Magento has released security patches to make the system more secure. Though it has been a while since the security patches have been released, We have noticed that a number of Magento website owners have not gotten time to install all the security patches to make their website secure, Either they don’t know how to install the patches on their own or they don’t have a Magento development company that can help effectively.
It is very much important to install the patch as soon as possible because your Magento store can be vulnerable till then and hackers can hack your data information.
The important thing is now how to install the patches for the Magento website, here we have provided a simple step-by-step guide with screenshots to apply patches on your magento website.
You can install the patches using ssh or FTP/Cpanel. Some hosting providers don’t provide ssh access for some hosting plans so here is a detailed guide on how to install the patches without having the need for ssh access.
Before you start working on any security patch update, the first thing you want to do is take a full backup of your Magento store. Take a backup of store files and database using your server’s control panel or SSH otherwise consult your hosting provider for help.
After you have taken the backup start following the below step-by-step guide:
1. First disable the Compilation from admin if Compilation is enabled otherwise it will break your store’s architecture and functionality. Go to the below path for Compilation.
- System -> Tools -> Compilation
- If it is Enable then Disable it.
2. After that, disable any cache if it is enabled. To disable the Magento caches follow the below path in Admin.
- System -> Cache Management
- Select all Cache types then Select Disable from the Actions dropdown and click on Submit button.
- Note: If you have any server caches enabled then disable that as well so that any changes reflect directly on the website. Contact your hosting provider for any help.
3. Next thing is we have to find out which patches are required on your Magento store to update, for that go to the below link and put your website url, it will show you exactly which patches are missing.
4. When you have the list of security patches your Magento store requires, you can go to the below site and download the specific security patch from there.
- Note: Confirm your Magento version then download patches. You can check your Magento version by logging into admin and finding it at the footer.
We have listed some of the latest security patches below with their download links for you.
- SUPEE-10752
https://magentary.com/kb/install-supee-10752-without-ssh/
- SUPEE-10570
https://magentary.com/kb/install-supee-10570-without-ssh/
- SUPEE-10415
https://magentary.com/kb/install-supee-10415-without-ssh/
- SUPEE-10266
https://magentary.com/kb/install-supee-10266-without-ssh/
- SUPEE-9767
https://magentary.com/kb/install-supee-9767-without-ssh/
- SUPEE-9652
https://magentary.com/kb/install-supee-9652-without-ssh/
- SUPEE-8788
https://magentary.com/kb/install-supee-8788-without-ssh/
- SUPEE-8167
https://magentary.com/kb/install-supee-8167-without-ssh/
- SUPEE-7405
https://magentary.com/kb/install-supee-7405-without-ssh/
- SUPEE-6788
https://magentary.com/kb/install-supee-6788-without-ssh/
- SUPEE-6482
https://magentary.com/kb/install-supee-6482-without-ssh/
- SUPEE-6285
https://magentary.com/kb/install-supee-6285-without-ssh/
- SUPEE-5994
https://magentary.com/kb/install-supee-5994-without-ssh/
- SUPEE-5344
https://magentary.com/kb/apply-supee-5344-and-supee-1533-without-ssh/
- SUPEE-3762
https://magentary.com/kb/apply-supee-3267-without-ssh/
5. After you have downloaded the security patches extract the archive and the only thing remaining is to upload it using FTP client or SSH or your hosting control panel by following the below points:
Note:
- Start with the oldest dated security patch which is the lowest in number.
- Upload the patches one by one and make sure that you upload the latest security patch update 8788 at last. You can find the date of release of each patch on the above links.
- Make sure that patches are uploaded from the root folder of the store where directories like the app, lib, media, skin, etc are present. You have to match the directory structure of your Magento store and downloaded the security patch structure.
- Never replace .htaccess or any root files.
- For specific patch SUPEE-8788, you have to delete the below files after its successfully uploaded as in that patch Magento has replaced its Admin Uploader.
skin/adminhtml/default/default/media/flex.swf
skin/adminhtml/default/default/media/uploader.swf
skin/adminhtml/default/default/media/uploaderSingle.swf
6. Now that all the security patches are updated verify with the Magento storefront and Admin that your website is running smoothly and everything is working fine without any broken pages or functionality.
7. If everything works well and your site is running as it was before then go to the below link again to verify that all the patches are updated and show Green status.
- Note: If it shows a patch in Gray color then it couldn’t decide if the patch is installed or not. You have to confirm manually that the patch was installed successfully.
8. When you have verified the security patches now it’s time to enable all the caches. Go to the below path in Admin.
- System -> Cache Management.
- Select all Cache types then Select Enable from the Actions dropdown and click on Submit button to activate the cache.
- If you had any server cache disabled then turn them on as well and check the front is working fine on that as well.
9. Now the last thing is to enable the compilation if it was disabled on the 1st step. Go to the below path in Admin.
- System -> Tools -> Compilation
- Run Compilation Process and then Enable it.
That’s it. If you face any problems during the process, Please feel free to contact us and our Magento ecommerce developer will help you real quick.
