All good things come to an end, so is Magento’s 1.x community edition on 30th June 2020. There are compelling and valid reasons for this decision by Magento. What caused Magento 1 end of life decision by Magento, what are the risks involves when not upgrading to 2.x and what are your options if you’re choosing not to update? Let’s find it all out!
Back when Magento announced its second version, it promised great things. True to its claims, Magento 2 provides excellent site performance, mobile-friendly experience, and the better checkout experience.
Magento 1 End of Life
| Magento Edition | End of Life Date |
|---|---|
| Magento End of Life Date for Community Edition: | 30th June, 2020 |
| Magento End of Life Date for Enterprise Edition (1.13 & 1.14): | 30th June, 2020 |
For considerable years Magento kept supporting its older version 1.x but as per their announcement around 18 months ago, they’ll be discontinuing the support.
Agreed, the process of migration will be a stressful one. However, it’s worth the effort because consequences in the future might be even more stressful.
Using an Older Version? Here’s Your Risk Score
| Magento Version | Risk Score |
|---|---|
| 1.7.x | 100/100 (very high) |
| 1.8.x | 100/100 (very high) |
| 1.9.0.0 - 1.9.2.2 | 95/100 (very high) |
| 1.9.2.3 - 1.9.3.3 | 92/100 (very high) |
| 1.9.3.4 - 1.9.4.0 | 85/100 (high) |
| 1.9.4.1 - 1.9.4.3 | 75/100 (medium high) |
| 1.9.4.4 | 65/100 (moderate) |
Websites Still Using Older Magento Version [Data]
From our analysis, more than 55,000 websites are still using older Magento version. These websites will be on the radar of hackers real soon (or already are).
Here’s how the split between older versions of Magento looks like:
Source: Astra’s research based on data attained from various sources
3 Critical Reasons to Switch Before Magento 1 End of Life
Magento 1 may still be working okay so far. However, refusing to migrate after June 30th, 2020 may work against you. Here’s how:
- Unimaginable Security Risks
Magento updates are always accompanied by security patches. I’m sure you remember them by the name of SUPEE followed by a unique number.
These patches have been crucial for Magento’s security over these years. With Magento being unable to release these security patches while vulnerabilities will continue to be found, there’s not much you can do to ensure security.
Already we’re seeing a rise in attacks targeted on Magento with the Magecart group of hackers becoming active again.
Lack of data security updates will render customers’ data vulnerable to fraudsters and hackers. Hacks causing a significant loss in the form of huge penalty and loss of reputation will increase We’ve seen small & medium businesses getting targeted even more due to their dependency on Magento for these Security patches. That’s why this is one of the critical reasons to switch before Magento 1 End of life. - No Support from Payment Vendors
Payment gateway providers & processors need to adhere to security standards like PCI DSS. While working with merchants like yours, they often do a risk analysis which involves ensuring your store meets some basic security measures.
With Magento not supporting older versions, a number of payment gateways & processors have issued advisories for merchants encouraging them to update their Magento. Recently, VISA urged Magento store owners to update their stores to 2.0 in light of attacks from Magecart attacks and end of life of older versions.
‘PCI DSS Requirements 6.1 and 6.2 address the need to keep systems up to date with vendor-supplied security patches to protect systems from known vulnerabilities‘ Visa added.
Major payment providers like Adyen have already declared that they will not be providing their services to Magento 1 after the end of life. The reason behind this is that your website will no longer be PCI Compliant and offering services to an insecure website is what payment providers loathe. - Extensions Going Obsolete
After Magento 1 end of life, a majority of extensions will be non-functional and obsolete. Since your business relies heavily on such extensions, it’ll pose severe functionality problems.
In the past, Magento extensions have had critical vulnerabilities found in them and with limited/no support from them this only will increase.
Developer support will not easily be available for routine updates after the Magento 1 end of life.
If you finally find a suitable developer that will work on your website, they will charge you an arm and a leg. The process will also consume an ample amount of time, leading to potential downtime of your e-commerce store. After all, developing a security patch is much more involving than just implementing the one that Magento provides.
I Can’t Update My Magento, What Are My Options?
You’ve developer A LOT on your Magento version, updating to 2.x would mean tens of thousands of dollars spent – We understand it.
In the end, the bottom line is that your store should be secure from Magento 1 end of life. Your customers should be able to trust you with their data. For that, you can simply use Astra Security Suite! Astra comes with:
- A rock solid firewall that protects your website in real time from SQLi, bots, LFI & 100+ threats
- An automatic malware scanner that scans your store for viruses & malware every day
- Security audit to find vulnerabilities & help you fix them
- Block countries/IPs with a click of a button
All of the above & more under one suite to ensure the security of your store, so that Magento 1 end of life will not be a headache.
What are Magento Experts Saying?
Unlike many other agency we don’t force our customers to move to Magento 2 from Magento 1.9 platform. Being an advocate for Magento for many years we still believe that every merchant suppose to stay with ROI driven approach. At this COVID-19 time we clarify to our Magento 1 customers that platform will stay working even afterJune 2020. While we engage them to update to most recent 1.9.4.x line and configure servers with the best security practices in mind. GetAstra’s firewall & malware scanner in that particular case comes as a very handy security protection for our customers. Our partnership with Nexcess allow us to stay with Magento 1 using Safe Harbor program announced by Nexcess.
Paul Ryazanov
CEO, MageCloud
When the support for Magento 1 ends, it’s very important to acknowledge that every incurring security issue will no longer be fixed by the Magento team which will arise serious concerns about the store’s cyber safety. The most common case is leaks of customer data including order information. More seriously, the control authority of a store’s server can be taken over which causes the store’s sensitive information (as credit card info) being stolen. Also, as Magento 1 is incompliant with PCI DSS from June 01, 2020, customers’ payment on Magento 1 stores will be extremely vulnerable to internet fraud. Hence, migrating to Magento 2 is a wise and crucial move and should be done as soon as possible before the end of Magento 1 support.
Sam Thomas
CEO, MagePlaza
Conclusion
- Magento 1 end of life doesn’t have to give you headaches if you have a well-laid plan
- If you are planning on staying on an older version, that’s fine too. Use a security solution to keep hackers at bay 😊
- Working with an agency for migration? Be sure to do a thorough security audit for your new Magento store
This post first appeared on ASTRA Web Security - CMS Security News, please read the originial post: here
