Often store owners have the following questions regarding Magento upgrades:
- Why should I spend time and money to do a Magento 2 upgrade?
- When and what types of upgrades are necessary?
- What benefits do upgrades bring to my business?
In this article we will try to answer those questions and give you some advice on how to stay secure, avoid unnecessary issues, plus save time and money!
What types of Magento upgrades are available?
Currently Magento has two types of possible Magento upgrades:
Usually new Magento releases bring some bug and security fixes as well as new features and improvements. Releases have a lot of changes. With each release, Magento changes one or a few digits in the version number (e.g. from 2.3.1 to 2.3.2).
After those upgrades you may experience incompatibility issues between your newly updated Magento version and your theme, extensions, and/or your customisations. Very often after these upgrades, you need the help of a PHP developer to fix incompatibility issues and make the webstore properly work again.
Patches are types of upgrades that fix only the major issues.
For example, a Magento patch could fix a potential security vulnerability or a critical bug. Patches are great for instances where you don’t have time for a full upgrade, but need to protect yourself from aforementioned vulnerabilities. After applying a patch, Magento adds a suffix to the version number (e.g. 2.3.4-p2).
Patches change only a few files. They don’t have any improvements or new features. That’s why after applying patches your store should not have any new incompatibility issues (in rare cases you can). So you don’t have to completely re-test your store functionality.
Usually it’s very fast and easy to apply patches. Also, as the amount of files affected is usually small, if you do encounter an issue, it is usually easy to trace and correct with the help of a skilled developer.
When is it necessary to do a Full Upgrade of Magento 2?
You should apply security patches as soon as they are released. It’s a necessary requirement to securely run your Magento store. Otherwise, your store will be an easy target for hackers.
However, it’s necessary to understand that technologies are evolving very quickly. And with each release of a new version of Magento, it’s harder and harder to support the work of older versions for your developers.
Further, if you have a very old or outdated version of Magento, you may not find extensions on the market which support your version of Magento.
The longer you delay release upgrades of your store, the harder it will be to upgrade for you. For example, upgrading from 2.3 to 2.4 is much easier then from 2.0 to 2.3.
So, while applying a patch is a quick and easy way to get your store secure, you are also prolonging the pain of doing a full upgrade. So think of patches as what they are, temporary patches to hold you over while you make your full upgrade plans and preparations.
For example, while a patch will make your site secure, by delaying full upgrades you may be missing out on new features or improvements which may be critical to your business. For example, Magento 2.4 uses PHP version 7.4, which is much faster than older versions of PHP. So if you upgrade your store and PHP, you’ll receive a speed increase, which is very important for your customers' user experience and for Google (yes, speed affects your organic rank).
Why are release upgrades sometimes hard?
As mentioned above, release upgrades of Magento introduce a lot of new changes. Some of those changes may not be compatible with your theme, extensions or customisations. Those changes can create major issues in your store. For example, some functions can be broken.
Furthermore, if you upgrade Magento you need to do an upgrade of your third party extensions as well. This is because extensions may also likely be incompatible with your new Magento version.
So with each release, upgrading requires a full test of your store functionally. Otherwise, you’ll find new frustrating bugs in production (or, worse yet, your customers will find them for you).
We strongly recommend not trying to upgrade your production host before testing everything.
The best practice is to create a test host with a copy of your production host and a backup copy of your production database. Many hosting providers offer easy tools to clone your store for testing, and in the case of some hosting providers they will do it for you. After you run the upgrade you need to test everything you can think of on the test host. It is good practice to keep a list of commonly affected areas after upgrades from your past experiences. For example, you can create a list you follow of checking the checkout flow, checking the account area, etc.
These are just examples, and will differ based on your unique store and customizations. Only after testing is complete and thorough should you then proceed with applying the upgrade on production.
It is important to note, and good practice for any project where big changes are about to occur, to create a full backup of your database. During an upgrade, Magento changes the structure of the database and it’s not possible to rollback those changes. This is why a backup is vital in case you need to return to your previous database for any reason. For the same reasons above, it is also good practice to backup your files as well. In this way, you can return your Magento to its full previous state.
There is an official Magento upgrade guide which describes how to upgrade Magento 2 step by step. Follow this guide and read thoroughly before making your first moves.
What to do if upgrading is not an option?
As is often the case, upgrading your Magento store is very entailed. Technically the upgrade is possible, but will require a lot of development time ($$). In this case, you can apply only security patches. Magento has an official Applying Patches Guide and you can download patches in the Magento Security Center.
We also recommend subscribing to notifications via the Magento Security Scan Tool. It’s a free tool where you can add your Magento 2 store and it will notify you about known security vulnerabilities within your store.
As alternative, you can use a third party scanner such as https://www.magereport.com/, powered by hosting provider Hypernode. It has a simpler interface and also provides notifications about possible known vulnerabilities.
Magento is a powerful modern platform, which is why merchants love it. However, as it evolves very quickly new approaches/features are introduced, while some old ones are deprecated. Furthermore, security vulnerabilities are found in each version, hence subsequent patches.
Magento merchants must regularly invest resources to apply security fixes in their stores. This should simply be considered a cost of doing business when operating a Magento website. Upgrading to the latest version is always an enticing option, but it requires a lot of resources in most cases. So it’s necessary to have a well-thought out upgrade strategy to reduce security risks, technical debts, and to efficiently spend resources.
Questions? Ask us in the comments.