This week on the HIPAA Insider Show, we’re diving into the process of migrating a WordPress site from WP Engine to HIPAA Vault. Migration can feel overwhelming, but with the right prep, it’s a smooth transition—especially when you’re moving to a HIPAA-compliant environment. Gil will break down what businesses need to know, from general migration best practices to the specifics of transitioning from WP Engine to HIPAA Compliant WordPress.
Transcript
Adam Zeineddine
Hello and welcome to the HIPAA Insider Show. My name is Adam, I’m joined by Gil and we are going to be talking about migration today. Not the hot button political topic, but migrating WP engine to other WordPress managed hosts. We’ve recently passed 200 subscribers and our next goal is 500. So if you haven’t already, please like and subscribe to the channel. So Gil, first of all, hey, how’s it going?
Gil Vidals
Hey Adam. Doing really well, Looking forward to this podcast. Doing, doing well. And this is a good topic because migrating can be a very frustrating experience to say the least and we’ve talked to many customers so it is a good topic. I’m glad that you’re presenting this.
Adam Zeineddine
Yeah, we’ve had a lot of questions, so I’ve tried to condense them down into less than 50. We’ll see how many we get through. So let’s start off with the, at the high level introduction to website migration in general, what are the key reasons someone might migrate the WordPress site?
Gil Vidals
The key reason is that when someone is ready to move their website to another host, whether it because of a business decision, sometimes it happens because a company buys another company and they want to consolidate and bring the website to their platform. Sometimes it’s even something simple like the web host decides they don’t want to do that particular kind of hosting anymore and they give people a notice to move out. So there’s lots of different reasons. But when the day comes that you realize, okay, I have to migrate, it can be a bit daunting, especially if the business owner, like in many cases our clients, they’re medical professionals, you know, they don’t have any idea or time to deal with the technical side. So it can be a point of friction for them or frustration.
Adam Zeineddine
Yeah, well, what are some of the common challenges that businesses face in general? But then we can get into more specifics. Let’s talk about, you know, help like a healthcare provider that’s hosting a WordPress site. What kind of challenges do they face when moving from one host to another?
Gil Vidals
Sure. And I do want to add one more item which I should have said is in our case, it’s important. So sometimes a company is motivated to move because they want to have a HIPAA compliant environment and where they currently are hosted is not HIPAA compliant. Obviously HIPAA vault, we are on the receiving end of that. We get many phone calls from companies that said, hey, what’s it take to be HIPAA compliant? And they want to migrate to our environment because we take care of that for them. As far as a high level view of the migration at a high level seems pretty simple. You’re copying two things. You’re copying files, web content files, and you’re copying the database at a high level. Conceptually it’s pretty easy. Like, well, the files are here, the database is here and I just want to move them.
Gil Vidals
That’s the easy part. It gets kind of hairy because sometimes in the code they’re referencing, the code is referencing specific IP addresses that are on the previous host that don’t exist in the new environment. Things look bad, the screen’s not or the page isn’t loading correctly, things are broken. The concept’s easy, but getting, they say the devil’s in the details.
Adam Zeineddine
Yeah, well, okay, so what things does the healthcare website owner need to consider from a HIPAA compliance standpoint versus, you know, just migrating a non healthcare website?
Gil Vidals
Well, yeah, you bring up a good topic. So if you have, if a site database has Phi protected health information, then you need to be extra careful when you take that database and say, okay, I’m going to lift and shift it over. You know, you have to be careful that, for example, you might say, oh, I’ve got my guy india doing that. Well, the guy india is going to download the database to his Indian laptop and now you’ve got a foreign national who has all your data in Mumbai, India. And that’s a big no. You’re not supposed to have your Phi data in a foreign national’s possession. And then now he’s going to upload. Now he might mean. Well, don’t get me wrong. I’m not saying he’s an evil guy. He might be the nicest guy and very competent.
Gil Vidals
But now you have a jurisdiction problem. You’ve got your database protected health information and records in a foreign entity. You know, you’re not really supposed to do that. So that’s another gotcha. Another gotcha. Right. So you have to be careful with that. But in a sense you need to really a plan. You need to think about it thoroughly. Like who’s going to do the migration, what databases do I need to move what files before people switch to another video. Thinking this is frustrating just thinking about that. Keep in mind that when you’re migrating, you could test all this ahead of time. You shouldn’t pull the plug on your current platform where everything’s working. You should leave that alone. Don’t touch that it’s working and then copy. You’re not necessarily moving.
Gil Vidals
You’re copying all this stuff over and then you’re testing it on the new host. And when you know it works, then you pull the. You pull the trigger. We have had cases where people turn off their hosting. Like they say, I paid my last bill. I don’t like those guys, I’m done. And then they come over to us and the house is on fire because the site’s not working and they haven’t taken the time to build it and test it. So I guess if I were giving one takeaway, it’d be, give yourself some time to do this the right way. Don’t rush it to where you’ve got three days to move it before you because you don’t want to pay the bill. Let’s say the bill’s due on the third of every month and today’s the first. You don’t want to do that.
Gil Vidals
You give yourself two days. It’s not enough time. You may have to. You may have to pay an entire billing cycle for the old guy and one billing cycle to the new guy. So you’re double paying. And that’s okay. I mean, that’s part of planning, right? It’s part of planning. And there is a cost of migrating. It’s not free. And although at Hipovolt we feel the pain and so we do help, we go out of our way to help people, our customers, move out of their environment to where we get our hands dirty in it. We’re in there helping them grab files because they don’t, A lot of times they don’t understand what files to grab and how to do it. So a lot of times we’ll do it for them to give them peace of mind.
Adam Zeineddine
Yeah, the keys in the preparation there, definitely. So if we’re going to talk about, you know, we. Recently we’ve had a lot more customers joining us from WP Engine. So let’s talk about that a little bit. WP Engine, obviously very popular. WordPress managed WordPress host manage WordPress, meaning that they offer more services at the WordPress level for hosting rather than just the base level of the servers. What are some key aspects when it comes to migrating a WordPress site from WP Engine compared to from other hosts that we find with these customers?
Gil Vidals
Yeah, you’re right, Adam. We’ve noticed that we’ve had an uptick in the migrations from WordPress or WP engine and we think it’s Due to some of their business practices, there’s been some backlash from their community, from their audience and their customers. Yeah, I haven’t studied it in depth. Like I can’t give any details, but I just know, it seems to me that there’s some friction that they created between their user base, their customer base and their management, their policies. And that’s my understanding. But again, I haven’t dug into it. Maybe you know more about that than I do.
Adam Zeineddine
Just I think in general they got called out by the founder of WordPress, Matt, I think it’s Matt Mullenwig at a conference, very, you know, very publicly. And they’re, I think they’re in, they’re taking legal action against.
Gil Vidals
Oh, wow, okay, so it’s a legal problem.
Adam Zeineddine
Yeah, yeah.
Gil Vidals
Well, that might be some of the reason. I mean we’ve, we’ve had customer, new customers and companies come in because the WP Engine doesn’t do HIPAA compliant hosting. And that’s on their website. That’s not my idea. That’s on their website. They printed that on their website saying, hey, if you need HIPAA compliance, we don’t offer that. So we get some benefit from that. We get some of those customers coming over to our platform and so welcome those people. And if we do get a WordPress engine customer, then we help out a lot.
Gil Vidals
WP Engine has, and maybe that’s part of the, again, I haven’t read it, but maybe that’s part of the contention between WordPress and WP Engine is that WP Engine has taken some of the files like the WP config and they’ve adapted it to their platform and that makes it more difficult to migrate because that file that you normally can just copy, paste, now it’s been modified and so if you just paste it’s not going to work. There’s certain things you have to do to it. So that’s part of it. That’s part of the challenge is being able to go in there and figure out what customization WP Engine has done to the WordPress installation that we know won’t work when you just copy.
Gil Vidals
Like normally you could just take a normal install of WordPress and just copy it to a new server and it just works. But if somebody has really modified it a lot in a non standard way, then it’s not going to work on the receiving side. And when our team has a lot of Experience going into that and helping people get it out there. So we know how to take care of that. So if anyone listening wants to come over to Hipabot, we’ll help you. In other words, we’re not going to leave you stranded and try to help you as best we can. Get everything over.
Adam Zeineddine
Yeah. Another question I have from one of our listeners is how does HIPA Vault handle data encryption and security during the migration?
Gil Vidals
Yeah, that’s important. So we do it a couple different ways. I mean, there’s more than one way to skin a CAD technology. So one of the ways we like to do it is we’ll provide a folder, a secure folder that has two factor authentication, where we ask the person migrating the company’s migraine say, hey, put your files and your database files in this folder, it’s encrypted. And then we’ll go in and grab those out of the folder and then we’ll perform the building of the new site, the migration of those files. That’s one way to do it. Another way to do it is to provide the credentials to log into the current host. If we’re given the credentials, we can log in and grab the files in a secure manner and then grab them ourselves.
Gil Vidals
Rather than the customer having to deliver them to a folder, we could just go in and reach in and grab them ourselves. That’s another way to do it.
Adam Zeineddine
Then another question is, are we employing any automation tools or scripts to make the process easier, faster? What do we do in the NAT space?
Gil Vidals
Well, for WP Engine in particular, there are tools, migration tools that can be used. Those tools don’t, let me say in a positive way, those tools usually work really well. When you’re talking about two hosts that just use the standard WordPress, they work pretty well. You can install this plugin, you can configure it and hit some buttons and then the site’s migrated. But for WP Engine, again, what I said earlier is they customize WordPress to where a lot of these tools won’t work properly. They don’t work in migrating it. I would say, generally speaking, WP Engine is a manual migration. Generally speaking, there are some tools you can play around with, but in general it’s more of a manual process to get out of that particular host. Now, other hosts, like I said, you could use more automation to help, to assist.
Adam Zeineddine
Definitely. Okay. And at this point, I’d just like to mention to the viewers and listeners, if we haven’t covered any questions that you know, you’d like answered, drop us a comment if you’re watching us on YouTube and we’ll treat the comments section as a, a live area where we can answer the questions. You can also reach out to us, go to hipv.com we’ve got live chat there to answer questions for you. Okay. When it comes to testing and post migration, you alluded to thorough testing is needed there and to plan for it. Gil, at the top of the show. But how do businesses verify everything is working correctly after the migration?
Gil Vidals
Yeah, that’s a really good thing to talk about. So we’ve seen the full spectrum. We’ve seen some customers come over from another host and they just look at the homepage, assume everything’s working and then they cut over to ours and then they realize, oh my gosh, you know, they hit a button. I filled out a form. I didn’t get the form. What happened? I filled out a form. So what that means is you have to do something called regression testing. Regression testing just means I’m going to test the site, I’m going to ensure all the functionality that existed prior to the migration continues to work. You have to sit down and think, okay, well maybe it’s a simple site. Maybe there’s just a few forms and a phone number you call. Maybe there’s a patient scheduling calendar, things like that.
Gil Vidals
If there is functionality for the users of the site like a scheduling calendar, then somebody should fill it out. Somebody should pretend they’re a patient, say, oh, let me schedule an appointment on 3rd April and then hit the button and make sure they got the email, make sure the appointment got scheduled, make sure all the normal processes flow. So you have to exercise the site, you have to take it through the steps. You can’t just look at the site and just say, oh, the images are there, the words are there, I’m good to go. Now you can’t assume, you cannot assume it’s all going to work.
Adam Zeineddine
Who’s usually responsible for that? I mean, if it’s a single, you know, person practice, then that’s going to be, you know, you, the owner is going to be responsible. But in a larger organization, who typically handles that regression test?
Gil Vidals
Yeah, usually on a medium sized organization there’s a team, the development team, or it could even be somebody on the product, the product marketing side was they’re familiar with it. They know what forms and what functionality. Sometimes these are portals, by the way, Adam. They’re not just a brochure where they’re portal where you log in and the portal does transactions, Medicare, Medicaid type transactions, or it might be doing some kind of a app transaction that the purpose of the app, whatever that is, you know, it’s going to be doing some kind of transaction. So you have to log in as a customer and then go through whatever the app does, whatever the purpose of the app is, you got to exercise it and click on it with a dummy account or a real account, I guess, if you have your own real account.
Gil Vidals
So excuse me. So that taking it through its paces is something that has to be done, but it’s not hard. I mean most of these sites aren’t crazy complex, but they do have a very specific purpose and you have to test that out thoroughly.
Adam Zeineddine
Okay. And for HIPAA hosted sites post migration, what kind of security checks need to be done to ensure HIPAA compliance post migration?
Gil Vidals
So when the site is migrated, we go through and check the plugins because that’s a lot of times where the vulnerabilities are coming from are weak plugins. So we’ll look through those. We do a scan on the site, we’ll scan the site and see if we notice anything, any weaknesses. And that’s important because the vulnerability scan will show you if there’s any holes in the new site, something that a hacker might want to exploit. So we look for those things and that’s helpful.
Adam Zeineddine
SSL, obviously.
Gil Vidals
Yeah, having your SSL certificates installed so you have the HTTPs is working. That’s, that’s very important as well. That’s encryption and transport. That’s a key thing.
Adam Zeineddine
Okay. And you wrapping up here, you know, you touched on a key takeaway. But what are some lessons or one lesson learned from past migrations that would, you know, help the viewers and listeners? You said preparation is that one.
Gil Vidals
I think the. Yeah, I think the main thing is to be prepared to have the site live on your current host for longer than what you initially anticipated. So you might think, well, I only, you know, I don’t want to pay the bill that’s due in a couple of days. You don’t want to do it, you don’t want to think that way. You want to think more about business continuity. Don’t get hung up on, I’m just going to save a few bucks for one month of hosting. Think about business continuity. Think about the experience that your end users have. You want to keep your site active, working while you’re testing the new host with all the functionality. Once you’re convinced it’s working and you’re happy, then you can switch the DNS.
Gil Vidals
That’s the technical term for pointing the traffic from your existing host over to. So the users are now flowing to the new platform, the new host. You don’t want to hit that button and do that until you’ve thoroughly tested it and you’re happy with that. All the tests are green. Everything seems to be loading properly. The speed is good. You know, if your site, it’s possible your site was very slow and now on the new host is faster, or vice versa. It seemed to be peppy and fast and now you’re like, hey, wait a minute, it’s too slow. What’s going on? You know, maybe there’s some optimization that needs to be reapplied and so you need to look at all that but once you’ve got through the site, you’re satisfied, then you’re ready to cut over.
Gil Vidals
So I would say just be patient and don’t cut. Cut your. Don’t cut yourself off from your existing platform too quickly and do the regression testing. That is take your site through the paces carefully. Even as the owner, you might. If you’re a smaller business, you’re the owner, you should do it yourself. You should go in there and start clicking around and it’s your own site. You know it. Yeah, click on it. It’d probably take you less than an hour. Most of these sites, they don’t have, you know, a thousand pages there. Maybe there’s some E commerce on there, maybe there’s a special app performance and you know your site well. So go in there, pretend you’re. You’re Joe Smith, the patient of your part of your site.
Gil Vidals
Fill out the forms, do whatever it takes, and make sure that everything works as you expected.
Adam Zeineddine
Wise words there as always, Gil. Thank you for that. So, yeah, if you’re interested in checking out our HIPAA WordPress hosting and you’re looking to move from WP Engine, go to hipervault.com click on the WordPress section. We’ve got a bunch of plans. We’ve definitely got a plan for you there. And we also have an exciting new promotion where you can get the first month free for a limited time only. So be sure to get that. That’s it for this episode of the Hipper Insider Show. Please like subscribe and share. And until next time, thanks for stopping by.