Home Services About us Knowledge base Contact FAQ
Maintenance · 7 min read

Upgrading Magento 2: why, when and how to do it safely

A Magento 2 webshop is not a product you deliver once; it is software you maintain. This guide explains why upgrading is necessary, which risks are involved and how to keep an upgrade under control.

Why you need to upgrade Magento 2

Adobe periodically releases new Magento Open Source and Adobe Commerce versions, supplemented by standalone security patches between releases. Each release fixes vulnerabilities, improves performance and keeps the shop compatible with the PHP, database and search engine versions running underneath it.

Not upgrading is a creeping risk. Once a version reaches end-of-life, Adobe stops issuing security patches and your attack surface grows with every disclosed vulnerability. Payment providers, integrations and browsers move on too; a dated shop eventually stalls against modern security and compliance requirements.

  • Security patches and closing off known vulnerabilities
  • Compatibility with supported PHP, MariaDB/MySQL and OpenSearch versions
  • Performance and stability improvements
  • Continued support for payment, shipping and ERP integrations

The risks: where upgrades go wrong

The core of the risk sits in dependencies. A Magento shop is rarely bare: it carries third-party modules, a custom or Hyvä theme and bespoke integrations. A new Magento version can introduce breaking changes that stop a module loading, break a template or make an API call behave differently than before.

On top of that sits the PHP dependency: newer Magento versions require newer PHP versions, and not every module has been tested against them. Run an upgrade straight on production and a single incompatible extension can take down the entire checkout. That is precisely the scenario you want to avoid.

  • Breaking changes in core APIs, layout or theme variables
  • Modules or themes that are not (yet) compatible with the target version
  • PHP version jumps that affect custom code or dependencies
  • Database migrations that cannot be reversed without a backup

Preparation: half the work

A successful upgrade starts with taking stock. Map out which Magento version you run, which PHP version sits underneath and which modules and themes are installed, including their versions and compatibility with the target version. Modules without an update for the new version are a decision point: replace, patch or temporarily retire them.

Next, you never work blind on production. The upgrade belongs on a staging environment that mirrors production as closely as possible, with a fresh copy of the data. That way you test the actual migration rather than an idealised version of it.

  • A full, restorable backup of files and database
  • An inventory of module and theme compatibility with the target version
  • Upgrade on staging first, using a realistic copy of the data
  • A tested rollback: how you get back if something breaks

How long does an upgrade take?

An honest answer is: it depends on the distance you need to cover and the complexity of your shop. A small step between two consecutive patch versions on a clean, well-maintained shop is a matter of hours to a day of testing. A jump across several major versions, with a PHP upgrade and dozens of modules, can run to several days or more.

Treat the drivers below as guidance, not a fixed price. The biggest variable is almost always the number and state of the third-party modules and customisations, not Magento itself.

  • Number of skipped versions (patch, minor or several majors)
  • Number and quality of modules, integrations and custom work
  • Whether a PHP or infrastructure jump is involved
  • The volume of data and the depth of the testing cycle

Maintenance: don't let yourself fall behind

The most expensive upgrades are the postponed ones. Do nothing for years and one day you face a jump across several versions at once, with a stack of modules that have all aged in the meantime. Ongoing maintenance shrinks each upgrade to a manageable step rather than a migration project.

In practice this means applying security patches monthly, taking on smaller versions in good time and watching compatibility with every change, always via staging and with a rollback in reserve. That keeps your shop secure and current without having to schedule a major intervention each time.

Keep your Magento 2 shop up to date without surprises

We take security patches, version upgrades and compatibility monitoring off your hands, always via staging and with a tested rollback.