Have you had a Magento store for a while and are you using version 1.9 of Magento ? Then read this article carefully to avoid a whole host of problems! Your site is in danger and you need to act now!
Even if your site still seems efficient, you should be aware that the Magento editor has not offered security updates for your version for some time now!
Magento 1.9, an obsolete solution
In fact, since June 2020, Magento simply no longer offers any updates for your version of Magento (version 1.9, Magento 2 is still updated at the moment)
Well, after all, it might not be so serious, you might say, as long as your site is running properly. Well, yes, it is a real problem!
In fact, no update means:
- No fix
- No new features
- No technological upgrades (PHP versions for example)
- No security updates
The biggest danger? It's a wide open door to all sorts of security breaches on your server, and it also means potential intrusions into your back office. But with everything ready, Magento 1.9 is a solution that has been live since May 13, 2014, almost 10 years! That's an eternity in the world of e-commerce.
It's important to know that in open source, unlike SaaS services, updates don't happen automatically. It's up to you or your agency to update your systems at all levels:
- accommodation
- e-commerce software
- dependencies
- services
- security
- etc …
And security breaches appear every day! Normally, the publisher, in this case Magento, provides support and offers updates to keep you safe. Here, nothing has been found for several months now. It's therefore impossible to certify that a Magento 1.9 site is secure.
Magento 1 End of Life: What are the Risks?
Okay, the solution is outdated and requires a complete migration to an alternative, but why? The site won't shut down overnight?
So no, indeed, it is possible to continue operating a Magento 1 site for as long as "you want". But this exposes you to increasingly significant risks, let's see which ones and their level of severity:
The main risks are located at several levels:
- Potential data loss
- Risk of hacking
- Vulnerability to ransomware
- Industrial espionage
- Malice
- Deletion or outright loss of your site
- Data corruption
- Customer data leaked on the dark web
Basically, you may find yourself one morning without a merchant site, or worse, with your entire business hacked via the Magento site.
It is impossible to fully secure a Magento1 site since July 2020
Furthermore, since the GDPR, in the event of a hack or loss of customer data, you are required to notify all your customers of the hack. This also represents a significant potential loss of image if the slightest problem arises.
However, even with a good IT manager and the best will in the world, without the help of Magento (the publisher) it is impossible to completely secure a Magento 1.9 e-commerce site since June 2020.
The more time passes, the more the risk increases. And this remains valid whether your Magento is in headless e-commerce or not because the back office is also vulnerable and your server too because the latest versions and security updates of PHP are not supported by Magento 1.9
The Double Problem of Magento Commerce 1
[UPDATE] By April 2024 the situation will get even worse for Magento 1 sites with the end of support not for Magento but for all technical components:
- 🛑Magento support has been discontinued since July 2020
- 🛑Support for PHP 7.2 (the maximum version Magento runs on) has stopped since January 2021
Support for PHP 7 has been discontinued for all versions, even PHP 8 is already obsolete!
No more Magento 1 support? It's not so bad (if)
To date, there are more than 225 (known) security vulnerabilities in the various versions of Magento prior to 2.0.
End of support for payment applications
But the end of Magento 1's life also means the end of payment method support, or even the end of support for payment methods by some providers. This means that it will become impossible for sites running these early versions of Magento to simply collect payments. The inability of solutions to comply with the PCI/DSS framework with Magento Commerce requires them to stop processing payments or flag them as potentially dangerous.
Namely, the PCI DSS standard requires the use of solutions maintained by the publisher, which is no longer the case with Magento 1
It would be quite sad for an online sales site to have to go through this. Paypal, Visa, Mastercard, and all other banking players will also be unable to maintain payment integrity and will therefore refuse to process them.
Some extensions stopped working
Are you using extensions on your Magento 1.9 site? They may no longer work. This is due to two main reasons: Varien/Magento's end of support simply doesn't allow them to evolve and fix bugs, and they also have new versions to make work on new e-commerce platforms.
Are you on an earlier version of Magento 1.9? Danger!
We have only discussed the case of Magento 1.9, but if you are using an older version of Magento, whether it is Magento 1, Magento 1.2, Magento 1.7 or other, you are in even greater danger!
The longer you wait to change, the more likely you are to find your store or server empty one morning due to a “0 days” security breach.
Without knowing it, your site may already be infected and mining cryptocurrencies behind your back.
What is the solution for a secure e-commerce solution?
But how can you ensure the operational continuity of your e-commerce business in the best possible conditions? Well, in any case, you'll have to get rid of Magento 1.9 one way or another. But be careful not to throw the baby out with the bathwater and do things the right way.
There are several alternative solutions to Magento 1.9 to finally work securely
Migrating to Shopify Plus, the obvious choice
If SaaS appeals to you and you're tired of Magento for various reasons, then why not give Shopify Plus a try?
How much does Shopify Plus cost?
Shopify Plus starts at $24,000/year for a license for a site with around $8 million in revenue, and you'll need to budget between €50,000 and €120,000 for a migration. That's pretty broad, but it all depends on the exact technical scope you want.
Some price indications for a migration from Magento to Shopify Plus :
- Creation of the store: approximately €10,000
- Theme design: €12,000
- Theme integration: €12,000
- Custom developments: €15,000
- Data import: between €10,000 and €25,000
This remains a purely indicative price range and only a quote produced by one of our Shopify Plus experts will be able to give you a more precise idea, but at least it allows you to put orders of magnitude on the cost of a change to combat the obsolescence of your current e-commerce solution.
Migrating to Shopify Plus means eliminating update issues for your e-commerce site once and for all.
That's because with Shopify Plus, you automatically get security updates, new features, and improvements without lifting a finger or paying maintenance fees.
All Shopify and Shopify Plus stores are automatically enhanced by Shopify whenever a new feature is available.
And with the density of the Shopify Plus ecosystem and 115 Shopify Plus certified app partners, you're sure to find a qualified partner to support your success with Shopify Plus.
If you have any questions about the Shopify universe or SaaS in general, you can contact us to arrange a demo and introduce you to Shopify Plus.
Upgrade to Magento 2
This seems like a logical next step for many e-merchants who like to move into the Magento universe or who are hoping for a simpler migration.
Be careful, however, this is not the case. Migrating from Magento 1.9 to Magento 2 is as much work as switching e-commerce solutions.
Moreover, in a few years you will find yourself with an already obsolete version that will have to be maintained.
By migrating to Magento 2, you'll encounter the same problems as with Magento, except that you'll have a much larger license. License prices are sometimes reported to increase fivefold.
As you can see, we are not big fans of this option because it only increases the TCO of your e-commerce site without providing more services.
How much does it cost to upgrade from Magento 1 to Magento 2?
Migrating from Magento 1 to Magento 2 requires a budget of tens of thousands of euros. These include:
- Magento2 setup fees
- Magento 2 license fees
- Integration or theme creation fees
Switch to Salesforces Commerce Cloud
If you have a (very) good budget, you find that Magento is quite cheap, the price is not a problem but you want to try e-commerce in SaaS, you can turn to Salesforces commerce Cloud .
Expect several hundred thousand euros for the migration project, an annual license of the same order of magnitude and high maintenance costs.
As for the solution, there's nothing to complain about; it does the job and can handle large volumes. But in our opinion, it's more aimed at IT managers who want to spend without counting the cost than at entrepreneurs looking for a "cost-effective" product.
It's time to ditch Magento 1.9!
In any case, no matter what e-commerce solution you choose to replace Magento, it's time to do it quickly before it's too late.
Staying on Magento 1.9 in 2022 is putting your e-commerce business at serious risk, and switching solutions should be your number one priority this year. While Magento 1 has had its heyday with its many innovations and technical advances, it's time to draw a line under this old lady and take advantage of solutions that are much more powerful and less dangerous for your business.
For our part, Magento 1 will remain etched in our memories as the one that democratized a complete back office well before its time, where we can notably cite innovations around:
- Website administration
- Mobile commerce platform
- Marketing and promotions solutions
- Managing multiple online stores/sites
- Support for multiple languages
- Improve SEO ranking in search engines
- Smooth ordering process
- Many payment options
- Order shipment tracking
- Administration and order management
- Customer Service Management
- Customer area (customer account)
- Product catalog management (physical or digital)
- URL Personalization via Rewriting
- Complete and fairly intuitive back office for the time
Without realizing it, all this in native in 2009 was a real revolution!
Apart from the purely security aspect, which unfortunately often only speaks to those who have already had a problem, there are more modern solutions than Magento 1.9 which allow you to boost your e-commerce development in good conditions for you and your teams.
If at the very least you don't change your e-commerce solution after reading this article, then here's a free e-commerce tip : remember to apply all security updates to both your server and Magento, back up your data and isolate it (on a hard drive or Dropbox, for example), and keep your fingers crossed that you won't be attacked.
