We’re committed to supporting Magento after its end-of-life (EOL). Nexcess Safe Harbor makes sure your Magento store stays secure by providing patches for Magento core and allows you to worry about the operations of your store instead of security.
Will my store be secure after June 2020 (after Magento 1 EOL)?
Nexcess Safe Harbor makes sure your Magento store stays secure by providing patches for Magento core.
Should any vulnerabilities be found we’ll provide patches and email all store owners so you can apply the patch and keep your stores safe.
Can I use Safe Harbor and still be PCI compliant?
Yes. You can still be PCI compliant even though the app is no longer supported by the original creator as long as it meets all PCI requirements.
This is the same way that writing your custom eCommerce software can be compliant. In all cases, you will need to go through your own PCI compliance process.
Is Nexcess.net Infrastructure PCI Compliant?
Yes. Nexcess infrastructure is PCI compliant.
Nexcess is PCI certified as a Level 1 Solution Provider, so any merchants using Nexcess Magento Cloud can use Nexcess’ PCI Attestation of Compliance to aid their own PCI certification process.
Are You Going to Provide Security Patches for Magento?
Yes. As per 6.2 of the PCI DSS Guidelines:
Protect all system components and software from known vulnerabilities by installing applicable vendor-supplied security patches. Install critical security patches within one month of release.
You have to keep all of your systems up to date. We’re responsible for sourcing & providing patches. If a vulnerability is found we’ll send an email with the patch details and remind you to patch your store in Safe Harbor using the included staging site.
Is My Payment Gateway Going to Work After EOL?
Nexcess Safe Harbor makes sure your Magento store stays secure by providing patches for Magento core.
We’ll also provide patches for the most popular Magento extensions. So your payment gateway has no reason to stop accepting payments.
Given their commitment to keeping their Magento 1 module up to date, we strongly recommend checking out Stripe, if you haven't already.
How are third party plugins/themes handled regarding security issues and compatibility?
We recommend using modules that explicitly state that they will be maintained after June 2020.
We will do our best to keep a list of vetted modules but given the quantity of vendors out there, it might be hard to support them all when it comes to security.
Do Patches Have to be Vendor Provided?
Per the PCI guidelines (6.2), anyone can provide this ongoing support for maintenance as long as the store owner can prove the store is being actively maintained in a timely manner. It doesn’t have to be the original vendor.