If you read one paragraph
A migration that fails on cutover day usually fails for one of three domain reasons: (1) the auth code was never extracted, (2) the registrar account is locked or 2FA-bricked, (3) DNS was not pre-staged so propagation takes hours. The 4 steps below remove all three failure modes in under 30 minutes total.
Step 01
Confirm you actually own the domain
2 minutesBefore anything else, confirm the domain registrar account is in YOUR name, not your designer's. Most "I do not own my domain" surprises happen here.
How to check
- Open whois.com in a browser
- Type your domain (yourbusiness.com) and search
- Look for "Registrant Name" and "Registrant Email" in the results
- If those show your name + email, you own it. If they show a designer's name, redaction service, or someone else, you do NOT own it · stop and request transfer to your account first
Why this matters
All subsequent steps assume you have account access. If your designer registered the domain in their account and you cannot get into it, the rest of this checklist is for them, not you. UDRP claims work but take 3 to 4 months. Find out now.Step 02
Extract the auth code (transfer code, EPP code)
2 minutesThe auth code (also called transfer code or EPP code) is the password you give to the new registrar to authorize transfer. It is a 6 to 16 character string that registrars generate on demand. Get it now, save it.
How to find it
- Log into your domain registrar
- Click on your domain name in the dashboard
- Look for "Transfer," "Transfer Settings," "Auth Code," or "EPP Code" · location varies by registrar (table below)
- Click "Get auth code" or "Send auth code." Most registrars email it to you within minutes
- Save the code in your password manager + a backup spot
| Registrar | Path to auth code |
|---|---|
| GoDaddy | My Products → Domains → click domain → Settings tab → Transfer Domain → Domain Authorization Code |
| Namecheap | Domain List → Manage → Sharing & Transfer → Auth Code |
| Cloudflare | Domain Registration → click domain → Settings → Transfer Domain → Get Auth Code |
| Google Domains (Squarespace) | My domains → click domain → Registration tab → Transfer Out → Get Auth Code |
| Wix | My Domains → click domain → Advanced → Transfer Out → Generate Auth Code (24 to 48 hour delay) |
| Squarespace | Settings → Domains → click domain → Use a Different Provider → Get Auth Code |
Why this matters
You will need this code on cutover day. Generating it ahead of time means you do not lose 24 hours of your migration to "waiting for the email." Some registrars (Wix, GoDaddy occasionally) introduce artificial delays · pre-generating sidesteps that.Step 03
Lock down the registrar account
5 minutesYour domain account is now the most valuable asset in your business after revenue. Lock it down before the migration so attackers (or accidents) cannot interfere mid-cutover.
How to lock down
- Enable 2FA · use an authenticator app (Authy, 1Password, Google Authenticator), NOT SMS. SMS is SIM-swap-vulnerable
- Update the contact email on the registrar to one you actually check daily. Many registrar warnings go to a "default" email nobody reads
- Verify your billing card has not expired (auto-renewal failure is the #1 reason for accidental domain loss)
- Save backup auth codes (the 8 to 10 one-time codes the registrar gives you when you set up 2FA) somewhere offline
- If the registrar offers "domain lock" / "registrar lock" / "transfer lock," turn it ON. Counterintuitive · this prevents transfer attempts. You will turn it off briefly when you are actually migrating
Why this matters
Domain hijacking is the worst-case scenario. A 5-minute lockdown sequence prevents 99 percent of attempted hijacks. The auto-renewal billing card check prevents the more common case: domain expires while you are not paying attention.Step 04
Pre-stage DNS · lower TTL 24 hours before cutover
10 minutes (the day before cutover)DNS records have a TTL (time-to-live) value · this tells caches around the world how long to remember the current setting before re-checking. Default TTLs are usually 1 to 24 hours. Lower yours to 5 minutes (300 seconds) 24 hours before cutover, so the actual switch propagates worldwide in minutes instead of hours.
How to lower TTL
- Open your registrar's DNS settings (or DNS management page if your DNS lives elsewhere)
- Find your A record, CNAME, AAAA records · these are the ones that point your domain at hosting
- For each, change TTL from default (3600 seconds = 1 hour) to 300 seconds (5 minutes)
- Save the change. Wait 24 hours for the new TTL to propagate
- Day-of cutover: change the A record / CNAME to point at the new host. Propagation now takes 5 to 10 minutes worldwide instead of 8 to 24 hours
- After cutover settles (24 to 48 hours of clean traffic on new host), raise TTL back to 3600 or higher to reduce DNS lookup load
Why this matters
Without lowering TTL first, half your visitors hit the old site and half hit the new one for up to 24 hours after the switch. Both groups see broken redirects, broken forms, mixed content. Pre-staging compresses that window from a day to a few minutes. This is the single highest-leverage step in the entire migration.What this does not cover
The 4 steps above are the universal domain-side prep that applies to any migration on any platform. What is NOT here:
Hosting transfer mechanics. How to actually move your site files, content, and integrations from old host to new. That is platform-specific (Wix → Cloudflare Pages is different than WordPress → another WP host). The Wix-vs-Owned Decision Worksheet at /wix-vs-owned-decision-worksheet/ covers the hosting side.
Email continuity. If your business email runs on the same domain ([email protected]), you need to plan for email DNS records (MX, SPF, DKIM, DMARC) separately. They live in DNS too but require their own transfer plan.
Redirect mapping. Telling Google about your new URL structure. The Migration Order Checklist at /migration-order-checklist/ covers redirects + monitoring + rollback.
If you have completed all 4 steps above, the domain part of your migration is locked. Whatever else happens, you will not lose the domain to bad timing or registrar games.