(This is a guest post from our friends over at JetRails, a fully-managed white-glove eCommerce hosting service.)
In February 2020, BuiltWith.com detected well over 60,000 live websites powered by Magento 1.9. It’s apparent that many merchants will continue to operate their Magento 1 stores rather than replatform before this popular eCommerce software reaches its official end of life in June of 2020.
What happens when Magento 1 reaches its end of life? There will be no dramatic change, the store will continue to work. Simply stated, Magento will stop releasing security patches for Magento 1 users. However, there will be some ripple effects that users will experience. For instance, it may become harder to be certified as PCI Compliant since the platform will technically be unsupported by its publisher. There may also be third-party vendors, like payment gateways, that stop supporting the platform.
If you’re still leveraging Magento 1 and don’t expect to migrate to Magento 2 or another platform before security patches stop rolling out, there are things you can do to help protect your website and your business. Here’s a quick checklist to get you started down the right path:
Development: Make sure your Magento developers are going to continue to support your website past June of 2020. Some Magento agencies and development teams won’t be continuing forward with Magento 1 support.
Hosting: There are hosts, like JetRails, that are prepared to provide additional Magento 1 security coverage, including virtual firewalling, security scans, and site monitoring. Make sure that your Magento host will continue to support your environment after M1 reaches its end of life, and be sure to find out what extra measures they’re rolling out to help keep your site safe.
Patches: While Magento won’t be releasing patches, providers like Mage One and Open Mage are offering solutions. Even with a host that’s using a WAF to deploy virtual firewalling, you should expect to need some software patches and updates to keep your Magento site safe and operable.
Extensions: Less is more. Consider removing unnecessary extensions, and make sure that those you are continuing to use are up-to-date. Be aware that some extension developers have already stopped supporting their Magento 1 extensions.
Apps & Integrations: Any additional vendors that you use in conjunction with your Magento site should verify if they’re going to continue to support your Magento 1 website. This is especially important for any vendors that relate to payments, where providers like Adyen have already suggested they may not provide ongoing support for M1 users due to overall PCI Compliance concerns.
Overall Security: If you haven’t conducted a security audit recently, consider a Magento 1 Security Audit to make sure that you’re following general best-practices to keep your store safe and healthy.
Don’t forget that Magento 1 is aged software. In the long term, you should be thinking about migrating to a new platform, whether Magento 2 or something else entirely. While many merchants will seek “additional runway” to keep operating on Magento 1 past its end of life, that doesn’t mean that it’s a good time to launch a new Magento 1 site or to invest heavily into an existing Magento 1 store.
About the Author
Robert Rand is the Director of Partnerships at JetRails, a mission-critical ecommerce hosting service. Robert has over a decade of experience in helping merchants benefit from sound ecommerce and digital marketing strategies, assisting organizations of all types and sizes to grow and succeed via digital commerce. Robert is a frequent author and thought contributor in the ecommerce industry, and hosts The JetRails Podcast.