Space48
tom-robertshaw-at-magento
February 5, 2020

What to do if your site project won’t launch before Magento end of life

TL;DR: This article is worth the read.

Need support with your Magento upgrade?
We’ve got you covered.

Magento 1 end of life (EOL). Deadline day is looming. June 2020. Put it in your diaries. 

But you knew that already – particularly if you’ve spent months worrying that your new website project will not be ready in time. Or worse yet, if you’ve done nothing about your Magento 1 website at all. 

Worst-case scenario, there’s still time to act, and at the very least, manage any risks that your business may face. 

Before we start, it’s time for an honest truth. 

The longer you stay on Magento 1 in 2020, the less sympathy you’re going to get – from your customer, from the ICO, from your stakeholders. 

And you know why.

Because upgrading from Magento 1 is not just about minimising damage to your business, it’s about doing your utmost to protect customer data. Do not underestimate the importance of this. So that’s where we’re going to start … with breaches.

Vulnerabilities in Magento 1

 

There will be no site support for Magento 1 post EOL.

Performance updates – none. Security patches – zero. No liability on behalf of Magento.

This means that any vulnerabilities in Magento 1 will not be fixed. So the sooner you move beyond Magento 1, the better. The longer you stay on Magento 1, the more at risk you are to hacks, comprising your customer data.

This risk is increased as the majority of module vendors will no longer support their third party extensions either (at the developer’s discretion). So even with local fixes or patches, there are still multiple avenues in which your site may be vulnerable. 

Magento-breach

What to do if your Magento 1 site is breached

 

  1. If you operate in the UK, you will need to inform the Information Commissioner’s Office (ICO) within 72 hours. More guidance can be found here
  2. The ICO will conduct an investigation, which could result in a maximum fine of 4% of your company’s turnover. 
  3. You are required to inform your payment acquirer too. This may incur additional fines, and your transaction fees may increase due to higher risks.
  4. Finally, you are obliged to inform your customers. Naturally, this will have outcomes in terms of your brand reputation, trust, and repeat customer revenue.

In short, it’s going to cost you in the long run. 

I use a third-party Payment Gateway, am I still liable?

 

Yes, you still store customer data. And as host of the checkout, you are susceptible to hacks – making you responsible. 

Quality of Life Fixes

 

Magento 1 will no longer benefit from quality fixes as of June 2020. As a result, Users still hosted on Magento 1 may find – particularly over time – that the performance of their site suffers. Site speed, visual bugs, and layout could all be affected. 

And we don’t need to tell you that this will lead to poor online customer experiences. You may be hindered by heightened issues during peak selling times too. The result? A higher churn of customers, and, inevitably, a loss of sales.

Making matters worse, your competitors will have likely already assessed this risk, and either migrated to Magento 2 or re-platformed. Don’t be surprised if your customers begin purchasing from a competitor. 

OpenMage: Community Support

 

In reaction to the lack of authorised Magento support, there is a community-driven effort named OpenMage which aims to provide updates for Magento 1 after the end of life. If you have no option but to stay on Magento 1 this may be your lifeline.

OpenMageOpenMage is an open-source project. This means that anybody can help out on a specific project. At the time of writing, there have been 99 different contributors, 311 issues raised, and 543 fixes/improvements delivered – with new ones being added every few days or so.

Despite the successes, questions have been raised about the longevity of the project. But if they achieve what they aim to, this will be extremely useful for anyone remaining on Magento 1 after the end of life. 

If this interests you, you should also consider MageOne.

What can I do in the meantime?

 

Ok, now we’ve scared you a little bit, it’s time to put your mind at ease (at least a little). Replatforming isn’t easy. Migrating isn’t easy. Nothing is straightforward.

It can be intimidating and people will sympathise with that.

Finding the budget might be proving a challenge. Or you might simply love Magento 1 so much that you can’t part with it. Or, most likely, your new site will not be ready on time.

If these sound familiar, there are actions you can put in place:

  • Review the technical state of your site ASAP – because developers will no longer be able to raise support issues with Magento beyond the deadline. Get the help while you can, and get the answers to your problems today.

 

  • Make sure your store is updated to the latest PHP. Why? Well languages themselves can have vulnerabilities. So updating reduces risk. Similarly, some modules and hosting providers only support newer PHP versions. So if you haven’t updated your PHP by the time you are ready to migrate from Magento 1, you may face a bigger task than you already do.

 

  • Outreach to third-party platforms, developers or agencies to get a better impression of what support is going to be readily available post-June 2020. Take OpenMage as an example.

 

  • Invest in some serious security. If you are only interested in security patches then you could take matters into your own hands. As a short-term alternative to migrating/re-platforming, start by hiring a cybersecurity company to carry vulnerability scans on your website. Pass these issues to a developer to carry out a fix. 

    Some security recommendations: 
  • Block certain country IP addresses e.g. China and Russia, if you don’t serve these countries.
  • Increase sensitivity on firewall rules, e.g. in Cloudflare
  • Restrict admin areas by IP addresses.
  • Remove any other applications that sit alongside Magento e.g. Magmi or PHPMyAdmin.

 

If in doubt, make sure you discuss your options closely with your chosen agency or internal teams. There is no one size fits all when it comes to this, take the time getting this right.