Magento 1 reached its end-of-life on June 30, 2020. Many have ignored this fact and are staying with an eCommerce Platform that is off-support. While “dodging the bullet” may be exciting, exposing your site to malicious intruders could lead to disaster. Here are some of the most important security issues all M1 holdouts should consider.
- Extensions may malfunction. Some vendors will continue to support their M1 extensions for a while, but not for long. As the number of M1 users fades, look for extension support to fade as well.
- Extensions may not be secure. Any extensions that are not updated are a security risk. It’s the kind of thing that hackers look for. Security patches are issued when a vulnerability is discovered. An unsupported extension does not tackle any vulnerabilities that may arise from using old code.
- PCI compliance could become an issue. If your non-compliant site is hacked, PCI could order a PCI Forensic Investigation (PFI.) These are very expensive. Additionally, they could refuse to accept payments, fine you or flag your site as potentially dangerous.
- Trading Partner vulnerabilities, or outside vendors who might have access to your system. (That’s how Target was hacked.)
- Not keeping current with security patches (Equifax.) For Magento 1, there are no more security patches.
- Bugs in old custom code. Migrating to M2 gives you the opportunity to “beat the bugs out of the rugs” so to speak, killing two birds with one stone.
If your eCommerce platform is out of support, all of these vulnerabilities are magnified. Let’s look at some disturbing statistics (as of June 2020, BEFORE M1 was off support):
- Magento averaged approximately 1500 front end intrusions per month
- Estimated that this number would be double if backend infrastructure intrusions were trackable.
- You’re around ten times more likely to suffer a hack if you are not current with your software releases and security patches.
- 87% of all successful hacks are against systems with out-of-support software..
- 60% of small businesses that suffer intrusions go out of business within 6 months.
Still think it’s safe to stand pat with Magento 1? If so, at least consider some sort of protection, such as:
- Regular monitoring by your IT department. If you’re too small to have an IT Department, there are third parties that will do this for you (for example, Sucuri, Sansec, Mage One and others.) And detection packages are reasonably priced.
- Immediately remediate any hacks (you’ll probably have to engage a third party for this, as well, and not all detection packages include remediation.) This can be a very expensive proposition, unfortunately.
Keep in mind, though, that your best protection is to use current software and underlying code (for example, PHP) versions. Pay attention, or pay someone to pay attention for you.
Lots of companies like to save money (translation: live on the edge) by not migrating to Magento 2 and not taking any preventative measures If you’re like them, you will save money – unless you suffer an intrusion. And if you suffer an intrusion, it could be fatal. Ransom attacks and denials of service are two of the most popular weapons of hackers who specialize in SMB invasions. As stated earlier, over 60% of small businesses that are hacked go out of business within 6 months. Is it worth the risk?
Adeo Web Can Help
Migrating to Magento 2 can go a long way toward making your eCommerce business as secure as it can be (Disclaimer; there is no such thing as 100% secure – hackers are constantly perfecting their craft.) And Adeo Web can get you up and running on M2 at an affordable price and in a reasonable length of time. Our ten years plus of Magento experience and our team of in-house developers can provide you with the security you need and the performance you deserve. Call or email us now:
Ron Lilek, Director of Sales – North America
Adeo Web, U.S.