Many people don’t consider the need or necessity to upgrade software versions once an initial package is installed and running. Many think that once they’ve got their software setup and tweaked just the way they want (or especially once they’ve added several customizations) that an upgrade might then somehow “break” or undo all of the special changes, settings, edits and customizations on which they’ve spent countless hours getting just right. Why would anyone want to then go and “mess things up”?

Magento 2 was released during Q4 of 2015, starting the next era of Magento within the eCommerce space. Originally announced in 2010, Magento 2 has been long awaited by shop owners who are now left with a number of decisions to make regarding the new platform. Among the most important decisions are whether a shop should make the jump to Magento 2 and, if so, when.

SUPEE-7405’s most important fix is that it blocks hackers from breaking into your admin and taking over your store. Clearly SUPEE-7405 is critical to have installed. Developers should estimate around 3-4 hours to install the patch locally, test and fix, push to dev, allow the client to test, and then deploy to production. However, below is a list of changes that may arise after SUPEE-7405 is applied. These will need to be evaluated on a site-by-site basis, depending on the extensions you have installed.

The Magento customization trap has taken many merchants by surprise, costing them large amounts of money, stress and time. Heed our warning.

Magento released SUPEE-6788 on October 27, 2015, which fixes a number of security issues relating to customer registration, forgotten customer passwords, admin actions, SQL injections and more. The difficulty with this patch, in particular, is how invasive it can be when applied to a highly customized shop.