Brett Regan
Magento 1 End of Life: How to Quickly Move Your Brand to a Secure Platform
Get The Print Version
Tired of scrolling? Download a PDF version for easier offline reading and sharing with coworkers.
A link to download the PDF will arrive in your inbox shortly.
Magento first announced they would no longer be supporting updates to their Magento 1 software way back in September 2018. The date they set for the End of Life (EOL) was June 2020, which anyone looking at a calendar will know has now come to pass.
EOL doesn’t mean your store, if you’re still on Magento 1 at this point, has disappeared from the internet or that you will no longer be able to conduct business; however, the results may be equally damaging.
If you plan to continue transacting and growing your business, the time to leave Magento 1 is now. We don’t want to incite panic, but the bottom line is you’re quickly running out of time. Now that EOL has actually happened, the consequences for not updating are going to start rolling in. You are putting your site, your brand’s reputation, and your customer’s data at risk by failing to migrate to a secure platform.
Whether you move to Magento 2 or switch to a new ecommerce platform provider, you will be undergoing a full replatform — including data migration and new themes and templates. As you probably know (and it may be one of the reasons for procrastination): this is a time-consuming process.
You may be wondering: where do I start? Let’s deep-dive into why you need to switch, what life on a post-EOL Magento 1 has in store,, and the process you need to go through to move to a more secure future
If you haven’t yet switched from Magento 1, there are some big reasons why you need to.
Back when Magento 2 was first announced, it may have sounded pretty great. Magento 2 seemed to add new features and make a number of clear improvements. Magento 2 offers better site performance (with some exceptions). It’s also more mobile-friendly than Magento 1 and provides a better user experience.
However, as the reality of switching from Magento 1 to Magento 2 came into focus, it was clear that this wouldn’t be a simple upgrade. To move from one to the other, you will have to do most of the same steps as a full replatform. You can get the full details here, but suffice it to say, your themes won’t transfer, your M1 extensions won’t work on M2 (because the two have different architectures), and some of your data will have to be migrated manually.
That said, refusing to switch — now that Magento 1 is no longer supported — just isn’t going to fly. Here’s why:
While you are still able to sell your goods through your Magento 1 site, your site is officially no longer supported by security updates. That leaves you, your site, and your customer’s data vulnerable to hackers — which could lead to hefty fines, a loss of reputation, and a potential setback from which your business may not recover.
Your payment provider is obviously a fundamental part of your ability to run your business and make sales. Adyen, a major payment provider, has already gone on record saying they will not be supporting merchants on Magento 1 after the end of life. Other payment providers are likely to follow.
Why? Your site is likely no longer PCI compliant, and if there’s one thing payment providers don’t like, it’s risking supporting an insecure site. As Adyen explains: “Using Magento 1 after June 1, 2020, makes you unable to comply with the Payment Card Industry Data Security Standards (PCI DSS), which can result in non-compliance fines.”
As Adyen outlines, being PCI compliance doesn’t just cause you to potentially lose your payment provider, but it also opens you up to significant fines, not to mention the potential loss to your business’s reputation.
With Magento 1 no longer updating, many of the extensions to third-party systems that you currently rely on will soon become obsolete and non-functional. You may discover that the connections you rely on do business suddenly just don’t work.
Magento 1 no longer being supported means it will be harder to find software support to achieve routine updates. When you do find a developer who will still work on M1, your updates will likely be significantly more costly and time consuming. After all, it’s a much bigger ask for a developer to have to create a security patch as opposed to just implementing one provided by Magento. Things that used to be simple may soon be impossible.
Here’s a thought experiment for you. Let’s consider how things may change for you and your site if you continue to stay on Magento 1 now that EOL has passed.
Initially, things may seem fine. Your site may not be having any issues…yet. Because the scripting language PHP that Magento 1 runs on has long since stopped being supported (PHP 5.6 hasn’t been supported since the end of 2018 and PHP 7.2 continues to receive security support through 2020, but is no longer actively supported), you are having to use a patch to get it to sync with a more recent version, but you’re used to that inconvenience.
You may be sipping a cup of coffee and thinking, “What was all the fuss about?”
However, change may be coming soon. Next week, your payment provider could tell you that because you’re no longer PCI compliant, they will no longer be covering you. At that point, you will have to scramble to find another way to accept payments.
The loss of your payment provider isn’t the only consequence of your no longer being compliant. Sites that are not PCI compliant incur fines for the loss of customer records. These fines (and those payment gateway fees mentioned above) will continue until PCI compliance is reestablished.
Additionally, without security patches, there’s a good chance yoursite will eventually get hit by a breach in which customer data is stolen. Previously Magento had been actively searching for vulnerabilities and creating patches for them. Without those patches, your site isa sitting duck. The hackers will have been looking for vulnerable sites still on Magento 1 as soon as EOL happened.
If a breach occurs, you will have to inform your customers about the loss of data, and they will understandably be concerned about your ability to safeguard them going forward. Even after you’re able to get your site secured — without any help from Magento — some customers will have lost trust in your brand and have moved on to competitors.
Let’s say you continue on Magento 1 after this incident. The next week, if your marketing manager might suggest trying something new with your site to bring back some of the lost customers and entice new ones. However, you may find making the change isn’t as easy as it used to be because fewer developers are supporting Magento 1 sites now.
While you’re mulling over your options, you may get a frantic call from your IT team. The PIM system you use is no longer syncing data with your site. Their recent update no longer works with Magento 1.
Suddenly, you can’t make updates to your product listings. You live in fear of the next hack. Those PCI compliance fees are piling up. Your coffee is cold. You’re wishing you could go back in time to early 2020 when there was still time to make the switch.
Okay, there’s no way to go back in time to before the EOL, but while the best time to switch was 6 months ago, the second best time to switch is right now.
Admittedly, the prospect of replatforming is itself a daunting task. However, it can help to break it down into manageable steps.
Even if you’re completely happy with your Magento 1 store and only switching out of necessity, switching platforms is still a good opportunity to audit your systems.
Talk to your teams and learn what’s working and what’s not. This will help you get a sense of what your new platform has to have and what it can improve on from Magento 1.
As you start to choose your new platform, the first thing you need to do is know your business needs. You’re officially in a time crunch. Of course, you want to find a good long-term fit, but you also need to find a platform that is capable of getting up and running quickly.
Of course, there is no shortage of options for your next platform that make great alternatives to Magento. These include well-known SaaS platforms like BigCommerce, Shopify, and Salesforce Commerce Cloud. There are also other open source options like OpenCart or plugins like WooCommerce that is an add-on for WordPress sites.
Remember to keep the fact that time is of the essence in mind.If you had to launch in a week, what might that look like? Here’s one customer story who was able to launch a new site just 24 hours after their Magento site collapsed.
We recommend narrowing your search to a few top contenders and then sending out an RFP with all of your needs clearly defined and prioritized. We’ve created an RFP template to help you with this piece of the puzzle.
Hopefully, your new platform can provide resources to help with this part of the process. Given the short time frame, that may be something you want to consider during the RFP process. If not, you may want to get help from an outside agency that can help you create your site on an abbreviated timeline. You will need to create your site design, configure all of your integrations, and migrate your data cleanly from Magento. You also need to make sure to back up everything from your data and images to your CSV files. And of course, make sure to leave time to test everything.
Obviously, there is a lot more involved than that. If you need a more detailed roadmap to the replatforming process, we’ve created a workbook that can help walk you through every step.
With a well-thought out plan, the fact that the sunsetting of Magento 1 has come to pass doesn’t have to be a bad thing. It can spur your organization to a digital transformation that will have a positive impact on your long-term growth.
That said, a less-than-well-thought-out plan opens you up to risk and potentially moving to a platform that isn’t a good fit. You want to do your due diligence and choose the right platform, so you won’t be replatforming again in short order. You also will want to take enough time in the replatforming process to allow for necessary testing. After all, you don’t want to lose important data in a rushed migration.
Rome wasn’t built in a day, and your replatform won’t be either. Unfortunately, time is the one thing you’re running out of. Now that Magento 1 is no longer supported, you need to move to a secure platform as soon as possible. If you’re on Magento 1 and you don’t yet have a plan in place for moving to your next platform, today is the day to start.