Magento 2.3 goes to end of life
on September 6, 2022.

In summary
  • The good news: Your website will be shut down nor will your credit card processor stop accepting payments.
  • The bad news: Your liability for data breaches will dramatically increase if you are processing cards through a platform that is now "defunct". Your long-term liability is significant. It is far and away in your best interest to upgrade as quickly as possible.
  • The price varies wildly and it entirely depends on the quality of the work on previous service providers and the complexity of the website.
  • Once you get an upgrade done right, and all the cobwebs are properly cleaned, future upgrades should be faster.
  • We start with an audit of your website. This gives you a document that removes any obscurity from the inner-workings of your website.

This is an honest assessment of the implications of staying on Magento 2.3:

should you upgrade?

SwiftOtter has been the type of partner we have been looking for to build our website. They are proactive and truly care about the end result. Joseph and his team dig past the surface to truly understand the deliverable in question and examine all the interaction points. They have added tremendous value to our process.

— Chris Piper, Grandstand

Get in touch
circled-checkbox
We have experience in turning these projects around. We wish we didn't have to do this, but at least we are good at it.

What happens if I don't upgrade by September 8?

Nothing happens or changes.

You will notice no problems and no change immediately. Your website will function normally. Order will still be placed.

The NUMBER ONE reason to upgrade is for PCI compliance and security. Don't get me wrong, there are plenty of new features you can put to immediate value. We will discuss these in detail below.

The rules

Payment Card Industries Rule 6.2 states:

Protect all system components and software from known vulnerabilities by installing applicable vendor-supplied security patches. Install critical security patches within one month of release.

In other words, if you are using a product that is no longer supported (with a month “grace period”), your website is no longer PCI compliant.

Adobe has outlined end of life for Adobe Commerce 2.3 as: September 8.

Will I lose my ability to transact credit cards on October 8th (September 8th plus one month grace period)?

No, you won't. Here is what will happen:

  • You will (or should) fail your next self-assessment questionnaire (SAQ). If this question is honestly answered by your in-house IT team, you will have to mark "No" for these two questions:
  • But here is where it gets real: if your website experiences a data breach that affects cardholder data, you will pay dearly. You likely won't know the breach has happened until Visa reaches out saying they have triangulated stolen cards: and find that these card numbers point to transactions in your store. This is made significantly worse if the card provider discovers your e-commerce platform is no longer supported.

    You are at their mercy until they decide proper recompense has been made. If you don't, you lose the privilege of accepting credit cards.

    It's a lose-lose situation as the fees and fines are enough to put most companies out of business.

There is a chance that Adobe would release a patch if the vulnerability is bad enough. But is it a wise business decision to wait until this point in time? No.

PHP is the language that powers Magento 2.3. The most likely version you are using is 7.4. Support for this ends November 28, 2022. Thus, even the language that makes the world go around is also losing support.

How does this affect our website's security?

Hackers look to make money—and credit cards are a great way to do this. Hackers look at targets like Magento because it's so widely used. If they find a vulnerability, they can likely deploy this across many websites to increase their gains.

It is probable that there are discovered vulnerabilities waiting for the "perfect" time to be released.

Remember that these exploits are not the type of the past, where the home page is defaced with obnoxious pictures. These are subtle with the hacker (or their software) making repeated visits to the server, obtaining more information on each attempt. You will likely find out months or years down the road—when it's too late. Having to contact your customers thanks to a data breach is not a pleasant task.

Now that compliance and security are out of the way,

Here is how you can pay for the upgrade through utilizing new features.

What features can I now use?

  • Improved Media Gallery: you can now use Adobe Stock to populate media on your website. This makes content management easier.
  • B2B suite purchase approval workflows (Commerce-only): there are updates across the B2B suite, but this is one of the most notable. Your customers can identify a purchase workflow. This reduces credit memos where an unauthorized person inadvertently places an order.
  • Improve PageBuilder capabilities: Adobe has continued investments in the PageBuilder area with Templates now built-in. You'll be able to pump out content faster than ever before.
  • AI-Powered Live Search Engine and Product Recommendations (Commerce-only): Adobe is heavily investing in its artificial intelligence system, Adobe Sensei. They have built adaptations or product search and recommendations. This is included within the licensing costs for the platform—so get it installed and use it!
  • Two-Factor Authentication: You've probably seen those cases where you have to specify a six-digit string of numbers. And it's a pain. This tool protects your password. This code changes every few seconds. It is very difficult (or impossible) for a hacker to brute force these codes. Note that you should still follow all normal security practices including unique passwords

The upgrade process

Before you agree to such a project, you need to know what’s involved in the upgrade. How much does it cost? What is the timeline? What are the potential ramifications?

The first step is to perform an audit on your Magento installation. You can read more here. While we can go to a comprehensive level, we can limit the scope to investigate the code aspects to a minimum.

You will get a document that shines a light on your system's internals—in a way you haven’t seen before. We systematically review every aspect and document findings with an easy-to-understand summary. This document also has an estimate for the upgrade.

Once you review and agree to the scope and estimate, we will sign the agreement and kick off the project. Your project manager will schedule regular cadence meetings to ensure we are on the same page regarding priorities and questions.

Our development team will be hard at work. If something goes sideways, we will let you know if something goes sideways as quickly as possible. We regularly push updates so that you can follow along with the progress.

We regularly review our work to ensure all aspects function as expected.

We will let you know when the upgrade is complete (but it will be no surprise as you get scheduled status updates). At this point, you can review all features to ensure they work as expected.

Once you present your sign-off on the project, we set a time to release this.

We allocate some time to ensure any post-release issues are dealt with quickly.

How much will this cost?

We can’t say for sure, but here are some rough ideas. The purpose of the initial audit phase is to give us the necessary data to get a reasonable estimate.

We have put out estimates for such an upgrade that exceed $100,000 and down to $15,000. Frankly, there is no possible way for me to give you a way that you can ballpark the upgrade while reading this article. The audit provides this necessary clarity.

Upgrading Adobe Commerce from version 2.3 to 2.4 requires a significant effort with numerous steps. We also budget time for a thorough website review after the upgrade is complete.

The price depends on many factors:

  • The number of modules
  • The complexity of custom modules (this has a significant impact)
  • The quality of custom code
  • How many “preferences” are used (each of these has to be separately reviewed)
  • The theme used
  • The number of changes to the theme
  • How the theme was modified (this has a significant impact)
  • The hosting architecture

What value will you realize from the upgrade?

Your website will now comply with Payment Card Industries Rule 6.1. If this was the only disqualification, you are currently in compliance with the PCI rules.

You will have the latest feature set:

  • Page Builder: Adobe’s tool to manage content. This allows you to click/drag and edit content in your browser—and see what it looks like in real-time.
  • Multi-source inventory: Adobe Commerce tracks the difference between quantity available and quantity on hand. You can fulfill the list from multiple locations.
  • B2B Workflow Approvals: companies can establish order approvals at a management level.
  • Live Search/Product Recommendations: these are powered by Adobe Sensei, an artificial intelligence toolset. Instead of paying significant money for these capabilities, you can have it on your website in short order.
  • Walmart/Ebay integrations: all Adobe Commerce editions now have access to direct connections to Walmart and eBay.

Of course, this upgrade brings hundreds of performance improvements. Adobe Commerce 2.4 is faster than 2.2. This means you can pass more orders through your website, and customers can do it faster.

Security is another aspect. We upgrade the core Adobe Commerce and all 3rd-party modules. This represents hundreds of security fixes to ensure your website is as secure as possible.

What we do

We are ecommerce application engineers. Our specialties are Adobe Commerce/Magento and Shopify.

Under this umbrella, we perform these services:

  • Audits, site reviews: take the covers off the black box of your website.
  • Ongoing maintenance: quality and fast help to keep your site functioning at top speed. We also build and improve its capabilities.
  • New builds: We take your imagination and turn it into reality on time and on budget.
  • Customer experience: No matter your idea, we will refine it and implement it. We have a rock star UI designer on staff who has tremendous experience.
  • Module builds: We can craft your Adobe Commerce integration if you are a technology partner.

Why SwiftOtter

Our mission is to provide the best service in the industry. Here’s how we do it:

  • Every one of our developers is certified. We do this to live up to our training. SwiftOtter has helped thousands of developers achieve Adobe Commerce certification. The net result is a highly-qualified team.
  • But it’s even better. We hire the best developers no matter where they are in the world—and we pay them well. Our developer roster is second to none.

You benefit in that we fix the root cause of problems. We don’t play games of whack-a-mole. We don’t do bandaids (but that’s your choice).

Why aren’t you a “full-service digital agency”?

Don’t you love buzzwords? We are the opposite. In our opinion, buzzwords are marketing fluff.

We believe that focus is ideal. Instead of doing “everything” at an ok level, we do one thing at an extreme level. If we don’t do something, we will guide you to a place that does it.

Get in touch
circled-checkbox
We have experience in turning these projects around. We wish we didn't have to do this, but at least we are good at it.
SwiftOtter, Inc.
It relates to <a href="https://swiftotter.com/technical?tags=7" class="plain-tag">Magento 2</a>, <a href="https://swiftotter.com/technical?tags=21" class="plain-tag">Project management</a> and <a href="https://swiftotter.com/technical?tags=22" class="plain-tag">Quality Assurance</a>.
Joseph Maxwell - president / senior developer at Swift Otter

President / senior developer at SwiftOtter - @swiftotter_joe