How to Install Magento Security Patches
We’ve seen many Magento sites get hacked, with dire consequences. Aside from angry customers, merchants are faced with the difficult and expensive task of removing all the malicious code. It’s much easier to apply patches as they are released than to clean up the mess afterwards.
Magento releases patches when it finds any defenselessness in the framework to make framework more secure, recently launched the patches on Nov 26, 2014 and Feb 9, 2015, It is especially prescribed to introduce the patch as quickly as time permits in light of the fact that your Magento store can be helpless till then and programmer can hack your information data.
I have covered the installation fo following patches but you can install other using the same method:
SUPEE 1533
SUPEE 5344
SUPEE 5994
SUPEE 6285
SUPEE 6482
SUPEE 6788
SUPEE 7405
Installation Steps for these Patches:
There are two ways to install patches: either by using SSH or by using FTP/cpanel. Some hosting providers don’t provide the SSH access for your plan. If not, you can FTP the files up to the site.
Cache Management: Make sure all caches are disabled from Cache Management in your store before installing patches.
Compilation: Make sure compilation has been disabled in your store before installing patches. If you haven’t disabled the compiler and installed the patch, test everything and run the compiler to again. The compiler must be run in order for the patches to take effect.
I have explained installation of patches with both the ways here:
Follow this instruction to install patch on your store,
Method 1:
Upload patch files in the root of magento.
Make one file with the name of patch.php, write following code in it,
<?php print("<PRE>"); passthru("/bin/bash PATCH_SUPEE-5344.sh"); print("</PRE>"); echo "Done"; ?>
Replace the file name in it, upload it in the root and run the file from the browser.
Name should be PATCH_SUPEE-5344.sh or PATCH_SUPEE-1533.sh
If you are getting error like this,
“Error! Some required system tools, that are utilized in this sh script, are not installed; Tool (s) “patch” is (are) missed, please install it(them).
That means system tools aren’t installed in your server to run the sh script, you can contact your hosting provider or follow another method.
Method 2:
You can install patch with SSH as well. You will need SSH, if you don’t know how to set up SSH, contact your hosting provider.
Upload the patch files in the root,
In ssh console, run the command as following.
For .sh file extension
Sh PATCH_SUPEE-5344.sh
Sh PATCH_SUPEE-1533.sh
For .patch file extension:
patch —p0 < patch_file_name.patch Make sure to check your store for vulnerabilities after the patch installation process is completed. Magento’s Security Patch Page provides a list of signs to look for to determine whether or not your store is comprised.