Still using Magento 1?

Much has been written about the end of support for Magento 1 but what does it really mean for users after June 2020?

Although Magento 1 sites won’t automatically go down after June 2020, we've been recommending merchants still using Magento 1 migrate well in advance of this date. After June 2020 there will be no official support for Magento 1 developers or merchants. Currently, Magento actively searches for vulnerabilities in Magento 1 and patches them approximately every six weeks, with some patches covering multiple security and stability issues.

After June 2020, the support and security patches for Magento 1 will immediately stop. This means that if there are any technical issues with a Magento 1 thereafter then it will be hard to find or develop a solution quickly. Even if end user customers are unable to checkout for a small amount of time, this could have a huge impact on sales and brand presence online.

Merchants who choose not to action the advice we have given may find that their website functionality becomes broken and that their website gets breached which could cost considerable damage from brand and data perspectives as well as incur a loss in sales and additional support costs.


From the date that Magento stops releasing security patches, it is widely believed that hackers will automatically be hunting out security flaws in eCommerce sites that are still on unsupported versions of Magento. They will be automatically and continually targeting sites with techniques such as denial of service attacks or Brute Force Penetration of user accounts. Hackers could have multiple entry points for these attacks once patches stop being released including: the Magento 1 framework, the supporting architecture (Zend Framework), and extensions.

If you haven't migrated before June 2020 their is a strong chance that your site will be compromised. As a business, merchants have a responsibility to protect their customer data. Without security updates their checkout may no longer be secure meaning hackers may be able to access customer information, potentially leaving them in breach of data protection laws.

Further, running an unsupported application fails PCI DSS compliance which may impact on merchant functionality for taking payments online. Let's say that we have merchants running quarterly AVS scans via a provider such as SecurityMetrics. Within 90 days they will be flagged as failing PCI compliance. We wouldn't be surprised if the banks and card issuers are on a plan to scrutinise and quickly withdraw services for Merchants found to running M1.

If you are still operating a Magento 1 site Affinity can advise you on some initial steps to minimise risk and consult on the best route for Magento 2 or an alternative plaform to migrate to. To read more about our Magento Services and contact us to discuss your best route click here