Hi Jimmy,
It's a bit of a mix:
- Magento 1 is reaching its end of life in a few more days, and will no longer receive security patches.
- If you need to keep up with compliances, like PCI-DSS, you need a supported platform with a vendor supplying patches to you, or other compensating controls to address this.
- If you're not PCI Compliant, there may be consequences when it comes to your credit card processing account.
- Regardless of credit card processing, keeping your site safe and secure for your customers does require that you protect your site from newly discovered vulnerabilities.
- Magento 1 extensions will soon be removed from the Magento Marketplace, and not all extension developers will continue to support their old M1 extensions, which is another security concern.
- Magento 2.3.x+ is supported and receiving patches, and is a good alternative to staying on Magento 1.x for many businesses.
It typically takes months to migrate. Many users are creating stopgap plans that include a patching provider like Mage-One and additional security on the web hosting side of things too (WAF, Intrusion Detection, Malware Scanners, 24/7 Monitoring). For a more detailed checklist, check out: https://blog.clear.sale/magento-1-end-of-life-a-helpful-checklist
Now is definitely a good time to re-consider migrating to Magento 2, but in the meantime, there's no reason to be a sitting duck.
Best of luck!
