The Importance of Magento Security Patching… and Magento 2.0
If you run a Magento online shop, you should be aware of the importance of keeping your Magento platform up to date. This means ensuring any security patches that become available are applied. When a newer version of Magento is released, you also have the opportunity to upgrade the whole site, but that is less important.
On the topic of new version releases, the lovely people at Magento have recently released Magento 2.0. This has been a long time in the making, so is a pretty momentous event for the Magento community.
You can view more information as to what is included in the new release here.
Why is upgrading Magento important?
Keeping Magento upgraded and patched is vital because it means your store is kept safe and secure for both you (the shop owner) and your customers. Leaving your site running on an outdated or unpatched version leaves it vulnerable to malicious attacks. If a site is compromised, the results can be pretty nasty.
The last thing you want to happen is for sensitive customer data to be pilfered by shady characters who dwell in the darkest corners of the Internet, thriving off the misery and misfortune of others!
Do I need to upgrade my whole Magento site every time there is a new release?
No. Unless you’re on a really really old version (e.g. 1.5 or below) you can safely stay on the same version but still get the latest security patches applied. We typically recommend customers upgrade the core Magento version every 1-2 years to stay code current.
Should I upgrade to Magento 2.0?
Before you rush to upgrade to the latest version of Magento (2.0 at the time of writing), a non-trivial version upgrade like this can be quite an involved task and may not go smoothly at the first attempt. It wouldn’t be a good idea to kick off the process right before your busiest sales period for example.
You should definitely get your Magento store patched with all latest security patches immediately though. We normally help customers upgrade out of working hours to reduce the impact of any downtime while patches are being applied.
When should I look at these security patches then?
Umm… right away! To see if your site has any known vulnerabilities, please use Mage Report to scan your site. If you need help interpreting the results, please drop us an email.
How much will it cost?
This normally depends on your site’s configuration and complexity. Some contributing factors would be the number of extensions it uses, the amount of bespoke development that has been done, and whether it integrates with any third party stock management systems (for example, you can read about our integration of Magento with Intact Software here).
Security patches can normally be applied in under half a day without any trouble and we usually test the changes out on a demo version of a customer’s site first before rolling out live.
Feel free to get in touch with one of our lovely Magento techies today, to discuss upgrading or patching your Magento e-commerce site.