How to Install a Magento Security Patch

How to Install a Magento Security Patch pixelwork

How to Install a Magento Security Patch


Magento recently releases several patches to fix vulnerabilities in the system. It is recommended that you update your store to the latest version of Magento and install any security-related patches as soon as they are available.

Due to variation in hosting environments and server access, there is no universal way to install a Magento security patch. This article describes 3 methods to install a patch and also how to roll back a patche.

Methods to Install a Magento Security Patch

  1. Use SSH
  2. Run a script
  3. Load pre-patched files
  4. Roll back an installed patch

If your hosting provider does not provide SSH access to the server, try one of the other methods. Although this article focuses on security patches, the same methods can be used to install any Magento patch.

Step 1: Make a backup

Always make a backup of your Magento installation before installing a patch. For more information, see: Create a Magento Backup

Step 2: Download the patch

To download the recommended patches for your version of Magento Community Edition, visit the Magento download page.

Step 3: Disable the compiler

If your store is compiled, be sure to disable compilation before installing a patch. After installing a patch, test the store thoroughly. Then run the compiler again. Your store must be recompiled for the patch to take effect.

Method 1: Use SSH

Secure Shell (SSH) is the recommended way to install a patch. If you don't know how to configure SSH, contact your hosting provider.

  1. Upload the patches to the root folder of your [magento] installation.
  2. If the store is compiled, make sure the compiler is disabled.
  3. In the SSH console, run the following commands according to the patch extension:

.sh extension


.patch extension

Patch --p0
  1. Use one of the following methods to verify that the patch has been installed:

Download or view the file: app/etc/applied.patches.list.

From the command line, run the patch file with the –list argument to get a report of all patch installations.


Method 2: Run a Script

The following example shows how to install the patch. Be sure to replace the patch name in the example with the name of the file you are installing.

  1. Upload the patches to the root folder of your [magento] installation.
  2. If the store is compiled, make sure the compiler is disabled.
  3. From your desktop, do the following:

a. Use a text editor to create a file called patch.php that contains the following code.

"); passthru("/bin/bash"); print(" "); echo "Done"; ?>

b. Upload the patches to the root folder of your [magento] installation.

4. Run the script from your browser.

http://www. [] /patch.php

Then look for the following message:

Checking if patch can be applied/reverted successfully... Patch was applied/reverted successfully. Donate
  1. After successfully installing the patch, delete the patch.php file from your server.

If you receive the following error, ask your hosting provider to install the missing tools or try one of the other methods.

"Mistake! Some required system tools, that are used in this sh script, are not installed; Tool (s) “patch” is (are) missed, please install it (them)

  1. Update the Magento Admin cache, don't forget to also update your OPcode or APC cache.
  2. If your store is compiled, run the compiler again.


Method 3: Load pre-patched files

  1. Download your Magento installation to your local machine.
  2. Apply the patch locally.
  3. Upload the updated files to your server.


Roll back a Magento security patch

From time to time it is necessary to uninstall a patch. The command to roll back a patch is essentially the same as the command used to install a patch, but with the addition of the -R flag.

  1. Before you begin, make sure you have the proper permissions for the Magento installation directory on the server. If the directory is owned by a web server user such as apache or root, change to the appropriate user to ensure you have the necessary permissions. For example:
su – apache

Then, when prompted, enter your password.

  1. Navigate to your magento installation folder.
  2. At the command line, type the following command to roll back the patch:
sh -R