the reason, and remove access once training is complete. If your deal includes a transition period or financing tail, align access rights with the deal terms. For broader transaction timing, see how long it takes to buy an online business and, if relevant, structures around seller financing for online business acquisitions.
Common mistakes
The fastest way to reduce transfer risk is to avoid a few repeatable errors.
- Treating the transfer like a single event: in reality it is a sequence of account, infrastructure, and access changes that should be staged and checked.
- Changing too much at once: domain transfer, hosting migration, redesign, and payment changes on the same day make troubleshooting harder.
- Skipping documentation: if the seller knows the setup from memory and the buyer does not, the asset is not truly transferred.
- Ignoring non-obvious assets: staging sites, old redirect domains, form tools, CDN accounts, and webhook endpoints are often forgotten.
- Leaving billing under the seller: if a renewal fails because an old card expired, the website can go down after an otherwise successful acquisition.
- Forgetting email: many platform alerts, invoices, resets, and customer replies still go to seller-controlled inboxes unless changed deliberately.
- Removing the seller too early: if no one has validated backups, DNS, or platform quirks, immediate removal can slow recovery if something breaks.
- Removing the seller too late: long-term shared access creates security, privacy, and accountability issues.
A good rule is to separate continuity tasks from ownership tasks. First make sure the website keeps operating. Then cleanly move control, credentials, and billing. That order reduces downtime and confusion.
When to revisit
This checklist is most useful when you revisit it, not just when you first close a deal. The practical trigger points are simple.
- Immediately before closing: confirm what will transfer on day one versus during transition.
- On transfer day: use the scenario checklist relevant to the asset.
- Within 24 to 72 hours after cutover: test site behavior, inboxes, checkouts, tracking, and backups again.
- At the end of the seller support period: remove temporary access, archive credentials, and finalize the documentation.
- Before seasonal planning cycles: review renewal dates, infrastructure capacity, and any seller-era dependencies before peak traffic or sales periods.
- When workflows or tools change: any new host, email provider, CMS plugin stack, payment processor, or cloud environment should trigger a fresh pass through this checklist.
For action, create a living transfer log with four columns: asset, owner, status, and next verification date. That simple document turns a website handover checklist into an operating record you can use months later when a renewal notice arrives, a plugin license expires, or an inbox stops receiving mail.
If you buy and sell digital assets regularly, build this checklist into your standard close process. It complements how buyers assess value when they buy a small online business, and it reduces the post-sale friction that both sides worry about in any business acquisition marketplace. A signed APA or released escrow is important, but operational control is what makes the transfer real.