Today is July 1st 2020 and the first day when Magento 1 is not officially supported by Adobe.
Adobe (acquired Magento Inc few years ago) has kept the sunset date advised over 2 years ago. The last security patch SUPEE-11346 was provided June 22nd.
There were quite laud voices in the community that called Adobe to extend the life of Magento 1. However the vendor held the ground and didn’t shift sunset date.
So what is now when the official support of Magento 1 is over?
According to BuiltWith there are still over 120,000 websites using Magento 1, approximately 2x more than on Magento 2.
What options do these merchant have?
Keep staying on Magento 1
While Magento 1 isn’t supported anymore by Adobe, it doesn’t mean that the software stops to work and to receive security updates.
There are number of initiatives run by different groups that helps merchants keeping their M1 websites secure:
We will explore all of them in more details, but let’s discuss what happens if you just keep running your existing Magento 1 website as is.
The biggest risk here is security. Due to its popularity Magento 1 often targeted by cyber criminals. They try to stole merchants sensitive data including customer credit card details. Because of that Magento 1 websites may have problem to stay PCI complaint and face the risk of being cut by their payment processors. It’s hard to tell how how high probability of that, but Paypal already sent warnings to Magento 1 merchants urging them to migrate out.
Second, longer term risk is lack of innovation on Magento 1. With the end of official support last couple years most extension vendors are not releasing new Magento 1 extensions. Also new 3rd party tools and platforms don’t develop Magento 1 integrations. So Magento 1 merchants are risking to be left behind and become irrelevant at some point.
Open Mage is non-commercial, community driven initiative. So like Magento 1 Open Source (ex Community Edition) it is free to use. The code is available for download from the project Github page.
While you may think that something community-driven is unreliable and not secure, it isn’t always true. The biggest software packages like PHP or Apache powering millions of the websites are open-source and community supported.
MageOne is a commercial project promising permanent support of Magento 1. The prices starts from 29 euro per month for the stores turning up to 100,000 euro annually. MageOne focuses solely on security and plans to run public bug bounties program (when white-hat hackers paid a reward to find and report security vulnerabilities).
Safe Harbor from Nexcess
Nexcess is one of the leading hosting providers supporting Magento. They decided to step in and developed Safe Harbor program. For a reasonable fee (35% of hosting cost) Magento 1 merchants get access to security patches and some extra protection like firewall and malware scan
That option may be especially compelling if you are already hosted with Nexcess.
Longer term consideration
While you may probably stay on Magento 1 for some time with security solutions listed above, for a longer prospective the migration is still recommended. The main risk staying on Magento 1 even with sorted out security issues is gradually missing opportunities to innovate and provide your customers with at least in par with competitors user experience.
Magenable developed “migrating from Magento 1” decision map. It helps you to make decision where to migrate. Magenable team assists you with migration to Magento 2, BigCommerce or Zoey.
Contact us to schedule your free consultation.