Keeping your store up to date

Magento is a highly versatile software framework offering development possibilities that go well beyond many other eCommerce options.  The framework has come a long way since version 1, and the inclusion of composer in version 2 makes upgrading easy, quick and safe.

It's the unfortunate truth that every success attracts those who will seek to exploit, and illegitimately gain from it.  In the eCommerce world, this is primarily in the form of attempts to compromise the security of a given framework with a view to getting access to customers data and payment information.  That's why Adobe have a big focus on security testing Magento and releasing patches and new versions when needed to resolve any security risks found.

So this is one of the primary reasons you should upgrade your store - to make sure it's fully secured, but you'll also regularly get new features and functionality, and also plenty of bugfixes.  In this post we talk about just how important it is to upgrade, look at how easy it is to do, and also what happens if you don't upgrade.

If you don't upgrade your store to the latest Magento version, what happens is - nothing. Yes, nothing at all will happen. But that's the point because the older the version of Magento you're running, the more you'll be lacking in the security features offered by the latest version.  So by not upgrading, you leave your store vulnerable to attack.

Adobe regularly release security updates for Magento, and they should be considered highly important, often representing one or more fixes for severe security issues.  While Adobe of course doesn't publish precisely what each security issue is or how to exploit it, it's nevertheless a good idea to upgrade sooner rather than later.

Outside of this, you will, of course, be missing out on any functionality enhancements, new features and bigfixes in upgraded versions. Whether you want to use this extra functionality for your Magento website is a business decision, but rest assured, Adobe always does its best to develop changes in a way that won't affect existing functionality customisations. This is great as it means you don't introduce the need for what would otherwise be unnecessary development work to upgrade your eCommerce store.

Your store's security is the most significant reason you should upgrade, but there are others. You may remember with Magento 1; it was pretty typical to see security only patches so you could secure your Magento 1 store without implementing any of the other changes from a new version (such as functionality changes and new features). This is not generally the case with Magento 2. When a security-only patch is released, it's typically only compatible with a few versions behind the most recent at the time of release. However, upgrade issues are far less prevalent in Magento 2 due to the much-improved tools Adobe supply to keep changes and new functionality very light touch on the core codebase.

A second reason to upgrade is simply to get the features added by the latest release, along with the many bugfixes.

A third reason and an important one is to ensure you're keeping your upgrade path clean. As you get further behind in the version you're running, the sum total of the changes in core functionality increases, which means that more testing is required across more areas of the store before the new software version can be deployed to production.

Deploying changes little and often is better than deploying larger changes irregularly. This is simply because the more code that differs, the greater the chance for bugs to be introduced, which could have been missed in testing. This can still be the case with quality development work and is occasionally just the nature of coding complex systems like Magento. To minimise code changes per deployment, and therefore potential bugs, deploying little and often is a good idea.

You might remember the old way of upgrading a Magento 1 store, which overwrites many files with the new upgraded ones. So it was even possible for someone with little to no Magento development skills to FTP onto the server and just drop all the upgraded files onto the server and upgrade the store. As if it was ever that simple, and copying a bunch of files over the top of the existing ones is never the right way to do it. And FTP, just steer clear of that!

Anyway, to get back on track, upgrading a Magento 1 store was on the surface a fairly straightforward thing, but the reality was that though Magento 1 has methods to override core behaviour and add new behaviour in a way that should mean upgrades are safe and easy, in all the most simple of stores, an upgrade rarely happened without issue.

You'll be glad to know that the tools Magento 2 offer to override core and add new behaviour far outstrip those of Magento 1 and make it a much safer and easier task for a Magento 2 upgrade. However, this does come with one caveat. Just like with Magento 1, it is very possible to develop Magento 2 badly.  So it's of utmost importance to find a Magento expert who has the skills and experience you need and who follows best development practices. If you don't do this and instead, for instance, opt for the cheapest developer you can find, you're just storing up problems for yourself in the future.

When developing Magento, one principle should be paramount - are these changes going to compromise the store upgrade path? There should be an obligation for both client and developer to protect the store upgrade path. The client should stick as closely to the core functionality as practically possible, only moving away if it's an essential business requirement. At the same time, the developer should inform the client if they feel like a requested change could represent an issue further down the line.

Magento is fantastic software and complex software, and it should constantly be developed so that it is possible to upgrade the store to the latest version with minimal fuss. So if you find yourself having frequent upgrade issues, you might find the store hasn't been developed as well as it could be.

Don't take this to mean, however, that Magento can't or shouldn't be highly customised if needed. Where entirely new functionality is involved that doesn't really touch core functionality, upgrading is generally completely safe.  Here I'm talking about changes that fundamentally alter core functionality, and it's these kinds of changes that can potentially increase the risk of upgrading a store if not done well, but still shouldn't affect the upgrade path if they are done well.

So, how easy is it in actual practical terms to upgrade a Magento 2 store?  Very easy due to the use of Composer. Composer is what is called a dependency manager for PHP.  It allows you to automatically install many different PHP packages that work together to form the Magento application while ensuring they're all compatible.  It's also possible to add more packages to this list which is the primary way to install a 3rd party extension.  Composer will tell you if you're attempting to install a combination of packages where there's an incompatibility and won't allow you to do it. So you can be sure that if the Composer allows you to install something, it should be compatible with all other composer packages on your system.

Some developers don't make their extensions available via Composer.  It's always preferable to install third party extensions via Composer, but if there's really no other option then extensions can still be installed the old Magento 1 way by downloading the extension files and adding them into the codebase.  Just be aware that if you choose to do this, you're actually adding additional complexity and potential issues to the upgrade as compatibility of these kinds of extensions won't be checked by Composer and so will have to be done manually.  If forgotten you could inadvertently break some store functionality if something in the non upgraded version of the extension then doesn't work with the new Magento version.

The first thing you should do before upgrading is to review the Magento version's release notes. The release notes are always in-depth and cover all areas where changes have taken place.  By checking them, the developer can get an idea of any areas where changes may need additional testing or development work.

But to conclude as a general principle, a Magento 2 store upgrade should be a straightforward process when development has followed best practices and composer used for third party extensions.

If you need a quality Magento developer upgrade your Magento store, that's exactly what you'll find with us at Developer Connection.  We connect you with quality, relevant and experienced eCommerce developers across the UK for free, and with no commission - so find your developer today!