CAll Us: +1 888-999-8231 Submit Ticket

The Ultimate Magento 1 to Magento 2 Migration Guide

Still on Magento 1? Today might be a good time to start working on a migration plan to a newer platform. In this guide, we will cover the process of migrating your data and customizations from Magento 1 to Magento 2.

While Adobe stopped supporting the original Magento software in June 2020, there’s a good chance  you are still using Magento 1 to sell your products online. This is not inherently bad, given that there are products like Hostdedi Safe Harbor where you can get expert Magento 1 support for a fair price, but at some point it’ll be wise to replatform to a solution that’s being actively developed using the latest practices and technologies. 

With that in mind, we created the ultimate Magento 1 to Magento 2 migration guide.

Here’s what you need to know:


The first step should always be assessing what’s going to be migrated and what’s going to be left out of this process. This is a great opportunity to reduce your site’s footprint and make it lightweight. 

Do you really need all those product variations? How about the CMS pages you created for marketing and special events? Once you decide what’s going to be migrated over to the new platform, there are several tools you can use to automate the process. A complete file and DB backup is recommended before beginning the migration just in case it doesn’t complete and files are removed or modified in the process.

Magento released their own migration tool to handle some entities, including stores, websites, and system configurations like shipping, payment, tax settings, created orders, reviews, changes in customer profiles, plus all operations with orders, products and categories. That tool can be found here.

There will be data that needs to be manually migrated and that usually includes media files, storefront designs, access control lists and admin users. A how-to guide for manually migrating entities can be found here


Most of the stores we see at Hostdedi contain several 3rd party integrations: ERPs, PIMs, CIMs, CRMs, etc. Ads and marketing integrations are the most common ones used for Magento.  

Almost none of these integrations can be migrated automatically due to the differences in architecture between Magento 1 and 2 but the good news is that vendors usually offer migration tools and even modules for both versions, making this migration work simpler. 

Contact your preferred vendor and ask about their Magento 2 module andchances are you won’t have to develop these integrations from scratch. In the case where there’s no official Magento 2 module for the integration you need, check the Magento Marketplace to try and find a matching module for your integration. 


While Magento 1 used to include a web installer to download and install modules, Magento 2 completely removed this feature for security reasons. Sites with more than 100 modules were not common back then and code quality checks were almost on existent.

With the new Marketplace implementing quality checks, the quality of Magento’s extensions has improved dramatically. And while installation is not as simple as it used to be, a consistent standard is being met and code issues are less common for Magento 2. 

Bloated sites with multiple extensions doing the same thing is extremely common in Magento 1 and replatforming to Magento 2 is a good opportunity to remove any unused module to avoid extra classes being loaded and performance degradation. 

Look and feel/Themes:

Theming is often dismissed as “not that important” or “just design” but the truth is it’s a key part of the user experience. Both Magento 1 and 2 had frontend technologies that were already old when they were released (Prorotype.js and Knockout.js), but nowadays there are better options like PWAs or hybrid approaches developers can enjoy developing. There’s not much that can be directly ported between Magento 1 and 2 when it comes to themes and front end implementations, but given the rise of headless and PWA implementations and the API coverage, it has never been simpler to develop modern and usable front ends for your ecommerce store.


It’s really important to keep in mind that the performance profile of Magento 2 is very different from Magento 1. Don’t leave your server sizing and decisions for last and always remember to test your builds in an environment as close as possible to your live production. The infrastructure requirements are different as well with software like Varnish and ElasticSearch being supported out of the box or as system requirements.

Sizing the resources you need might not be as simple as it was with Magento 1 and that’s why the usual recommendation is to reach out to your hosting provider with some historical data to get a quote. Magento 2 is a resource hogging beast and should be treated as such. While developers love to set up production environments, they often forget you actually have to maintain those with security updates and patches. Going the Managed Cloud route should be a simple decision if you don’t already have an in-house sysops team with previous experience with Magento clouds.


We developed Hostdedi Safe Harbor to provide the updates and security needed by M1 stores post-EOL as they consider their next steps. If you’re a Hostdedi customer and not on Safe Harbor yet, it’s a simple add and can buy you time. Planning for migration early in 2021 will give you the runway you need to make a solid choice for your next platform and be ready for your store’s next phase of success – especially in time for Holiday. The most important takeaways are to understand how different Magento 1 is from Magento 2, ensure you’re looking at all your options, and feel confident in the choice you make for your next platform.

While guides like this are helpful, most of the work required for migration will need to be done by a system integrator or a development agency and having a good technological partner will help you solve common issues and scale when needed. We’re here to help with referrals or even to bat around ideas. You can explore more about Hostdedi here.

Source link

This Is What Happens When Your Magento 1 Site Gets Hacked

In June of 2020, Magento 1 reached end-of-life. This put the platform’s 200,000 sites at risk for malware attacks, and opened them up for the potential to incur heavy fines. 

We’ve been urging our Magento 1 customers to either replatform or to install Hostdedi Safe Harbor as a stop gap for PCI compliance. In the meantime, stores on Magento 1 remain vulnerable to attack, and their customers’ data is still at risk.

What Does It Mean When a Platform Reaches End of Life?

Magento 1 has been around a LONG time in software history. For the past 13 years, this platform has been home to hundreds of thousands of online businesses, from growing small businesses, to enterprise level operations.

But after over 10 years of service, Magento 1 has become obsolete, and Magento has shelved the platform for updates. That means their teams will no longer be developing security patches and updates for Magento 1 – the platform will remain stagnant.

Stagnant platforms that aren’t proactively monitored and updated for security do not meet the standards set by the PCI Security Standards Council, and may fall out of compliance as threats to the platform emerge.

Why End of Life Presents a Problem for Compliance

PCI compliance standards were originally set forth by a coalition of banks to ensure that online businesses were proactive about protecting their customers’ data. Using a set of standards, the PCI Security Standards Council keeps online businesses from taking a laissez-faire approach to how they handle online transactions.

The standards for compliance are as follows:

  • Install and maintain a firewall configuration to protect cardholder data
  • Do not use vendor-supplied defaults for system passwords and other security parameters
  • Protect stored cardholder data
  • Encrypt transmission of cardholder data across open, public networks 
  • Use and regularly update anti-virus software or programs
  • Develop and maintain secure systems and applications
  • Restrict access to cardholder data by business need to know
  • Assign a unique ID to each person with computer access
  • Restrict physical access to cardholder data
  • Track and monitor all access to network resources and cardholder data
  • Regularly test security systems and processes
  • Maintain a policy that addresses information security for all personnel

As you can see, all of the above distilled into one lesson comes down to this: if your business is not proactive about security, you will not be PCI compliant. If you’re not PCI compliant, you’re subject to hefty fines and penalties.

What Happens If Your Online Store Isn’t PCI Compliant?

The results of noncompliance are scary. 

It’s not just the right thing to do for your business, it’s the right thing to do for your customers. Running a store on an end-of-life platform can put thousands of people’s data at risk, opening you up to such a high-level of liability that your business might not even survive it.

Fines for noncompliance are typically passed along to the merchant, and can range from anywhere between $5,000 and $100,000 per month until compliance is achieved.

Banks may also choose to terminate their relationship with a noncompliant business, leaving you scrambling to replace your financial institution and payment processor.

Perhaps the most unsettling consequence of all of it is this: the loss of your customers’s trust. Picture them scrambling to protect their own financial information from your site’s security failure. Picture the headlines when the media picks up the story.

It’s not pretty, and it’s completely preventable.

What to Do When You Can’t Afford to Re-Platform

Look, we’re not being heavy handed about this to be jerks about it. This is serious stuff, but we’re also sensitive to the fact that at this point, a migration or replatform isn’t financially realistic for some businesses.

Businesses have struggled during the pandemic. Estimates are that small businesses have seen revenues plummet by a whopping 52% in 2020.

If your business doesn’t currently have the funds for a migration or replatform, you have another option.

Use Safe Harbor for Magento 1 PCI Compliance

A migration from Magento 1 to Magento 2 can cost anywhere from $50,000 to $100,000. For only slightly  more than you’re paying for your current Magento 1 hosting plan, Hostdedi Safe Harbor will keep your store secure until you’re ready to re-platform. Safe Harbor is a simple security add-on that uses sophisticated custom security patches from our Magento team to keep stores compliant post end-of-life. 

Current estimates are that Safe Harbor will be able to keep Magento 1 stores secure and compliant well into 2022, giving your company plenty of time to transition to a new platform, or to migrate to Magento 2.

In the wake of Magecart attacks and other security threats that have surfaced since Magento 1 reached end of life back in June, Safe Harbor has continued to protect those stores’ and proactively monitor emerging threats.

Learn More About Safe Harbor

Keep Your Magento 1 Store Security with Magento Experts

Magento’s first beta version was born here on Hostdedi servers. Since 2007, our company has been intimately aware and involved with this platform, and has cultivated technology alongside it that enables developers and businesses to build online businesses to scale.

With a full-time Magento Master on staff, world class 24-hour support, and a dedicated team of sysops engineers and security pros, Hostdedi has your back through your platform’s end-of-life.

Learn More

Source link

Making Old Stogies New Again: A Magento 1 to WooCommerce Migration Story

If you were running a retail store circa 2010, chances are you had an experience like many others at the time. The Web offered a new opportunity to expand your physical store, and Magento was the best solution for the job. So you found your platform, built your strategy, asked one of your trusted employees to moonlight as a product photographer, and fired up the office computer to get to work. 

As you started building your site, you soon realized that creating the perfect store meant sitting in the office trying to learn a new piece of software instead of selling. Hiring a local developer wasn’t cheap, but eventually the site was everything you thought you wanted, and you started marketing it everywhere. Sales trickled in, but never really lived up to your expectations.

Over the next couple of years, you realized through customer feedback and your own testing that your slow sales weren’t about inventory or addressing consumer needs. The site had slowed to a crawl, your web developer had become more difficult to get a hold of, and product pages weren’t coming up in search engines. Something needed to change. But rebuilding your website is expensive and time consuming and you didn’t want to take on another project. Until you had to. 

An end for Magento 1

At the end of 2018, the Magento organization announced that support for Magento V1 (likely the version you’ve been using) would cease on June 30th, 2020. So after finding the right person to do the job of upgrading, optimizing, and re-building your store to drive those sales you were looking for, the software that your store runs on will now not be modernized, optimized, or updated moving forward. So what should you do next? Carpe Diem! See the grand opportunity in front of you to upgrade – and develop the site of your dreams that’s bigger, stronger, faster than before. 

Case in Point: The path forward for a small business in Houston

At the end of last year, Stogies World Class Cigars in Houston realized that after five years, they weren’t seeing the sales benefit they’d hoped for in their online store. Even worse, hiring the talent needed to fix page speed and search engine issues was cost-prohibitive. Since the team at Stogies wanted to reduce their maintenance costs, as well as manage future updates, content, and layout changes in-house, WooCommerce was the strongest option for migrating from M1. Building atop the Hostdedi Managed WooCommerce platform immediately reduced future software update costs. Built-in automatic plugin / update testing and upgrades meant that Stogies could focus on merchandising and optimizing the purchasing path for buyers. Speed was also a big concern. When they came to Hostdedi, pages on their website often took 15+ seconds to load. As a result, sales were low online but great in stores. So another priority was to decrease load speed – because they knew by speeding up the site, more traffic and increased sales were soon to follow. 

Content and Creative are King

After finding the right platform in Managed WooCommerce, they knew it was important to bring forward the visual aspects of the old website while still keeping the site snappy. Afterall, the crew at Stogies was proud of how their website looked, just not how it was performing. After testing 50+ themes, we recommended they use Astra, the best performing theme for their site.. From there we paired Astra with the Beaver Builder plugin to allow for easy future editing of layouts and sales pages.

Serving up a Seamless Customer Experience

It’s important that when a previous customer returns to a website, they recognize the landscape. The website should operate the same (or better) than it did before. We evaluated every bit of the customer experience from the old Stogies website, and were able to duplicate most of the functionality with off-the-shelf plugins included as a part of the Hostdedi WooCommerce platform.

Moving customer accounts and orders

The last step before testing the entire site was to make sure that customer accounts, previous orders, product data, and content were all transferred to the new website. Magento and WooCommerce are extremely different in the way that they store information. Using an easy-to-use import plugin for WordPress, we were able to successfully recreate all customer accounts, orders, and other data within their new WooCommerce site.

The moment of truth

After almost five years of dealing with the frustration of a slow, underperforming website, it was time to pop the cork on a bottle of bubbly, re-launch the website, and see whether or not the work to rebuild in WooCommerce was successful. 

The results were staggering

Within a month after launch, traffic increased 20%-50% per-day (over the previous year). Time spent by potential customers on the site increased by minutes, and average page load speed decreased from 5.11 to 2.14 seconds. Traffic from search engines increased by 181%, and new visitors were up by 67%. Most importantly, revenue started to double month-over-month.

Why WooCommerce and not Shopify? 

As we set out on the journey to help Stogies turn their stale store into an online powerhouse, we took a deep look at what it would take to build it on Shopify. While it’s possible to build a simple beautiful store with Shopify, we ran into problems with even small customizations. We found that customization capabilities were either free and limited or expensive and detailed. We also found that some of the features or customizations needed for our build would require ongoing support from a third party developer- – something we’d set out to eliminate for the Stogies crew. 

We matched each site feature with it’s Shopify counterpart, and here is the fully-loaded cost estimate: 

Annual Costs WooCommerce Shopify
Non-NegotiablesProduct reviews, homepage slideshow, brand bar, from the blog section, recent products, product variations $0 $371
Custom Core FeaturesMega menu, multi-tier header, multi-tier footer, real-time USPS rates, real-time UPS rates, gateway $266 $119
Custom FeaturesStore locator, gift cards, event calendar, quick view, faceted filter, pricing tables, loyalty points, custom strength indicators, linked product attribute archives, email to a friend, menu cart, seo optimization, lazy load images, caching, forms, advanced search, PDF invoicing, email customization, ConvertKit integration, bulk product editing, wholesale pricing rules, import/export data tool, URL redirects $704 $2,499
ThemesCore theme, page customizations, theme customization, advanced customization $147 $150 +custom dev
Hosting / Plan Cost $948 $3,588 +custom dev
Total Annual Cost $2,065 $6,727

In short, WooCommerce is a third of the cost of Shopify and doesn’t require as much custom development.

We’re here to help you move forward

While Stogie’s results are extraordinary, they’re not unique. Modernizing, updating, and migrating your store to a fast WooCommerce platform will bring years of frustration with your online store to an end. Whether you’re working with an expert or managing your own store, we’re here to help. 

Source link

Magecart Attacks Again: the Latest on CardBleed

Only a couple of weeks after the first vulnerability with an associated CVE was discovered for Magento 1 after its end of life, reports about a large scale Magento 1 hack attempt surfaced. 

While stats are not definitive, as of today, around 3,000 sites were hacked. This attack, usually referred to as MageCart, is the most common type of attack against Magento 1 and it’s typically used to collect user credentials and credit card information from the application inputs and exfiltrate data to remote servers.

After carefully reviewing public reports and our WAF logs, Hostdedi identified the threat and swiftly added a fleet-wide block for /downloader. We also isolated the malicious content added to this prototype.js file and have removed it from every file, leaving the original malicious file as backup (prototype.js.bk) for the client’s reference. 

We already had filters for this, mostly against brute force attacks. But given that Magento discontinued Magento Connect after June 2020, we decided to block access and only re-enable it upon request for certain IPs. 

This is one of the biggest differences between a code based Magento 1 maintenance package versus a hosting-based approach. While almost every project issued notices and recommendations, they all required user intervention. 

Our approach was to deploy a fix to the entire server fleet without any user intervention.

While a few stores were impacted, the immense majority remained safe because of the infrastructure and systems we already had put in place. This foundation, plus our swift action, helped thousands of Hostdedi stores and customers to remain secure.

In addition, we released Nexcess_CSP for our Safe Harbor users. Content Security Policy (CSP) is an added layer of security that helps detect and mitigate certain types of attacks including Cross Site Scripting (XSS) and data injection attacks usually known as MageCart. This module helps any Magento 1 store to set CSP policies, avoid and report XSS attacks and has 2 main objectives:

  • Mitigate cross site scripting: disallowing the communication to certain URLs by specifying the domains that the browser should consider to be safe sources of scripts.
  • Mitigating package sniffing attacks: specifying which protocols are allowed to be used; a server can specify that all content must be loaded using HTTPS.

We did not find any intrusion for stores that had CSP_Nexcess installed and properly configured.  Hostdedi Safe Harbor provides an extra layer of protection against this type of attacks, which are likely to continue.

The best kind of protection against external attacks is a mix of server side protection in the form of a WAF plus modules and patches to keep your store protected.

Keeping your Magento 1 store fully operational means protecting it against known vulnerabilities. If you have yet to invest in Safe Harbor, this hack illustrates the importance of staying secure.

Hostdedi Safe Harbor is a sound foundation to keep your sites and stores protected while you are on M1.

Source link