The importance of upgrading your store
In this post we talk about just how important it is to keep your Magento store up to date and cover everything from why you should upgrade, to how easy is it to upgrade, to what happens if you don't upgrade.
What happens if I don't upgrade my store?
If you don't upgrade your store what happens is - nothing. Yep nothing at all will happen. But that's the point, because the version of Magento that you are running is going to over time be lacking in more and more of the security updates that the latest version has. So by not upgrading you leave your store vulnerable to attack using the methods that have been secured in the latest version, but aren't in yours. Often these security updates are considered highly important and represent a serious security issue should they be exploited. While Magento of course don't publish exactly what each security issue is or how to exploit it, it's never the less a good idea to upgrade sooner rather than later.
Outside of this you will of course be missing out on any functionality enhancements and new features in upgraded versions. As to whether you want to use this extra functionality is a business decision, but rest assured that Magento always do their best to develop changes in a way where things will continue working the way they were without changes in areas that have been affected. This is great as it means you don't introduce the need for what would otherwise be unnecessary development work just to upgrade a store.
Why should I keep my Magento store up to date?
The security of your store is really the biggest reason why you should upgrade (discussed above), but there are others. You may remember with M1, it was fairly typical to see security only patches so you could secure your M1 store without implementing any of the other changes from a new version (such as functionality changes and new features). This is not generally the case with M2, and when a security only patch is released, it's typically only compatible with one version behind the most recent at the time of release. However as discussed below is the fact that upgrade issues are far less prevalent in Magento 2 due to the much improved tools Magento supply to keep changes and new functionality very light touch on the core codebase. So another reason to upgrade is to get the latest features added by the new release.
Another reason, and an important one is simply to ensure you are keeping your upgrade path clean and easy. As you get further behind in the version you are running, the sum total of the changes in core functionality increases, and this in turn means that more testing is required across more areas of the store before the new software version can be deployed to production. Deploying changes little and often is better than deploying larger changes irregularly. This is simply because the more code which differs, the greater the chance there is for bugs to have been introduced which could have been missed in testing. This can still be the case with quality development work and is often just the nature of coding complex systems like Magento. So to minimise code changes per deploy, and therefore potential bugs, deploying little and often is a good idea.
How easy is it to upgrade Magento?
You might be used to the old way of upgrading an M1 store, which was basically, overwrite a bunch of files with the new upgraded ones. So it was even possible for a non developer to FTP onto the server and just drop all the upgraded files onto the server and upgrade the store. Yeah, as if it was ever that simple, and copying a bunch of files over the top of the existing ones is never the right way to do it. And FTP, urghh. Sure it has it's place but an application like this is certainly not one of them!
Anyway, to get back on track, upgrading a Magento 1 store was on the surface a fairly straightforward thing but the reality was that though M1 has methods to override core behaviour and add new behaviour in a way which should mean upgrades are safe and easy, in all but the most simple of stores, an upgrade rarely happenned without issue.
You'll be glad to know that the tools Magento 2 offers to override core and add new behaviour far outstrip that of Magento 1 and make it a much safer, far easier task to upgrade a Magento 2 store. However this does come with one caveat. Just like with Magento 1, it is very possible to develop Magento 2 badly. So it's of utmost importance to find a developer who has the skills and experience you need, and follows best development practices. If you don't do this and instead for instance opt for the cheapest developer you can find, you are just storing up problems for yourself in the future.
When developing Magento one principle should be paramount - are these changes going to compromise the store upgrade path? There should be an obligation on both the side of the client and the developer to protect the store upgrade path. The client should be looking to stick as closely to core functionality as practically possible, only moving away if it's an essential business requirement. At the same time the developer should be informing the client if they feel like a requested change is something that could represent an issue further down the line. Magento is fantastic software, but also complex software and it should always be developed in such a way that makes it possible to upgrade the store to the latest version with minimal fuss. If you find yourself constantly having issues on upgrading, you might find the store has not been developed as well as it could be.
Don't take this to mean however that Magento can't/shouldn't be highly customised if needed. Where entirely new functionality is involved that doesn't really touch core functionality, upgrading is generally safe. Here I'm more talking out changes which fundamentally alter core functionality, and it's these kind of changes with can potentially increase risk on upgrading a store.
So how easy is it in actual practical terms to upgrade an M2 store? Actually very easy due to the use of composer. Composer is what is called a dependency manager for PHP. Basically what it does is allow you to automatically install many different PHP packages which work together to form the Magento application, while ensuring that they are all compatible with one another. It's also possible to add more packages to this list which is the primary way in which you install third party extensions. The dependency manager will tell you if you are attempting to install a combination of packages where there is an incompatibility and won't allow you to do it. So you can be sure that if composer allows you to install something, it should be compatible with other packages in the setup.
Finally, the first thing that should be done before actually upgrading is reviewing the release notes for that Magento version. The release notes are always in depth and cover all areas where changes have taken place. By reviewing them the developer can get an idea of any areas where changes will potentially need additional testing and possible development work.
Do you need a quality Magento developer to find maintain and upgrade your Magento store? That's exactly what you will find with us at Developer Connection, so create your project, or start your developer subscription today!