Magento 1 end of lifePradip Shah
June 2020 is a few weeks away and many stores are not ready to move away from Magento 1. But wait, you don’t have to update – now or in the long run.
COVID-19 Update : We find many customers have had to delay their Magento 2 launch in these uncertain times. We also know many of them did not have plans to keep Magento 1 uptodate. In fact, we know agencies that have stopped support for Magento 1.
Starting at a low cost of $200 per month with no long term contract. It includes reviewing your current hosting for security, moving your website to the latest Magento 1.9 and latest php supported as well as adding additional security measures to your website. It also includes help signing you up for Mage One or Open Mage projects for support beyond Magento 1 EOL, if required.
Signup now (no credit card required) and we will be in touch with you.
What does end-of-life for Magento 1 mean?
Magento 1 End-of-Life does not mean your website will stop working. It means Adobe will stop giving fixes for Magento 1, even security patches. As php version in use goes out-of-life, no upgrades will be given by Adobe.
However, being an open source platform, your Magento 1 website will not stop working. The code and license do not restrict you from running the website.
Stay on Magento 1 for short or even long term
That is a valid option and many customers are choosing this. Makes sense if
- You have a lot of investment in the customizations which may be difficult to replicate anywhere
- You have a stable money generating store and any change looks like a risk
- Are in the process of migration, but the migration may take some time
What are the options to stay on Magento 1?
- Use paid support plan from Mage one (https://mage-one.com).
- Use open source Magento 1 fork (https://github.com/OpenMage/magento-lts) with support from the community.
What are the risks?
- Support from either of the above reduces over time as many websites move out of Magento 1
- Developer support may reduce as most developers move to Magento 2
- Plugin vendors have already stopped support or are stopping support.
luroConnect support stays for Magento 1
If you are with our managed service, we will continue to support you. The biggest risk is a security risk of vulnerabilities yet to be found. Here is our plan
- File system security to prevent 0-day or new unknown vulnerabilities. Our rules include not allowing execution of js or php from folders open for upload. Not allowing upload to folders where code lives. This rule will prevent many malicious code to fail as they depend the ability to upload malicious code and execute.
- WAF – Web Application Firewall – with strict Magento 1 rules. This prevents SQL Injection and cross site scripting related attacks from being allowed.
- Virtual patching – block URLs that are known to have vulnerabilities. For example, we do not allow saving of the “miscellaneous” header and footer section from being written from the admin login.
- Admin login protection via dual password. The first is a basic http challenge. This prevents password guess of the admin URL as 2 passwords have to be guessed.
- Password guess prevention by restricting how many failed attempts are allowed in a day from the same IP – implemented at the application server level without changing Magento code.
- Staging environment to test patches from open mage or mage one or any other source you may have. Also support php version upgrade first on staging before upgrading production.
- Protect source code by using secure deploy process
- Secure backup With a proven restore strategy
Hosting help moving to Magento 2
When moving to Magento 2, to reduce the downtime during the move, luroConnect has plans for you.
- Staging server support plans.
- Magento 2 transition plan with minimum downtime. Our care even includes URL rewrite rules to ensure SEO value is not lost during transition.