Magento vs Shopify

Magento vs Shopify

Making the move from Magento? See how Shopify compares in terms of security, stability, flexibility and price.

Written by Jason Stokes

6 min read

How long will Magento 1 be supported?

Magento version 1 is coming to an end. In September 2018, Magento announced that the end of life for Magento 1 will be June 2020, when they will cease support and security updates on the platform.

This means that, if anyone exploits a vulnerability in Magento 1 after this date, Magento won’t be releasing any more patches or updates to fix it. This is a concern because, when 'Shoplift', the biggest ecommerce exploit ever, hit, it took them three months to release a patch. If this happens again, the likelihood of there being a security update to combat it is very small.

If your online shop is on Magento, then you have probably heard about what you should be doing when you reach Magento end-of-life. Waiting until the date really isn’t an option. Magento will be tailing off their focus on Magento 1 as we get closer to the end-of-life date. This means that the closer you leave your replatforming, the more susceptible your site will be to exploits.

Magento Security Stats | Magento vs Shopify

Stats provided by Astra Security.

Whether you’re hearing about this for the first time, or you’re already considering migrating from Magento, we’ve created this Magento vs Shopify guide to outline the implications and what you should be considering.

If you’re concerned about security, contact us for a free Vulnerability Audit on your ecommerce store.

Platform migrations can be a time for innovation, refocus, and positive transformation in businesses, as it gives an opportunity to consider what improvements could be made by a move to a new platform.


What are Magento doing?

Magento launched in 2008, and has since been one of the biggest ecommerce platforms on the web. It was one of the first viable ecommerce platforms that emerged, so for people looking for an online shop, it was an obvious choice.

However, for the last several years, Magento has faced stiff competition from other platforms and there is now more for people seeking an ecommerce solution to consider. Magento has not kept pace with other platforms when it comes to usability, functionality, and most importantly, security.

If you are on a Magento 1 site, Magento are going to want you to replatform onto Magento 2.

Our advice is to take the opportunity to explore and consider the alternatives.

Magento 2 had something of a soft release in 2015. It is slightly slicker than Magento 1, however, there are still concerns over some potential security issues.

Mitre.org is a not-for-profit organisation that lists these security holes. Mitre started life as a systems engineering organisation for the US national defense service. Now, they literally write the book on cybersecurity. A book that you don’t want to end up in, because it lists all of the cybersecurity holes in platforms, software and programs. Magento 2 is on the list. Magento 1 also made the list, with 7 vulnerabilities recorded in the last three years.

Shopify, on the other hand, has never appeared in the book.


Why is Shopify so safe?

Shopify are at the forefront of ecommerce security. They subscribe to HackerOne, which is an online tool that challenges hackers to find exploits in software for financial reward. They pay people to find holes in their security so they can fix them.

Shopify is a secure ecommerce platform

How will remaining on Magento affect your online shop?

There have been concerns that businesses that don’t migrate from Magento may suffer damage as a result of compromised security. As an online retailer, you have a responsibility to protect your customers’ data. This is already a difficult task on Magento, which will be exacerbated when they stop issuing security updates next year, meaning that if it’s easy for hackers now, soon it will be open season. According to Astra, a web security firm who tested one thousand Magento sites, 62% of Magento sites have at least 1 security vulnerability and 85% of all of the hacked ecommerce sites on the internet are Magento sites.

"We have seen a continuous increase in attackers targeting payment flow of Magento stores with an aim to steal customer credit card information. In the last 3 months, while working with Magento stores our team has found three critical vulnerabilities in famous Magento extensions. Even though the Magento community works hard to assure security of the core, vulnerable extensions give hackers a point of entry." - Ananda Krishna, Astra Security.

At Eastside Co, we have migrated many websites from Magento to Shopify. Several businesses approached us complaining about security issues with Magento, looking for an alternative. We undertook our own investigation into security issues on Magento sites, to find out how deep this ran.

Kiran Price, our CTO, randomly picked a handful of Magento sites on which to run a series of security audits. Every site he audited had some level of security vulnerability. Some of them were leaking customers’ credit card details. In the end he stopped looking for these exploits and concluded it would be harder to look for a Magento site that didn’t have cybersecurity issues.


Migrating your Magento site

It might seem like moving your outdated Magento 1 site to Magento 2 could be the easiest option, but as we have already pointed out, Magento 2 is already listed on Mitre’s record of platforms with vulnerabilities. On top of that Magento 2 is a completely new platform, meaning the migration is going to be no easier than moving your site on to Shopify, a platform that has no security vulnerabilities. You’ll still have to build a new site, learn a new interface, and get to know how the intricacies of the platform work.

Magento 2 is still in its infancy, so there is going to be a constant stream of updates and patches. This should stop when Magento 2 stabilises, but Magento 1 didn’t stabilise in eight years, so why should users believe that it will happen with Magento 2? And if that isn’t enough to worry about, you’ll probably have to pay for those updates and patches . You’d think the first concern for a business that handles hundreds of millions of dollars worth of card details would be security. It doesn’t seem to be the case for Magento.

Did we mention that Shopify has never had any reported security issues?

If you’re concerned about security, contact us for a free Vulnerability Audit on your ecommerce store.


Magento 2 is hard work

So Magento 2 as an ecommerce platform is bloated and complicated. Great developers are in short supply as it is, and there are even fewer of them that will work with Magento 2. The complications also add to the potential holes in your site. If you choose Magento 2, make sure you stay on top of your security to protect your business.


Magento hidden costs?

Okay, so Magento is free.

But it isn’t really free., Many essential components, such as your SSL certificate, your PCI compliance and high quality hosting will need to be paid for separately. This is all absolutely required for an ecommerce store.

  • PCI is the Payment Card Industry Data Security Standard. You web host has to have this so that all of your customers card details are secure.
  • An SSL certificate encrypts data that travels between a website and a server. This means you can submit credit card details to a website, without fear of it being intercepted.
  • You need good quality hosting for an ecommerce site. You want as little downtime as possible, because that will impact on revenue. You also want it to be secure, to protect your customer data.

Magento vs Shopify

Magento used to be the most popular ecommerce platform, but with all of the holes in security, the hidden costs and the development complications, Shopify has fast overtaken it. Entrepreneur.com called Shopify ‘one of the most well rounded, all-in-one ecommerce platforms out there’.


Shopify vs Magento: Features

Shopify includes, as standard, a lot of the features that make Magento so expensive. This means that you won’t have to buy updates or an SSL certificate for your Shopify store.

  • Every Shopify store has an SSL certificate, no matter which plan you go for.
  • Shopify host your store themselves, and their servers are second to none. You don’t have to pay a host, worry about downtime, or pay extra for PCI compliance.
  • When Shopify issues a security update or patch, it is automatically applied to every site on the platform. These platform updates are also free.
  • Shopify has a 24/7 support service.
  • Shopify is completely customisable with the apps available, and there is a community of developers creating wonderful apps to make your store work for you.

What are your next steps?

If you’re on a Magento website, you really need to start thinking about replatforming. The deadline for security updates is fast approaching, and you don’t want to start the process too late. Give us a call, and we can talk you through the options, and how your site could be moved on to a stable and more secure platform.

Alternatively, If you’re concerned about security, contact us for a free Vulnerability Audit on your ecommerce store. This will uncover any vulnerabilities that your site might have, and we can advise on a course of action to get this fixed.

Who we are

We are one of the world’s most trusted and experienced Shopify Plus Partners. A full-service, fully in-house digital agency of over 50 talented people, we’ve helped hundreds of ambitious brands exceed their goals.

About Eastside Co

What we do

Eastside Co leads the way in UX-focused Shopify web design, results-driven marketing strategies, and best-in-class Shopify applications and software. We help online businesses escape the ordinary and achieve ecommerce success.

Discover Services

Over 500 Shopify builds.

Let's work together to build your store.

Get In Touch