Magento 1 EOL Support – You Have Options, Pick the Right One

Last Updated On: August 3, 2021

UPDATE: Fast forward to today – it’s now been over a year since Magento 1 (M1) went end of life (EOL). PCI compliance requires M1 storefronts to be signed up with an official vendor supplying security patches. Failure to show this during your next PCI audit, and you could lose the ability to process credit cards. Webscale has continued to regularly release patches for both M1 Community and Enterprise (now Open Source and Commerce) – 49 to date – and we will continue to do so for the foreseeable future. Despite the email Paypal sent out recently (again), you can stay safe, and compliant on M1, while you plan your next move, on your timeline. Read our latest blog on the topic here.

It’s been over 18 months since Magento announced its decision to stop supporting Magento 1 as of June 2020. What’s interesting is that almost 50% of all Magento sites are still on Magento 1 Community or Magento 1 Enterprise. More than 100,000 businesses worldwide. We get it – plenty has happened since then, and running a business isn’t easy, especially with the current global crisis affecting just about everyone on the planet. But, the deadline is still looming, and it’s time to make a decision, or at least have an intermediate plan to get there. It is a question of survival.

If staying on M1 is the plan, or if you just need more time to get to M2 (or another platform even), there are M1 support solutions out there, but buying one isn’t as straightforward as you might think. Not all M1 solutions are made equal, so buyer beware.

We’ve evaluated the options available to you below, so that you can make the decision that’s right for your business, because we work in the same industry as you do. Of course, we’d love it to be Webscale, but that decision is yours.

Surveying the landscape
There are two versions of Magento – Magento Community and Magento Enterprise (M1 Community and M1 Enterprise). The M1 support strategy cannot be the same for both. If you’re on M1 Enterprise, there’s pretty much only one comprehensive support option in the market — Webscale. But more on that later. For merchants on M1 Community, you have several options to choose from. Depending on your business growth and other considerations, you may choose to migrate off of Magento 1 and replatform to:

1. Magento 2 (Community or even Enterprise)
2. Shopify, BigCommerce, other SaaS platforms, a headless deployment, or another platform
3. A custom platform

But for now, let’s focus on what you can  do if you believe you will still be on Magento 1 – without support – when the sun rises on July 1, 2020.

Evaluating the risk and assessing available options
Doing nothing sounds crazy, but more than a few merchants are in the ‘wait and see’ mindset. It’s beyond risky to say the least. And security is the biggest issue. What do you do if all your customer data is compromised, and exposed to the internet? It’s a well-known fact that businesses that have had security issues, particularly where customer data gets stolen, usually don’t stay in business for long. Or what happens if your payment provider denies you the ability to process credit cards because you failed PCI compliance? It’s rare that this happens, but not impossible either.

The bottom line is this – DO NOT ignore the deadline, because it isn’t being pushed out by Adobe, despite many thinking it should. So give up the denial, take a deep breath and roll right into that acceptance phase.

If you’re already replatforming, great. Do you have the right agency partner? If not,we could help with that. But if you are not likely to hit your replatforming deadline by June 30, and with COVID-19, many projects are being delayed, it’s time you came up with a contingency plan. Whether it’s a few months of delay or a year, any stretch of time without security and support poses a risk, on many levels.

Here are the options available to you in the market, in increasing order of efficacy:

1. Buying patches: The first option is to acquire security patches from a company that’s committed to building them – Mage One for example, who are providing security patches for M1 Community version 1.9 only. If you’re on any other version, you will need to make other changes on your platform, or upgrade to that version. If you are on M1 Enterprise, go directly to Point 4 below.
2. Migrating to Open Mage: The Open Mage project is a fork of Magento. It’s promising, but know that you’ll be committing to their proprietary platform for the foreseeable future and that has a different form of risk.
3. Hosting plans with security offerings: The third option is looking for a hosting company that offers security fixes and patches. Security is by far the biggest challenge that people will face for M1 support, performance or functionality much less so. The most these companies can offer you is access to security patches written by developers or tools like firewalls, which can block bad traffic to your front end. They will not block threats through traffic to your back end at the application layer, an increasingly common and far more damaging attack vector, or inform you of breaches to your admin setup either. Examples of these simpler managed hosting offerings include Safe Harbor by Nexcess and JetRails. These may work for smaller merchants looking for a basic solution that can provide patches, a firewall, and a fully managed experience. A passing warning, though – having a static hosting solution is never the right solution to any ecommerce problem.
4. Webscale: The fourth option is Webscale M1 Support. Webscale will deliver patches for customers on M1 Community Edition – we’ll be working with Mage One for these. Any required patches not available through Mage One, will be made available courtesy of our approved network of agency partners and PHP developers. These custom security patches will support both Magento Community and Enterprise versions 1.9 and 1.14 respectively. In addition, our Web Controls will enable Virtual Patching, shoring up any vulnerabilities in real-time, until such a time as the formal patch is released by one of our partners. Webscale is the only company in the world that offers Web Controls. In other words, if you’re on M1 Enterprise, and need to stay beyond June, we are your answer.Webscale’s 360-degree security stack is protection from the front end, all the way to the back, where your most valuable customer information resides. Firewalls alone will not protect this data, and the only company that has a comprehensive solution, with the required compensating controls – controls that can help you secure your back end and ensure that you are checking the right boxes to be PCI compliant – is Webscale and its network of partners.

You have to get moving!

June 2020 is coming up, and living in a world beyond M1 EOL will take a lot more than crossed fingers or a mentally uttered rendition of ‘I believe I can fly.’ Buying patches for $29 a month is not going to cut it, and neither is a managed hosting solution that has you sweating out $200 a month while leaving your most valuable assets exposed. You need to do what’s right for your business. Let us help.