Options After Magento 1.x End-Of-Life Deadline For Online Stores
Magento 1.x has officially been declared end-of-life after June 31’ 2020, and the version would no longer be supported or have any updates released. The announcement has been made long back, with appeals from the Magento community, Adobe and payment processing companies urging online store owners to upgrade to Magento 2. This has seen a spurt in Magento 2 upgrades, but thousands of stores are running on the unsupported version of Magento 1.x post the deadline. If your store is one of the many which have not migrated yet, you can consider the below options to evaluate if it would be worthwhile to continue using the existing version or move to Magento 2.x at the earliest.
Your options for running on Magento 1.x after June 2020:
If you have not yet migrated and have chosen to run on the legacy version, there are a couple of disadvantages that will weigh heavily against your choice. To begin with, you will no longer be able to receive support and updates from Magento for your online store, and this would risk the security and stability of your store and customer data. You might have to approach external developers or agencies for the support-which would come at a premium, past the deadline.
The most crucial disadvantage would be your store being non-compliant with PCI DSS standards, which would risk penalties and possible suspension of your online store. The PCI DSS standards require an online store to run on a secure and supported platform, with regular updates and support from the vendor-which would not be possible if you are still running on the unsupported version. However, you can consider the below options if you wish to still use the old platform instead of a smooth migration process to Magento 2.x.
We have listed the possible solutions to address the PCI DSS norms, which emphasize that these options would not ideally ensure compliance with the standards, but offer an alternative stop-gap arrangement to keep your store running. This set of solutions can be called “Compensating Controls” by the PCI, and require you to mitigate the risk associated with the non-compliance through other technology implementations. To implement them- you would have to invest and explore a lot to keep your store running on the old version and still face the risk of non-compliance anytime if they fail.
Third-Party Security Patches: You could regularly install recommended third-party security patches designed to prevent identified security vulnerabilities on your website. With Magento 1.x being end-of-life, online stores running on the older version would be a prime target for hackers-and security patches identify possible pitfalls and prevent them.
Secure Magento Hosting: You can opt for a safe and customized hosting package for your website, which is tuned to host Magento websites. Such hosting packages should include an advanced Web Application Firewall, Content Security Policy, among other features that would help prevent malicious access to your website. However, using a custom hosting package would not make your site completely compliant with the PCI DSS norms but indicates your willingness to adopt a compensating feature.
Additional Security and Scanning: You can implement additional security features such as protected and independent payment processing application pages hosted through a third-party, intrusion detection system, and can whitelist IP’s to access your admin panel. You can also configure frequent scanning of your website to ensure that it’s secure from vulnerabilities and malware, apart from checking file integrity and database activity
Put it all Together: If you have implemented the above- you are a step ahead in coming close to ensuring that you have made adequate efforts to safeguard your website in accordance with PCI DSS norms. However, any or all of the above might be inadequate for compliance, and the best advantage you can get is to put your point across in case of a non-compliance notice email or a failed audit. Since you would mostly respond to compliance notices through emails, make sure you have all your implementations well documented along with an action plan for compensatory controls.
However, we highly recommend that you move from your existing Magento 1.x website to Magento 2.x, instead of wasting precious time and resources trying to compensate for not migrating and running on the old platform. By migrating to Magento 2.x, you can have a single step take care of all your related PCI DSS compliance issues and have access to the vast security features and upgrades that the current version offers. This will give you time to focus on your core business activities, rather than patching-up things in an uncertain way.
In case you have challenges migrating to Magento 2.x, or are still running the Magento 1.x EOL version due to capital constraints during the COVID-19 pandemic-we at Exinent have a custom plan for you. Our COVID-19 Magento Migration plan offers Magento 2.x migration with flexible payment options spread across six months so that you need not worry about paying a huge amount upfront. The flexible migration option is our small way to help Magento 1.x store owners who are being affected by the major current slowdown in the economy. To know more, do contact us and we would be glad to help.