It’s no secret that a CMS without support will develop vulnerabilities. Eventually, these lead to a compromised website — which cripples any ecommerce business. When you consider the popularity of the Magento ecommerce platform, it’s easy to see how their announcement of the Magento 1 end of life could leave a significant portion of ecommerce retailers scrambling for new solutions.
That might sound dire, but we’re here to lay out the essential facts — and look at a way to extend that looming end-of-life deadline.
What is Magento 1?
In 2007, Magento launched what would eventually become its Commerce 1 and Open Source CMS platforms. Magento 1 (as we’ll refer to it) quickly gained popularity, winning awards in its first year and grabbing the attention of big-name investors.
By 2011, eBay held 100% ownership of Magento, which it passed on to Adobe in 2018 for the tidy sum of $1.68 billion.
The versatility, powerful ecommerce features and ease of use offered by Magento 1 made it a huge hit among ecommerce retailers. Today, this popular open-source CMS powers 12% of all ecommerce sites worldwide, with about 250,000 active sites running Magento 1.
Now, these users must either upgrade to Magento 2 or migrate to another ecommerce platform.
When will Magento 1 support end?
By June 2020, Magento will stop providing support like software updates and security patches for its popular Commerce 1 and Open Source CMS platforms (formerly Enterprise and Community Editions).
The Magento 1 end of life announcement has left ecommerce retailers looking at a couple of obvious solutions, although some might find them costly or disruptive:
Upgrading to Magento 2
This might seem as simple as flipping a switch, but Magento 2 is actually built on an entirely different architecture. By all accounts, Magento 2 is an awesome platform, but the upgrade essentially requires the same amount of work as our next option.
Cost also might be a consideration. Although the community edition of Magento 2 is still free to download, smaller retailers who were able to upgrade to the enterprise edition of Magento 1 might find the added cost of Magento 2 to be a deal-breaker.
Migrating to Another CMS
It’s possible many users are planning to drop Magento 1 entirely and move to another CMS such as WordPress, which provides ecommerce functionality via numerous free and paid plugins. However, as mentioned above, migration is not a small undertaking.
As with any site migration, ecommerce retailers risk downtime where their sites aren’t available or providing the best possible shopping experience. And Sucuri’s research indicates moving to WordPress doesn’t necessarily mean a site is immune from eventually becoming outdated and infected.
Another Solution for the Magento 1 End of Life
While moving to a supported platform is always the best option, there is another solution for ecommerce retailers who aren’t prepared for immediate migration. Putting a Magento 1 site behind a reliable website firewall provides virtual patching of any vulnerabilities — helping maintain day-to-day operations and PCI compliance.
For example, the Sucuri Website Application Firewall (WAF) provides a straightforward installation and is free to try out. And after implementing a long-term solution to address the Magento 1 end of life, ecommerce retailers will likely discover the Sucuri WAF provides a number of benefits in addition to buying them extra time:
- Loading faster with a CDN
- Instantly blocking hackers
- DDoS mitigation and prevention
- Protecting brand reputation
- Preventing zero-day exploits
Don’t Forget the Importance of CMS Updates
A website firewall can serve as a stopgap for ecommerce retailers who aren’t ready to migrate to another CMS, but let’s be honest — it’s inevitable for a CMS that’s no longer supported. As this video highlights, website security requires constant awareness. A CMS needs to be kept up to date (even when it’s protected by a firewall).
Against the background of the Magento 1 end of life, security appears to be the most compelling reason to keep a CMS updated. However, even the least technical of CMS users should understand there are a number of equally important reasons:
- Better features — Many new CMS features roll out as part of updates and there isn’t a way to get them a la carte. Updates are often the only way to get cool new features for an ecommerce platform.
- Bug fixes — A website doesn’t necessarily have to be broken or hacked to create a poor user experience. Regular CMS updates ensure those pesky bugs (whether they’re visible or not) keep on getting bashed.
- Cost savings — It’s far less expensive to run updates as they become available, compared with paying for a fix to address exploits after the fact. It’s also worth considering than an out-of-date site isn’t providing the best user experience, so it probably isn’t generating all the revenue it could.
- Time savings — Anyone who’s cleaned up an outdated CMS will tell you it isn’t a quick fix. And that’s time ecommerce retailers can’t spend on what they do best: providing shopping experiences that convert more visitors.
This Could Be a Website Security Wakeup Call
For many ecommerce retailers, the Magento 1 end of life will likely be a difficult experience — and one they’ll seek to avoid in the future. Awareness and initiative are key in keeping a CMS up to date and running its best, so it’s important to stay informed, whether that comes in the form of a detailed guide or individual learning you can follow at your own pace.
*** This is a Security Bloggers Network syndicated blog from Sucuri Blog authored by Art Martori. Read the original post at: https://blog.sucuri.net/2019/11/magento-1-end-of-life.html