Bhavin Patel
3 min read

If your eCommerce site is not built on Magento, you can stop right here… but for the thousands of people/companies that chose to create their site on the powerful Magento platform, keep on reading.

Back in September 2018, Magento officially announced that software support for Magento 1 would end after June 2020. That date is fast approaching and any retailers running on Magento 1 should immediately start thinking about a migration plan if they haven't done so already. Before we begin...

What is Magento 1?

Magento 1 is an e-commerce platform originally released in 2007. The platform was open-source and built with flexibility in mind, which made it very popular with retailers and web developers. In 2015, Magento 2 was released to address some of the shortcomings of Magento 1. Due to fundamental differences between the two versions of Magento, upgrading from Magento 1 to Magento 2 is not as simple as pressing a button. Magento has provided support for both versions in recent years, but soon that will change and Magento 1 will no longer receive additional support patches.

Why should I care?

Being such a popular e-commerce platform makes Magento an attractive target for hackers. Any major vulnerabilities that are discovered in Magento 1 after support ends will not be patched by Magento, which would allow attackers to exploit these vulnerabilities and hack your website. This can lead to customer card data being stolen and your site's reputation being irreversibly damaged. PCI-DSS requirement 6 states that systems and applications must be protected against any known vulnerabilities, so you will also be hit with large non-compliance fines.

Being hacked, customer data being stolen, web search penalties, a tainted brand and fees are definitely a bad combination for any business.

Discovering whether a site runs Magento 1 is relatively easy for attackers, which means they could automate the process and unleash an attack on a large scale. So it's not just large retailers that need to worry, small retailers will be an even easier target.

Side note - it’s not hard to imagine that hackers are counting down the time Magento 1 will become unsupported. There is no doubt amongst specialists that a plan to attack eCommerce sites will take place as soon as support is dropped.

What should I do?

If your site is running Magento 1, it's essential that you start creating a migration plan as soon as possible. You might even be a tad late. Magento has provided documentation to developers to migrate from Magento 1 to Magento 2. As Magento 2 is built with a different architecture to Magento 1, upgrading from one to the other is not a quick and easy task. Any extensions, themes or custom code will also have to be reviewed during the migration process as they will not be directly compatible with Magento 2.

Using a web application firewall (WAF) can also prevent attackers from exploiting some vulnerabilities in your site. While this should not be seen as a long-term solution to this particular problem, it may buy you more time during the migration process and it will protect your site from many other threats that will not be covered by the standard installation of an up-to-date e-commerce platform.

Our Pitch - Who can help me?

We can! This will be brief, we can help you in two ways:

  1. FGX-Web - yes, our website security solution provides website scanning (internal and external vulnerabilities), monitoring, alerting and protection. We can protect your website until your migration is done, if you run out of time.
  2. Responsible eCommerce - we partnered with incredible agencies and iomart to offer you the smoothest, most affordable and secure way to migrate to Magento 2. Best of all, you also get a Breach Protection Warranty of £50,000 (to cover PCI forensic costs and other related fees in the unlikely case of you getting breached).

Sounds good? Check out this page for more information on our Responsible eCommerce solution.

Subscribe to our Blog

Contact Us

Access cybersecurity advisory services


Bhavin Patel
Bhavin Patel

Bhavin is a cybersecurity professional with over 5 years of experience. As part of the Threat Intelligence Group (TIG), he assists the DFIR team with forensic investigations, performs deobfuscation & analysis on malware findings and creates signatures which enable detection of malware by our in-house technology and ThreatView.

See All Articles

Subscribe to our blog

Security never stops. Get the most up-to-date information by subscribing to the Foregenix blog.