April 11 2023
Magento’s slow and difficult updates have caused certain problems in recent years. Clunky updates can either cost businesses frequent fees in maintenance and development or—if postponed—even steeper costs in security breaches and information leaks. It’s one of many reasons we recommend composable software, or headless software solutions, to our clients.
Every major software company continuously updates its products to incorporate new technology and better address user needs and security vulnerabilities. While your website or app will continue to run whether or not you update to a new version, the manufacturer will eventually halt support of that specific version. As they sunset the old version, they set a date to cease updates or provide support. This means:
You won’t get automatic security patches.
The manufacturer won’t address help tickets.
You’ll gradually lose access to old extensions and the ability to use updated ones.
Your store loses the competitive edge new features provide.
Your server operating system may drop support for the technology that your software relies on.
In other words, you’ll be flying without a safety net. In fact, you run the risk of discovering a breach in your security that will never be patched or even reported. Your site could be vulnerable with no way of addressing it.
When the grace period for official support of a software product expires, we refer to it as EOL, or “end of life.”
Magento 1.0 - March 2008, EOL June 2020
Magento 2.0 - November 2015, EOL March 2018
Adobe acquires Magento - August 2018
Magento 2.1 - June 2016, EOL June 2019
Magento 2.2 - September 2017, EOL December 2019
Magento 2.3 - November 2018, EOL September 2022
Magento 2.4 - July 2020 (Current version 2.4.6, Support guaranteed until March 2026)
(See more here.)
As you can see, Magento 1 became EOL in June 2020. However, that hasn’t stopped many businesses from continuing to utilize it and delaying their update to 2.0. Sometimes, failure to update is due to ignorance or procrastination. After all, how often do you click on “Remind Me Tomorrow” when your computer notifies you of available updates? Many of us simply don’t understand the importance of updates. We easily lose track of how far behind our programs have become.
We might postpone software updates because we don’t want to risk things changing, which may necessitate costly programming and design updates. Our favorite themes can become outdated, calling for a complete redesign of the front end. We may also find old plugins unsupported and have to find new tools that answer our needs. Most of all, we’ll need to migrate essential customer data, product SKUs, media files, and more to the new platform.
A major data breach last year revealed the dangers of running an e-commerce store on an EOL version to hundreds of wholesale and retail businesses. Sansec, a data security company, discovered a security vulnerability affecting about 500 stores on Magento 1. Despite Adobe’s warning that they would no longer support Magento 1 after June 2020, many e-commerce businesses were (and are) still utilizing the platform. This made them more vulnerable to hackers. According to the report from Sansec, “Attackers abused a (known) leak in the Quickview plugin. While this is typically abused to inject rogue Magento admin users, in this case, the attacker used the flaw to run code directly on the server.”
This security breach was neither the first nor the last in Magento’s history. In November of 2021, the National Cyber Security Centre announced that over 4,000 small businesses had been affected by hackers who were skimming funds from customers’ payment cards over Black Friday, exploiting another known vulnerability in Magento, one which had been remedied in the latest update.
Other Magento vulnerabilities over the years have exposed customer data (i.e. names, emails, addresses), credit card info, and sales information, and led to potential defacement (i.e., changing the appearance of the website or injecting a redirect to a different website).
While it’s tempting to blame these security flaws on Magento itself, all programs have vulnerabilities that must be vigilantly patched and protected with each software update. It is indispensable for the security of your e-commerce platform, the privacy of your customers, and the trust of your followers to keep your e-commerce platform up-to-date.
With so much at stake, carelessness around the EOL dates of your vital software cannot be tolerated. But your e-commerce platform’s end-of-support dates aren’t all you need to keep track of: plugins, POS systems, internal management software, and hardware warranties must be maintained. While most manufacturers will inform you via email of the expiration dates of your purchased software, it’s easy for these notices to go ignored in your inbox. These tips can help you stay organized:
Designate a specific email account for your software providers' memberships, subscriptions, and communications.
Use a spreadsheet to track technology assets, warranty information, and projected EOL dates.
Add a reminder about EOL deadlines in your calendar the moment you’re notified, even if the EOL date is a year or more in the future.
Use a program to collect and update this information for you, such as device42.
Access resources like endoflife.date to find information about a specific tool.
Although we most commonly recommend Shopify to our clients, our programmers aren’t strangers to Magento updates and migrations. Transitioning from Magento 1 to the current 2.4 iteration is a big jump. As such, it often requires not just a migration, but a full rebuild.
The good news is that this may be the perfect opportunity to future-proof your site with a platform that makes updates a breeze. Take a look at how TMI Automotive took a similar opportunity to address long-standing challenges on its e-commerce platform, increase site traffic, and equip itself with a beautifully branded, long-lasting, and secure website.
We can’t spare you from the stress of transitioning away from Magento 1. However, we can set you up with a new composable software solution that decouples the front and back ends of your e-commerce platform, enabling you to update one part or another as needed. Our solutions make future updates far less painful and costly, and you’ll be empowered to keep your store secure, competitive, and impeccably tailored to your user’s experience.
Drop us a message, we'll be happy to discuss with you!