Nine out of ten website migrations damage SEO. One large retailer lost approximately £3.8 million in the first month after a platform switch where URL redirects were not handled correctly. A non-profit history website lost over 50% of its organic traffic the week after a domain migration. These are documented outcomes, not hypotheticals. And in almost every case, the root cause was the same: the wrong approach, the wrong tools, or the wrong people.
The Numbers You Need to Know Before You Start
A 2026 analysis by Numen Technology reviewed hundreds of website migrations and reached a clear conclusion: nine out of ten damage SEO. Not temporarily. Not slightly. Damage that takes an average of 523 days to recover from. That is nearly a year and a half of lost organic traffic, lost leads, and lost revenue, for an organization that did not realize the migration was being executed incorrectly until it was already live.
The iO Digital agency, which is called in regularly to fix migrations after the fact, reports that improper execution can cost a site up to 80% of its organic traffic. Six months of recovery work is standard in their experience before rankings begin to stabilize. These figures are not scare statistics. They reflect what happens when a migration treats content transfer as the goal and ignores the SEO infrastructure that search engines use to rank the site.
What Real Migrations Gone Wrong Actually Look Like
The following cases are documented in public SEO research. They are not anonymized composites. They are specific incidents with specific causes.
- A major e-commerce retailer, late 2024. Relaunched on a new platform with over 15,000 URLs mis-redirected. Many old product pages pointed to the wrong destinations or returned 404 errors. Entire product categories were disabled without redirection. Google treated the relaunched site as a brand-new domain with no prior authority. Within two months, daily organic clicks dropped from 40-70 to near zero. The site had almost no Google presence by January 2025 and required emergency SEO intervention. (Documented by Totally Digital, June 2025.)
- An e-commerce company, 2019. The team believed they had followed all best practices and implemented correct 301 redirects. Organic traffic still dropped 50% after the migration. Post-mortem analysis identified bad redirect mapping and missing redirects in areas the team did not know to check. One of the most cited cases in migration SEO research precisely because the team thought they had done everything right. (Referenced by Moz and iPullRank, reported by Totally Digital.)
- A non-profit history website, early 2020s. Large domain authority. Decades of ranked content. Lost over 50% of traffic immediately after a domain migration. The scale of the site meant that any gaps in redirect coverage had an amplified effect on the total traffic outcome. (Referenced in Google support documentation, reported by Totally Digital.)
None of these organizations intended to damage their own SEO. They all believed the migration was under control. The problem is the gap between what a migration appears to require and what it actually requires.
What the FG Drupal to WordPress Plugin Actually Does and Does Not Do
The FG Drupal to WordPress plugin is the only dedicated migration tool for this platform switch in the WordPress repository. It is well-built for what it was designed to do. The problem is that what it was designed to do and what a real Drupal site requires are frequently not the same thing.
In documented testing by Freshy Sites (April 2026), the free version of the plugin successfully imported basic content but failed to correctly handle custom nodes and custom taxonomies. This is not a user error. It is an architectural limit: the plugin handles standard Drupal content types reliably. Any site that used Drupal for its actual purpose, which is structured content modeling with custom field types, sits outside that reliable zone.
What silently disappears in a plugin migration
- Custom field values. Drupal stores every custom field value in a separate database table per field type:
field_data_field_date,field_data_field_image,field_data_field_location, and so on. The free version of the FG plugin does not read these tables. The premium version reads some of them with additional configuration. What arrives in WordPress is the body text and the title. Every structured field value your content team entered, every event date, related item, file attachment, and number field, is either missing or incorrectly mapped. Most organizations do not notice until weeks after going live. - URL aliases and 301 redirects. The plugin generates WordPress slugs from post titles, not from Drupal’s
url_aliastable. A URL like/research/climate-policy-2019that was explicitly set in Drupal becomes a different slug in WordPress if the post title does not match exactly. No 301 redirects are created. Every inbound link from external sites, every bookmark a visitor saved, every URL Google has indexed, now returns a 404. According to the Numen Technology analysis, this is the single most common cause of post-migration ranking crashes. - SEO metadata from the Metatag module. Custom SEO titles and meta descriptions stored in Drupal’s Metatag module are held in a separate database table. The plugin does not read it. Every page that had a manually crafted SEO title in Drupal reverts to the auto-generated Yoast default in WordPress. Years of SEO copywriting disappears without any visible error.
- Forum module content. If the Drupal site used the Forum module, that content is entirely outside the scope of any version of the plugin. Forum topics, replies, and author attribution are not migrated. Community organizations that built years of discussion archives find the WordPress site launches with a blank forum.
- Webform submission history. All form submission data from Drupal’s Webform module, every contact request, registration, and service inquiry submitted through the site, stays in the Drupal database. For organizations where form submissions are business records or legal documentation, this is not a minor data gap.
Five Problems With Hiring a Freelancer
A freelancer is not inherently the wrong choice for a website project. For a Drupal to WordPress migration, the problem is structural: the economics of marketplace work create incentives that are fundamentally misaligned with what a proper migration requires.
1. The budget does not cover what the work actually takes
A complete Drupal to WordPress migration requires a pre-migration content audit, database-level content mapping for every content type, explicit field mapping to ACF Pro, URL alias preservation from the source database, SEO metadata transfer from the Metatag table, redirect implementation and verification, staging environment sign-off against a full checklist, and post-launch monitoring. A freelancer quoting a competitive day rate on a marketplace cannot do all of this within the implied budget. Something gets cut. The cut items are almost always the invisible ones: the redirect map, the SEO metadata transfer, the field value verification. The site launches and looks complete. Six weeks later the client notices organic traffic has dropped significantly.
2. They may not know what they are missing
The Drupal content model, with its table-per-field architecture, its url_alias system, its entity reference structure, and its Paragraphs module storage, requires specific knowledge that most WordPress developers do not have. A freelancer who has not specifically migrated from Drupal before will not know that custom field values are missing, because they will not know to look in the field_data_field_* tables. They will run the FG plugin, confirm that posts appear in WordPress, and deliver the project. The data loss is silent.
3. Your database credentials have no formal disposal process
To migrate a Drupal site, the provider needs the MySQL database credentials and typically the server access details. These provide access to every piece of content, every user account, every form submission, and every piece of data on the site. For most freelancers, those credentials end up in a Slack message, a notes app, or an email thread. There is no formal deletion date. There is no encryption requirement. There is no contractual obligation to destroy the data after the project ends. According to Bitsight, 45% of data breaches in 2024 involved third-party vendors or contractors who had legitimate access to the systems they were working with. Legitimate access that was never properly revoked is one of the most common vectors for data exposure.
4. No signed data processing agreement means a GDPR violation before you start
GDPR Article 28 requires that any organization processing personal data on behalf of a data controller must do so under a binding Data Processing Agreement. A Drupal database almost always contains personal data: registered user accounts with email addresses, contact form submissions with names and phone numbers, potentially sensitive information depending on the purpose of the site. Handing that database to a freelancer without a signed DPA is a GDPR violation before a single byte is transferred. And under GDPR Article 33, if a breach occurs while the freelancer holds your database, you have 72 hours from the moment of the breach to notify your supervisory authority. If the freelancer does not tell you about the breach for two weeks, your organization has already missed its reporting obligation through no fault of its own.
5. No professional liability means the risk sits entirely with you
If a freelancer loses your content data, breaks your SEO, or handles your user data in a way that triggers a GDPR regulatory action, what is the remedy? Most freelancers carry no professional liability insurance. There is no contractual commitment to cover losses caused by their work. The cost of emergency SEO remediation after a ranking crash, the cost of a supervisory authority investigation, the cost of rebuilding content that was lost, all of it falls back on your organization. The person who caused the problem has no legal obligation to contribute to fixing it.
How a Professional Migration Handles Every One of These Points
A properly executed Drupal to WordPress migration by gConverter reads the source database directly at every layer. Here is what that covers in practice.
Every URL preserved or redirected
Before any content is moved, gConverter reads the url_alias table from the source Drupal database and maps every URL alias to its destination in WordPress. Where a slug can be replicated exactly, it is. Where the structure changes, a 301 redirect is created and verified. No URL on the Drupal site returns a 404 on the new WordPress installation. Every inbound link from external domains, every bookmark, every indexed search result continues to resolve. The link equity accumulated over years of domain authority is transferred, not discarded.
Every SEO signal transferred
SEO titles and meta descriptions stored in Drupal’s Metatag module are read from the source database and written to Yoast SEO post meta for every page and post. Custom canonical tags and Open Graph data are also transferred. The SEO baseline the site built on Drupal arrives intact in WordPress. Google sees a migration that preserved its signals, not one that erased them and started over.
Every custom field value mapped
Every custom field value stored in Drupal’s field_data_field_* tables is read and written to the correct ACF Pro field in WordPress post meta. Date fields, image fields, file fields, taxonomy reference fields, entity reference fields, and address fields are all mapped explicitly. The structured content the team entered into Drupal arrives in WordPress with every value intact. There is no silent data loss and no visual gap that only becomes apparent after the domain switch.
Forum history migrated to wpForo
If the Drupal site used the Forum module, all forum content is migrated to wpForo 360° AI. Forum categories are built from Drupal’s forum container nodes. Topics are created with original author attribution and publication timestamps. Replies are nested correctly under their parent topics with original commenter names and dates. The community history the site accumulated over years of operation arrives in WordPress complete, not in a blank forum that asks members to start over.
Webform submissions archived
All form submission data from Drupal’s Webform module is exported from the source database and made available as a structured archive in the WordPress admin. Contact requests, enquiries, registrations, and applications are preserved. For organizations where form submissions are business records, this is included as a standard part of the migration.
How gConverter Handles Your Data
A Drupal database contains the personal data of every registered user on the site, the full history of form submissions, and potentially sensitive information depending on the purpose of the site. When you hand that database to a third party for migration, you are executing a data transfer with legal obligations attached to it under GDPR and equivalent data protection law.
gConverter treats every Drupal migration as a regulated data transfer. Here is the specific process.
DPA signed before credentials are shared
No credentials are transmitted, no database is accessed, and no file transfers happen until you have reviewed and signed a Data Processing Agreement. The DPA specifies exactly what data will be accessed, the lawful basis for processing it, data retention limits, and liability obligations in the event of a breach. For any organization subject to GDPR, this is the legal prerequisite for third-party data processing. Without a signed DPA, the transfer is a GDPR violation before it begins.
AES-256 encrypted credential vault
Database credentials and server access details are transmitted over an encrypted channel, never by email, and stored immediately in an AES-256 encrypted vault accessible only to the single assigned engineer. Credentials are deleted within 24 hours of project completion with written confirmation sent to you. There is no notes file, no Slack message, and no email thread containing the database password.
Isolated processing environment
Data is processed on the assigned engineer’s encrypted machine (Apple FileVault AES-256) or, for GC-ExtraSecurity clients, on a dedicated Hetzner EU server in Frankfurt. Your data is never on shared hosting infrastructure and never alongside another client’s data. Every database query and file operation is logged for the duration of the project.
30-day deletion with written confirmation
After the migration is verified and launched, all client data is permanently deleted within 30 days using secure overwrite. You receive written confirmation. This is a documented commitment with a deadline, not a verbal assurance.
72-hour breach notification under GDPR Article 33
If a breach occurs, gConverter notifies you within 72 hours. This means you can meet your own reporting obligations to your supervisory authority within the regulatory window. A freelancer without a DPA has no contractual obligation to notify you of a breach at all.
Read the complete GDPR and data protection documentation →
The Pre-Launch Verification Process
Every gConverter Drupal migration is delivered to a staging environment before the domain switch. Before the live domain is pointed at the new WordPress installation, the staging environment is presented for full verification: content counts by post type against the source database, custom field values on a representative sample of items, URL resolution and redirect testing across a full URL list, SEO metadata on multiple pages, form submission functionality, user account integrity, and forum history where applicable.
This is the step that most plugin-based and freelance migrations skip. The domain gets switched, the site looks complete, and the problems surface in the live environment two to four weeks later when organic traffic data becomes visible. The 17-point pre-launch verification checklist used for every gConverter migration covers every category of problem documented in failed migrations.
What Clients Say
Went FAR above and beyond to help us work through this project. We are thrilled with the final result and they were professional, great to work with, and responsive every step of the way. Would highly recommend.
Anna P., Wilmington NC – Customer Lobby, January 2026
Very few conversion issues on the first pass, and they cleaned it right. Very impressive.
Stacy C., Katy TX – Customer Lobby, November 2025
Extremely professional and efficient, we had very good contact, the work was done in due time.
Timoti F., Berlin DC – Customer Lobby, February 2024
The Bottom Line
Nine out of ten migrations damage SEO. The average recovery takes 523 days. Your Drupal database contains personal data regulated by GDPR. The only dedicated migration plugin has documented limitations for any site with custom content types. A freelancer quoting a competitive rate has structural incentives to cut the invisible work that determines whether the migration holds its rankings or loses them, and has no formal obligation to handle your data correctly or notify you if something goes wrong with it.
A Drupal site that has been running for years has accumulated real value: ranked URLs with inbound links from other domains, structured content that content teams spent years entering, SEO metadata that was carefully written to improve click-through rates, and user relationships and form submission history that represent business records. None of that value is preserved automatically by a plugin or by a developer who has not specifically migrated from Drupal before. It is preserved by a migration that treats the source database as the source of truth for every field, every URL, every metadata value, and every community record, and verifies each of those things before the domain switch happens.
For the full technical picture of how Drupal content structures map to WordPress: Why Businesses Are Moving From Drupal to WordPress →