Following the closure of brick and mortar stores due to COVID-19, many online retailers have already set up preparations for what’s expected to be the busiest holiday shopping season yet.
Amid the rush to fine-tune marketing messaging, design eye-catching ads, and deliver the best online shopping possible, many retailers often overlook a key item on their holiday prep checklist – their site’s security.
Fraud and cyberattacks are two very real threats most ecommerce retailers need to keep an eye out for. Given how impactful this year’s Black Friday Cyber Monday weekend will be, retailers can’t afford to treat security and reliability as an afterthought. A well-timed attack or unexpected outage is estimated to cost large retailers over $3000 a second. And with Adobe’s decision to stop supporting the M1 platform in June 2020, retailers operating a Magento 1 storefront need to be even more meticulous about securing their site.
What is the M1 End-of-life/End-of-support?
Adobe will end support for the 12-year-old Magento 1.x release line for both Magento Commerce and Magento Open Source on June 30, 2020.
From June 30th onward, retailers on Magento Commerce 1 and Magento Open Source 1 need to be aware that they have increased responsibility for maintaining their site’s security and PCI DSS compliance. Beyond the EOS date, Adobe will not be responding to any further security issues for Magento 1.
Adobe is encouraging M1 retailers to upgrade to Magento Commerce 2. At the time of this writing, Adobe is reporting 8,000 new quarterly Magento 2 site launches on top of 30,000 existing Magento 2 sites.
Security implications of M1 EOL
Fraudsters have been quick to act, the largest security incident to impact M1 users since the end-of-life has been CardBleed. Compromised sites were injected with malicious code that would intercept payment information from unsuspected store customers. As of September 18th, over 2806 Magento1 stores have been infected according to Sansec, a leading team of Magento security experts.
Top-ISPs for these 2735 hacked Magento 1 stores. Conclusion: a Cloudflare WAF or a certain premium Magento hosting company did not prevent this malware attack. https://t.co/WLzj2kvx8c pic.twitter.com/dKGPZZ55yF
— gwillem (@gwillem) September 16, 2020
As mentioned above, Adobe will not be responding to any security issues after the end of service date. For retailers on M1 after EOL, Adobe recommends the following options:
- Migrate to Magento Commerce
- Migrate to Magento Open Source
- Contract with a third-party vendor that provides security patches for Magento 1
Need more help navigating M1 EOL? We’ve partnered with JetRails to create a guide that uncovers the potential implications on your business and a set of actions you can take to ease concerns around security, vendors, and compliance.
Learn about the overview and implications of M1 end of life, and uncover important steps you can take to keep your site operating securely and safely. Download the full content here: https://www.bolt.com/magento-1-end-of-life/