Cloudflare And Sucuri Website Migration Guide

Cloudflare, Sucuri, and strict proxy layers are common migration blockers because they can challenge agent callbacks, cache old content, hide the hosting IP, or block temporary restore paths. Migration Monkey treats these as source constraints so the job gets the right warnings, credit math, and support playbook.

Cloudflare migration path

Use Cloudflare mode when the source or destination is behind a full proxy, managed challenges, Bot Fight rules, rate limits, or origin lock. The migration should bypass cache for signed agent paths, allow the source and destination server IPs only during the migration window, and purge public paths after cutover.

Sucuri migration path

Use Sucuri mode when the public domain resolves through the Sucuri firewall instead of the hosting server. Direct SFTP, SSH, cPanel, or origin-IP access is usually cleaner for capture and restore, while signed web callbacks may need a temporary firewall allowlist.

What Migration Monkey logs

• The selected proxy/WAF source constraint.
• Whether the job used admin, SFTP, SSH, or database access.
• Callback and transfer errors from the source and destination agents.
• Warnings when cache, origin lock, or managed challenges may hide the restored site.

Best practice

Do not disable the whole WAF for longer than needed. Scope the bypass to the migration path, token, and server IPs, then re-enable the rules and purge cache after the restore is verified.