Magento Security Patches

From time to time Magento will release patches for security vulnerabilities or simply standard issue fixes. Applying Magento patches is relatively easy.

Before you proceed you will first need SSH Access, if you have not had it activated for your account please see Obtaining SSH Access.


Important Note: We highly recommend that you backup all your files first before proceeding with the patch. If possible, test all patches in a test environment first before taking them live. 



Where to find Magento patches

1. Navigagte to Magento's Download Page.

2. Look for Magento Community Edition Patches.

3. Select and download the patch.



Installing the Magento patch

Transfer the patch .sh file to your Magento installation root directory.
Example: /public_html OR /public_html/magento

Via SSH enter the following command:-
sh patch-file-name.sh

You should receive a "Patch was applied/reverted successfully" message as confirmation. If you see any errors please contact our Technical Support Department.


Reverting a patch
  • Change your Magento installation directory
  • Via SSH enter the following command:-
sh patch-file-name.sh -R



Without SSH Access?

If you do not have SSH Access or have difficulty in obtaining it, we can help execute the command for you. 

You need to first upload the appropriate patch file to your Magento installation, provide us with the path to it and we will execute the command for you.

We highly recommend that you backup all your files first before contacting our Technical Support Department



Magento patches which are already installed

You can find out which Magento patches are already installed by looking at the following file under your Magento directory:-
app/etc/applied.patches.list

If the file doesn't exist, that means no patches were ever installed in your Magento installation. 



Recent Patches

SUPEE-8788
provides protection against several types of security-related issues, including remote code execution, information leaks and cross-site scripting

SUPEE-7405 v1.1
Fixes issues introduced with patch SUPEE-7405 February 23, 2016

SUPEE-7405

A bundle of patches for Magento 1.x that resolve several security-related issues. January 20, 2016

SUPEE-6788
Provides protection against several types of security-related issues, including remote code execution, information leaks and cross-site scripting. Oct 27, 2015

SUPEE-6482
Addresses two issues related to APIs and two cross-site scripting risks. August 4th, 2015

SUPEE-6285
Provides protection against several types of security-related issues, including information leaks, request forgeries, and cross-site scripting. July 7th, 2015

SUPEE-5994
Addresses multiple vulnerabilities. May 14th, 2015

SUPEE-5344
Addresses remote code execution vulnerability. Feb 9th, 2015

SUPEE-4829
Fixes issue with product images. Nov 26th, 2014

SUPEE-1533
Addresses 2 remote code execution vulnerabilities. Oct 3rd, 2014.


  • Email, SSL
  • 16 Users Found This Useful
Was this answer helpful?

Related Articles

How do I set the correct file permissions for Magento?

Magento installation out of the box does not use the correct and safe file permissions for our...

How To: Upgrade Magento to the Latest Version

Note: It is always recommended to perform multiple form of backups before you perform any...

How To: Add Attributes to Product Grid in Category

Introduction Here we will show how to add your more attributes to the category view product list...

503 Error (Service Temporarily Unavailable)

If you see a 503 Service Temporarily Unavailable error, go to the directory you install...

How To: Install Magento using Installatron Script Installer

There are a few easy steps that you will need to take to install Magento using Installatron...