BLOG HOME > Cybersecurity > Magento 1 End of Life: What You Should Do

Magento 1 End of Life: What You Should Do

Brad Nelson
Director of Technical Support

Magento 1 end of life

E-commerce business owners using Magento 1x need to be aware. All Magento 1 shops are at the end of life. What does that mean? It doesn't mean everyone using Magento will have their e-commerce sites shut down or that you will no longer be able to make transactions using Magento 1. 

But it does mean that Magento 1 will no longer receive official and important security patches, updates or support. As of June 30, 2020, anyone still using a Magento 1 is potentially open to shopping cart webpage vulnerabilities because it is no longer supported, patched, or updated. 

SecurityMetrics vulnerability assessment scanners have been updated to check for Magento 1 users. As of August 6th, anyone who still has Magento 1 running on their servers will fail the SecurityMetrics vulnerability assessment scan

SecurityMetrics Summit 2020 Content On Demand

Access Here

Transition from Magento 1 to Magento 2

Reasons why you should upgrade to Magento 2:

1. Your online store is now at risk.

  • Security holes and vulnerabilities will no longer be fixed. This leaves your website open to attack. Your website and customer data could be at risk. 
  • If breached, you will be responsible for the loss of data, which could lead to large fees.

2. Your business reputation is at risk. You could lose customers as they fear for the security of their information.

  • You will no longer be able to pass security scans:
  • Your merchant bank may drop you as you pose a security risk. You will no longer be able to process credit cards.

PCI Approved Vulnerability (ASV) Scans

Learn More

Ecommerce web skimming and Magento 1

If you are using Magento 1, we urge you to update to a safe and approved version that is supported.

Cybercriminals know when your patches and software support expire, and they count on the resulting vulnerabilities to perform coordinated zero-day exploits. End of life for Magento 1 is no different, and hackers have been targeting Magento 1 shops with “Magecart” attacks.

Magecart–also known as web skimming or formjacking–is an attack where hackers gain access to your ecommerce shop through third parties. They typically hack into page analytics companies or ad providers, and insert small snippets of JavaScript that will be brought into the dynamic payment processing environment of a checkout page. This script is malicious and is coded to copy data from form fields on checkout webpages. 

While web skimming attacks take place in a third party’s code, it’s more important than ever to use tools that enhance the code review process because it’s not a perfect process. Director of Penetration Testing, Chad Horton ( ), explained this concept in our recent SecurityMetrics Summit Keynote Address:

“We often hear customers say, ‘We review our own code and we have OWASP training, so we know what we’re looking for.’ But what comes to mind is the fact that open SSL had a hard bleed in the code for two-and-a-half years before it was discovered. The Linux kernel released in May of this year had vulnerabilities that had been present for over 30 years. And I can guarantee that code had many eyes on it.”

Watch the entire Summit 2020 Keynote here

Ecommerce web skimming solutions

Web skimming is difficult to detect and prevent because it takes place outside of servers and firewalls, in the rendered code of the client-side browser. Additionally, traditional security tools and policies were not designed to detect web skimming or to work in dynamic environments like online retail shopping carts. 

SecurityMetrics' Analysts discovered the root of these attacks and have developed a patented web skimming solution: Webpage Integrity Monitoring (WIM) technology. WIM technology can detect web skimming at the moment it is triggered and will alert a merchant if a webpage has been compromised.

Join Thousands of Security Professionals and Subscribe