Magento 1 went End-of-Life (EOL) on June 30th, 2020. You can read more about Magento’s EOL status and reasoning on Magento’s blog. When software or systems are declared EOL, there are often serious implications for the users of the software, including degraded performance, increasing security vulnerabilities, and other complications.
For more information, see Magento 1 End of Life. The best way to deal with an EOL status is to upgrade to newer, better-supported versions of the software. However, upgrading within a limited time window may not be possible for all users, which is why Nexcess is launching Safe Harbor for our Magento 1 users.
What is Safe Harbor?
Safe Harbor is a product to keep Magento 1 stores protected and safe after Magento 1 went End-of-Life (EOL). Safe Harbor provides additional security in the form of malware scans, external threat monitoring, Bad Bot Protection, IP blacklisting, staging environments for testing, and we'll backport patches. Our Safe Harbor product is an add-on to our shared Magento hosting plans.
Who is Safe Harbor for and why use it?
Our Safe Harbor product is for every merchant still running a Magento 1 store. Every merchant running Magento 1 will need to invest to keep their technology stack up to date & secure. You can pay your development partner for a custom solution or you can use our Safe Harbor product that will work for any Magento store and the costs are far lower.
When will this be available?
We launched Safe Harbor starting in February of 2020. Our engineers started rolling out proactive protective security patches before June 2020. Proactive malware scans, advanced threat protection, IP blacklisting, and the ability to test changes in a staging environment will all protect your store as soon as the product is added.
Are patches automatically applied to my site/store?
No. We won't automatically apply patches in version 1, to avoid causing issues or unexpected errors in your Store. You can either download patches through the portal and install them yourself or you can request that support apply a patch to your site. Patches are provided for Magento 1.9.x versions.
Will there be a scheduled update?
Yes, when there’s an update to server software we will issue a maintenance window and update the software. In the case of a significant Magento 1 security vulnerability, we may auto-patch stores and send a notification of the update.
How long is Safe Harbor available?
Safe Harbor will be available through March 31st, 2024.
What other options do I have?
You can also choose to migrate to Magento 2 or to WooCommerce. If you wish to stay on Magento 1.9 then a migration option would be using OpenMage which is a community-driven version of Magento 1. We have partners standing by to help with migrations in either case. Our sales team can help get that process started, contact them at 866-639-2377 or email@example.com.
What is the pricing for Safe Harbor?
Our Safe Harbor add-on will cost roughly 35% of a merchant's hosting plan. Migrations from Magento 1 to 2 can cost anywhere from $50,000 - $150,000. In that context, our Safe Harbor add-on is the most inexpensive way to make sure M1 stores are safe and will work long past June 2020. For more detailed pricing information, see our Safe Harbor product page or contact our Sales team at 866-639-2377 or firstname.lastname@example.org for additional help.
Is Malware Scanning included in Safe Harbor?
Yes, malware scans and reports are included in Safe Harbor. A date, the name of the malware, and the file that it was found in will be shown in the portal. The customers will also be able to request that malware be investigated by support by checking a box in the portal.
Can I use Safe Harbor and still be PCI compliant?
Yes. You can still be PCI compliant even though the app is no longer supported by the original creator as long as it meets all PCI requirements. This is the same way that writing your custom eCommerce software can be compliant. In these cases, you will need to go through your own PCI compliance process.
Given their commitment to keeping their Magento 1 module up to date, we strongly recommend checking out Stripe, if you haven't already.
Read our full post on PCI Compliance with Magento 1 & Safe Harbor.
Can I have Safe Harbor in my clustered environment?
SafeHarbor is not currently available for clustered environments in the same way that it is for non-clustered environments. All features are available, but not automated through the portal yet. Please contact our Sales team to discuss security features in your clustered environment.
How does Safe Harbor differ from OpenMage?
Safe Harbor is designed as a secure way for customers to continue to use Magento 1 while they prepare to migrate to a newer solution. OpenMage is a divergent fork of Magento that may not be backward compatible with Magento 1. We support OpenMage, we recommend Safe Harbor due to these possible compatibility issues.
Will patches work for both Magento 1 community and Magento 1 enterprise?
I love the features I see on Magento 1 Safe harbor… can I get these in Magento 2?
Most of these features are already available on cloud plans, and we plan to port some of the new features after Safe Harbor’s launch.
How will the Magento licensing with enterprise continue? Will Magento leave license checking enabled?
Every store will have to go through Magento when it comes to Enterprise edition licensing. Nexcess has nothing to do with this and while we can support both Community and Enterprise edition, the continuity of the enterprise license agreement will ultimately depend on Magento.
Is there a minimum Magento version needed to qualify for this?
No. Our preference is to have all sites at 1.9 but we know that this will not work for all customers. We are ready to help any customer to upgrade their sites as much as possible to avoid the problems associated with EOL software.
How are third party plugins/themes handled regarding security issues and compatibility?
We recommend using modules that explicitly state that they will be maintained after June 2020. We will do our best to keep a list of vetted modules but given the quantity of vendors out there, it might be hard to support them all when it comes to security.
Does this include keeping/making site code compatible with newer PHP versions?
No. We can help discover code incompatibilities but Safe Harbor does not include code fixes to make it work with newer PHP versions. We have partnered with some agencies that can assist customers in making code fixes so that their sites work with newer PHP versions. The ability to create staging sites to try out PHP or other upgrades before implementing them in your production environment may help mitigate these issues. For more information about our partner agencies, contact our Sales team
How Do I Sign Up for Safe Harbor?
Purchase through the pop-up. This pop-up will appear for customers that have an eligible plan for Safe Harbor.
Navigate to Services -> Shared Hosting -> Select the Plan -> Click Add Safe Harbor button.