Let us know about your project and will get back to you within 24hrs. If you'd rather speak to someone now Call +44 (0)20 7856 0270

Rather speak to someone? Call +44 (0)20 7856 0270

Trusted By Brands Worldwide
  • Scitec
  • Rains
  • NHS
  • MG
  • Leesa
  • Wasps
  • Hera
  • Lazy Oaf
What our clients say

Great service, pleased with the finished product. Account management has been great, and very helpful. Very happy with the overall experience - would recommend to anybody looking to create or update their Shopify web store.

Wasps Rugby Club

Magento vs Shopify

Posted By Jacob Ingram

How long will Magento 1 be supported?

Magento version 1 is coming to an end. Sometime after November 2018, Magento is ceasing all security updates on the platform.

This means that, if anyone exploits a vulnerability in Magento 1 after this date, Magento won’t be releasing any more patches or updates to fix it. This is a concern because, when Shoplift hit, the biggest ecommerce exploit ever, it took them three months to release a patch. If this happens again, the likelihood of there being a security update the combat it is very small.

If your online shop is on Magento, then you have probably heard about what you should be doing when we reach Magento end-of-life. Waiting until the date really isn’t an option. Magento will be tailing off their focus on Magento 1 as we get closer to the end-of-life date. This means that the closer you leave your replatforming, the more susceptible your site will be to exploits.

Magento Security Stats | Magento vs Shopify

Stats provided by Astra Security.

Whether you’re hearing about this for the first time, or you’re already considering migrating from Magento, we’ve created this Magento vs Shopify guide to outline the implications and what you should be considering.

If you’re concerned about security, contact us for a free Vulnerability Audit on your ecommerce store.

What are Magento doing?

Magento launched in 2008, and has since been one of the biggest ecommerce platforms on the web. It was one of the first viable ecommerce platforms that emerged, so for people looking for an online shop, it was an obvious choice.

However, for the last several years, Magento has been the last choice for people seeking an ecommerce solution. They’re lagging behind other platforms when it comes to everything from usability, functionality, and most importantly, security.

If you are on a Magento site, Magento are going to want you to replatform onto Magento 2.

Our advice: Don’t.

Magento 2 had something of a soft release in 2015. It is slightly slicker than Magento 1. However, there are still concerns over some gaping security holes.

Mitre.org is a not-for-profit organisation that lists these security holes. Mitre started life as a systems engineering organisation for the US national defense service. Now, they literally write the book on cybersecurity. A book that you don’t want to end up in, because it lists all of the cybersecurity holes in platforms, software and programs.Magento 2 is on the list. Magento 1 also made the list, with 7 vulnerabilities recorded in the last three years.

Shopify, on the other hand, has never appeared in the book.

Why is Shopify so safe?

Shopify are at the forefront of ecommerce security. They subscribe to HackerOne, which is an online tool that challenges hackers to find exploits in software for financial reward. They pay people to find holes in their security so they can fix them.

Shopify is a secure ecommerce platform

How will remaining on Magento affect your online shop?

There have been concerns that businesses that don’t migrate from Magento may suffer damage as a result of compromised security. As an online retailer, you have a responsibility to protect your customers’ data. This is already a difficult task on Magento, which will be exacerbated when they stop issuing security updates next year, meaning that if it’s easy for hackers now, soon it will be open season. According to Astra, a web security firm who tested one thousand Magento sites, 62% of Magento sites have at least 1 security vulnerability and 85% of all of the hacked ecommerce sites on the internet are Magento sites.

"We have been seen a continuous increase of attackers targeting payment flow of Magento stores with an aim to steal customer credit card information. In the last 3-months, while working with Magento stores our team has found three critical vulnerabilities in famous Magento extensions. Even though Magento community works hard to assure security of the core, vulnerable extensions give hackers a point of entry." - Ananda Krishna, Astra Security.

At Eastside Co, we migrate a lot of websites from Magento to Shopify. Several businesses approached us complaining about security issues with Magento, looking for an alternative. We undertook our own investigation into security issues on Magento sites, to find out how deep this ran.

Kiran Price, our CTO, randomly picked a handful of Magento sites on which to run a series of security audits. Every site he audited had some level of security vulnerability. Some of them were leaking customers’ credit card details. In the end he stopped looking for these exploits and concluded it would be harder to look for a Magento site that didn’t have cybersecurity issues.

Migrating your Magento site

It might seem like moving your outdated Magento 1 site to Magento 2 could be the easiest option, but as we have already pointed out, Magento 2 is already listed on Mitre’s record of platforms with vulnerabilities. On top of that Magento 2 is a completely new platform, meaning the migration is going to be no easier than moving your site on to Shopify, a platform that has no security vulnerabilities. You’ll still have to build a new site, learn a new interface, and get to know how the intricacies of the platform work.

Magento 2 is still in its infancy, so there is going to be a constant stream of updates and patches. This should stop when Magento 2 stabilises, but Magento 1 didn’t stabilise in eight years, so why should users believe that it will happen with Magento 2? And if that isn’t enough to worry about, you’ll probably have to pay for those updates and patches . You’d think the first concern for a business that handles hundreds of millions of dollars worth of card details would be security. It doesn’t seem to be the case for Magento.

Did we mention that Shopify has never had any reported security issues?

If you’re concerned about security, contact us for a free Vulnerability Audit on your ecommerce store.

Magento 2 is hard work

So Magento 2 as an ecommerce platform is bloated and complicated. Great developers are in short supply as it is, and there are even fewer of them that will work with Magento 2. The complications also add to the potential holes in your site. If you choose Magento 2, make sure you stay on top of your security to protect your business.

Magento hidden costs?

Okay, so Magento is free.

But it isn’t really free., Many essential components, such as your SSL certificate, your PCI compliance and high quality hosting will need to be paid for separately. This is all absolutely required for an ecommerce store.

  • PCI is the Payment Card Industry Data Security Standard. You web host has to have this so that all of your customers card details are secure.
  • An SSL certificate encrypts data that travels between a website and a server. This means you can submit credit card details to a website, without fear of it being intercepted.
  • You need good quality hosting for an ecommerce site. You want as little downtime as possible, because that will impact on revenue. You also want it to be secure, to protect your customer data.

Magento vs Shopify

Magento used to be the most popular ecommerce platform, but with all of the holes in security, the hidden costs and the development complications, Shopify has fast overtaken it. Entrepreneur.com called Shopify ‘one of the most well rounded, all-in-one ecommerce platforms out there’.

Shopify vs Magento: Features

Shopify includes, as standard, a lot of the features that make Magento so expensive. This means that you won’t have to buy updates or an SSL certificate for your Shopify store.

  • Every Shopify store has an SSL certificate, no matter which plan you go for.
  • Shopify host your store themselves, and their servers are second to none. You don’t have to pay a host, worry about downtime, or pay extra for PCI compliance.
  • When Shopify issues a security update or patch, it is automatically applied to every site on the platform. These platform updates are also free.
  • Shopify has a 24/7 support service.
  • Shopify is completely customisable with the apps available, and there is a community of developers creating wonderful apps to make your store work for you.

What are your next steps?

If you’re on a Magento website, you really need to start thinking about replatforming. The deadline for security updates is fast approaching, and you don’t want to start the process too late. Give us a call, and we can chat you through the options, and how your site could be moved on to a stable and more secure platform.

Alternatively, if you’re concerned about the security on your existing site, get in touch, and we’ll happily run a free security audit on your site. This will uncover any vulnerabilities that your site might have, and we can advise on a course of action to get this fixed.

If you’re concerned about security, get a If you’re concerned about security, contact us for a free Vulnerability Audit on your ecommerce store.

Shopify Conversion Checklist

Skyrocket your store’s sales, and join over 30,000 merchants that have already benefitted from the page by page breakdown listed inside.

Shopify Conversion Optimisation 2018 Checklist

Shopify Conversion Checklist

Download the latest version of our checklist today and get practical CRO tips and tactics to turn more of your visitors into customers.