Magento 1 End of Life Announcement

Magento has announced that it is ending support for all versions of its Magento 1 ecommerce platform, including all future quality fixes and security patches, as of June 30, 2020.

You must migrate to Magento 2 or another platform before June 30, 2020, if you are currently integrated with Magento 1.
 
Consequences of not migrating:
  • Increased risk of data breaches, with possible damage to your brand and reputation.
  • Exposure of becoming a security target without any upgrade or security patches.
  • Falling out of compliance with Payment Card Industry Data Security Standards (PCI DSS). These global standards are set by card entities and apply to all merchants that process payments.
Requirement 6 of the PCI DSS requires merchants to "develop and maintain secure systems and applications by installing applicable vendor-supplied security patches." Without future security patches, Magento 1 merchants will no longer be able to meet this requirement, which could result in costly and time-consuming remediation.

Visa has also stressed that urgent action is required for merchants to migrate from Magento 1 and advised merchants to be aware of their responsibilities in securing their environment to help prevent the loss of payment card data.
 
Migrate now to Magento 2 or another Partner.
 

What do I need to do?

If you are currently using Magento 1, you must do one of the following by June 30, 2020:
 

Migrate to the Magento 2 platform

Or migrate to another platform

  • See our Partners page for a list of system integrators and e-commerce solution providers.

FAQs

Q: Which versions of Magento 1 are impacted?

A: All versions of Magento 1 are impacted, including Magento Commerce 1 (formerly known as Enterprise Edition) and Magento Open Source 1 (formerly known as Community Edition).

Q: What happens if I continue using Magento 1 after June 30, 2020?

A: Your integration will be out of compliance with Payment Card Industry Data Security Standards (PCI DSS). The global PCI DSS standards require each entity to “develop and maintain secure systems and applications by installing applicable vendor-supplied security patches.” Because Magento is no longer providing security patches, your integration may become vulnerable to attacks, with possible damage to your brand and reputation, as well as potential financial impact.

As a fallback option for merchants that cannot migrate before June 30, 2020:
Magento Association, a separate entity from Magento, has published the following links that provide merchants more information around the call to action for the upcoming June 30th deadline. They have also provided a link with a list of resources for Magento 1 merchants as a fallback option if they cannot migrate to Magento 2 or to another platform before the June 30 EOL.

1.     Magento 1 EOL Blog Post
2.     Magento 1 Post-EOL resources

Q: Does this only affect PayPal merchants?

A. No, all payment processing companies, including Visa, are following the same guidance and urgently advising their Magento 1 merchants to migrate to Magento 2 or another platform.

Q: How do I validate my PCI compliance?

A: The PCI Security Standards site provides a Self-Assessment Questionnaire (SAQ) that you can complete to validate your PCI compliance. One of the requirements of the SAQ form is to install vendor-supplied security patches within one month of release. Because Magento is no longer providing security patches after June 30, 2020, you will no longer be able to comply with Requirement 6, stating that you "develop and maintain secure systems and applications by installing applicable vendor-supplied security patches".

Q: Is there a chance the date will extend beyond June 30, especially given the COVID-19 situation?

A: No, Magento has already extended the deadline 18 months from November 2018 to enable merchants time to upgrade. Magento has confirmed that they will stop all support for Magento 1 as of June 30, 2020.

Q: If PayPal processes my card data, do I still need to comply?

A: Yes, even if you outsource part of your PCI DSS compliance to PayPal, you are still required to install security patches within one month of release, which will no longer be possible after June 30, 2020. In addition to these patches, merchants are responsible for meeting all requirements of their PCI DSS compliance.

Q: What resources are available to help me maintain PCI compliance?

A: PayPal has engaged with select System Integrator Partners to help you migrate to Magento 2.

Q: What are the alternate ecommerce solutions?

A: If you’re looking for alternate solutions, you can review our list of Ecommerce Solution Partners.

Q: Is PayPal providing migration support?

A: If you are based in the United States, you can apply for help to finance the move to Magento 2 Commerce Cloud through the Magento Migration Loan, a type of LoanBuilder Loan*, made available through PayPal.
* The lender for LoanBuilder Loan is WebBank, Member FDIC. This is an invitation to apply and not an offer or commitment to provide capital. Applicants must satisfy certain requirements to be eligible. WebBank is not affiliated with the offer to receive a full credit on the cost of financing and the credit is not part of your credit agreement with WebBank.

Q: What other resources are available?

A: You may find additional information from Magento at: