Prestashop 1.7 vs Thirtybees: Vulnerability, Data Security, Efficiency and Cost

Prestashop 1.7 vs Thirtybees has been a point of contention among ecommerce developers since the first of version of the Prestashop fork was released. Thirtybees is a fork of Prestashop 1.6. It was the result of the in-action of the Prestashop developers’ over the code issues and bugs fixes that was never fixed then totally abandoned by 2019.

Prestashop 1.7 is differently coded. The former core prestashop team were disbanded and obviously, replaced with younger and new ones. They went in a different direction, and came up with Symphony based version of prestashop.

Here are 5 talking point to Prestashop 1.7 vs thirtybees

The first talking point with Prestashop 1.7 vs Thirtybees is Security and vulnerability.

It is worth mentioning that Prestashop has recently discovered vulnerabilities to their core modules and some of the third party modules that came along with the core files.

They say that sometimes on Thursday,

January 2, 2020, a customer reported to prestashop team that its shop has been compromised by a malware named XsamXadoo Bot. The bot, according to the report, was able to upload some malware files into the shop which allowed him to access and control several shop settings.

Source

XsamXadoo Bot uses the CVE-2017-9841 code injection vulnerability in PHPUnit.

Read the full article about prestashop module vulnerability here.

Why is Thirtybees system NOT included in the recent CVE-2017-9841 code injection vulnerability in PHPUnit? 

The answer is simple. Since its first release, Thirtybees stripped the modules that were source of vulnerabilities. They have not been a part of the core files that shipped with the thirtybees install, namely:

  • autoupdater (confirmed)
  • gamification (perhaps)
  • pscartabandonmentpro (third party)
  • ps_facetedsearch (third party)

The modules above were the source of the security compromise according to Prestashop team.

NOTE: No native thirtybees module has been found to be affected by this vulnerability! As a shop owner, you can be assured that those vulnerable modules are not part of your thirtybees system. No guarantee though that it is the same with third party developed modules.

The second talking point to PrestaShop 1.7 vs thirtybees

Prestashop 1.7 came out, but it stripped features away, and tried to rewrite the software. They hung many merchants out to dry with broken shops. The features they removed have not been improved, but they are now selling them back to merchants. There is a huge list of things why its not good. One can only check this article out over at medium.

Thirtybees on the other hand maintained and improved the core modules. Not only did they improved and maintained but they have added more to the core modules to make the system the way open-source should be. Several new features are;

1. Choosing template per page level

We are adding a new area to each page type in the shop. What this area will allow is for you to choose a different template on a per page level.

2. Modules that were single use were phase out and are now replaced by htmlblock module.

These modules will be replaced by the new HTML block module. This module will allow you to have multiple HTML areas in the same hook allowing you to widgetize areas with HTML content.

3. Thirtybees also did a fine job installing new hooks.

In addition to the HTML Block module we have also added a couple dozen new hooks. The new hooks we have added are all display hooks to solve problems. Hooks have been added to the following areas:

  • 404 Page
  • Maintenance Page
  • Category Pages
  • Product Pages
  • Payment Pages
  • Shipping Pages
  • Checkout Pages

Source

There are also several other hook areas that have been added that will be in the new template files with the new theme, to make them easier to visually customize.

The third talking point is concerning Symfony and increase efficiency of the website.

I have read it is actually a good thing and will speed up development as well as increase efficiency of the website. So I would say to me it is a wash??  However, Symphony does not speed up development that much really.

What Prestashop have done is merged Symfony with their custom framework and tried to make the two communicate until they can get the resources to totally replace the custom framework with Symfony. Besides adding several more layers of abstraction it has also added a ton more code to the critical render path. A simple operation like validating a name has been moved from 4-6 lines in a function to using a whole validation library now.

On the other hand, Thirtybees streamlined the code and fixed the bugs that slows the site down. The 1.1.0 version of thirty bees have several hundred bug fixes released with it, increasing its efficiency. Here is what they say,

While we strive for 0 bugs, at this point it is just not possible to clear out the whole bug list.

That is why thirty bees is willing to test against PrestaShop to show speed.

You can see some limited tests here,

It is what I would call a real world approach to the speed of sites. It measures exactly what matters to your users, how long it takes your site to load on their device.

Source

The fourth talking point concerning Prestashop 1.7 vs thirtybees is about user data sharing.

While this has been unknown to general users, programmers and developers knew for a fact that Prestashop has been collecting data from websites. Obviously, people are not happy to hear it.

The culprit module that sends the data, is called gamification.  If you have played around with PrestaShop well enough to understand the hook system, you will also notice that the hook displayBackOfficeHeader will run disabled modules. So even when that module is disabled it still runs and collects information. The integration is actually so deep that if PrestaShop’s servers go down, so will your back office.

Thirtybees stripped this module since its first release and does not collect users data behind the scene. Your data is yours!

The fifth talking point for Prestashop 1.7 vs Thirtybees is the cost of development

I hate to see features go and it makes me feel uneasy because you always want to be up to date for security reasons but you might rely on a feature. That being said I was most likely never going to use advanced stock management and if I did need something like that it would most likely be an erp at that point that I would require.

However, if you don’t need the features, great, you will not miss them. But if you are like most merchants and want a sitemap for your site, it will cost you $90 for a module that was once free. At the same time, if you want clean urls, that is another $60. Those are just a couple of examples. There has been a lot of functionality converted from free to paid over the last year. There has been times that they get in disputes with payment gateways and totally remove a merchants ability to accept payment by that gateway. That hurts shops. Can you imagine PrestaShop getting mad at paypal and breaking shops from being able to use paypal? It actually happened.

In conclusion

The contention of which is better between Prestashop 1.7 vs Thirtybees is clearly on thirtybees favor. From vulnerability to data security, from efficiency  to cost of development, thirtybees is a better system than Prestashop!

Let us know what you think? Do you agree or disagree with out assessment of these talking points between Prestashop and thirtybees?

Related Posts

COMMENT ON POSTS

You must be logged in to post a comment.