When trying to make the decision between Shopify and Magento, you’ll often hear that Shopify is a hosted solution, whereas Magento is open-source software. This is often cited as the key difference between Shopify and Magento. The hosted solution relieves you of having to install and host your online store, but the open-source software allows you a greater degree of customizability.
But what does that really mean for developers in practice, and how does that choice impact merchants and their customers?
In the Magento world, every online store is its own independent installation of the Magento software. There are roughly 200,000 stores running Magento, and they’re all running many different versions, modules, patches, and customizations.
Magento is open-source software, which means its code (in all versions and patches) is publicly available for anyone to view online. This, coupled with the fact that there are over 200,000 Magento stores in the wild all handling sensitive customer and payment data, makes Magento an extremely attractive target for malicious actors seeking to find and exploit security vulnerabilities in the software.
When a security patch is released by the Magento team, every Magento store needs to be updated separately, and it’s the responsibility of each merchant to ensure this happens. This process is often complicated by the fact that Magento stores can vary so dramatically in their implementation. An update that applies successfully to one store could easily cause problems when applied to another store due to differences in third-party modules, themes, or local customizations.
For merchants and developers, this can create a large and unexpected workload, like in the case of Magento’s SUPEE-6788 security update. This update patched several vulnerabilities in Magento, but also broke backward compatibility with hundreds of popular community modules. In addition to applying the security patch, all affected community modules would need to be updated for compatibility. This gave developers the difficult choice to either wait for vendors to release updated versions of their community modules, or manually update those modules themselves. If they wait on the vendors, their Magento store remains vulnerable; if they manually update those modules, the module code falls out of sync with the vendor version, potentially complicating future upgrades.
And not all security vulnerabilities are created equal. Take for example SUPEE-5344, commonly referred to as the “shoplift bug,” a Magento vulnerability which allowed attackers to obtain admin access to a store and full access to its database. The risk you take by not regularly patching your Magento store is extremely high, and the sometimes complicated and costly process of applying security patches has resulted in many Magento stores remaining unpatched and vulnerable to this day.
Since switching to development on the Shopify Plus platform, I haven’t had to spend any time patching Shopify stores for security vulnerabilities. This is one of the greatest advantages that comes with choosing a hosted solution over open-source software. The platform and all sensitive data is hosted and secured by Shopify, a multi-billion dollar publicly traded company.
Shopify takes the responsibility of keeping their platform updated and your data secure, allowing developers to focus more of their time on projects that will help merchants achieve their business goals.
Hosting, Web Traffic, Databases & Scaling
In A/B testing, Amazon once found that a 500-millisecond delay in page load speeds caused a 5% drop in sales. Google similarly found that a 500-millisecond delay caused a 20% drop in search traffic and ad revenue, and killed user satisfaction.
Optimizing page load speeds is very important indeed.
This is another area where hosted ecommerce solutions like Shopify really shine. Your online store and all associated media is hosted by Shopify, and their business model means Shopify is feeling the same pressure as Amazon to keep your pages loading fast to maximize conversion rates. Your online store is always available and very fast, and it’s never a concern for merchants or their developers.
Working as a Magento developer, page load speeds and database load are constantly on your mind.
Magento is a very large codebase comprised of thousands of files and millions of lines of code. It stores system, module, and layout configurations in the file system as large XML files that are computationally expensive to parse. It implements the Entity-Attribute-Value model of data storage, spreading related data across many different tables in the database, necessitating complicated and expensive database queries even for simple things like retrieving product data. All of this makes Magento one of the most challenging platforms to host and scale, and as traffic to your site grows, the solutions to those challenges become increasingly complex.
To make things run faster in production, Magento implements many caching layers at the application level, including caches for system configuration, layout XML, block HTML output, and full page generation. This means that as a developer, you must ensure (through careful consideration and testing) that all local customizations and community modules properly utilize all of these caches, because even a single cache invalidation can have a dramatic impact on page load speeds.
For the merchant, this all translates to an increase in overall development and hosting costs, and noticeably slower page load times in the majority of cases.
Development, Technology & Resources
In terms of development, the primary difference between Magento and Shopify is that Magento is a monolithic ecommerce framework, whereas Shopify is a hosted platform interacting with a wide variety of external services.
When developing for Magento, all of your development activity is happening within its framework; you add to and modify code within that framework to extend and modify its functionality. All of your code extends from the Magento core, which utilizes a predefined set of technologies, and tightly regulates how you use them.
As a Magento developer, you write object-oriented PHP inheriting from Zend libraries on top of a MySQL database, with Prototype and sometimes jQuery on the frontend. It’s a very complicated and highly specified framework, and it can take a lot of specialized training to become productive in it. This adds cost and a degree of difficulty to hiring and onboarding.
Shopify provides a powerful REST API, which allows external applications rich access to the Shopify platform, and gives developers the freedom to make more of their own technology decisions. You can develop for the Shopify platform using any programming language or framework you like. Giving developers and agencies the flexibility to select from more modern and familiar technologies confers many benefits, including increased developer efficiency, and the ability to hire from a much larger talent pool.
What This All Means for Merchants
Choosing the right ecommerce solution for your company is about more than just feature lists and checkboxes. It’s important to also consider what impact your decision will have on the development cycle, on the security of your customers’ data, and on your ability to scale the platform to match the growth of your business.
With a hosted solution like Shopify, your sensitive data will generally be more secure. Your store will have consistently fast page load times, will scale automatically, and will have a near-unlimited capacity to absorb sudden bursts in web traffic. And importantly, your developers will be empowered to work more efficiently using modern and familiar technologies, reducing your development costs and allowing more of your budget to go toward growing sales and achieving your business goals.