Magento Security Patches

From time to time Magento will release patches for security vulnerabilities or simply standard issue fixes. Applying Magento patches is relatively easy.

Before you proceed you will first need SSH Access, if you have not had it activated for your account please see Obtaining SSH Access.


Important Note: We highly recommend that you backup all your files first before proceeding with the patch. If possible, test all patches in a test environment first before taking them live. 



Where to find Magento patches

1. Navigagte to Magento's Download Page.

2. Look for Magento Community Edition Patches.

3. Select and download the patch.



Installing the Magento patch

Transfer the patch .sh file to your Magento installation root directory.
Example: /public_html OR /public_html/magento

Via SSH enter the following command:-
sh patch-file-name.sh

You should receive a "Patch was applied/reverted successfully" message as confirmation. If you see any errors please contact our Technical Support Department.


Reverting a patch
  • Change your Magento installation directory
  • Via SSH enter the following command:-
sh patch-file-name.sh -R



Without SSH Access?

If you do not have SSH Access or have difficulty in obtaining it, we can help execute the command for you. 

You need to first upload the appropriate patch file to your Magento installation, provide us with the path to it and we will execute the command for you.

We highly recommend that you backup all your files first before contacting our Technical Support Department



Magento patches which are already installed

You can find out which Magento patches are already installed by looking at the following file under your Magento directory:-
app/etc/applied.patches.list

If the file doesn't exist, that means no patches were ever installed in your Magento installation. 



Recent Patches

SUPEE-8788
provides protection against several types of security-related issues, including remote code execution, information leaks and cross-site scripting

SUPEE-7405 v1.1
Fixes issues introduced with patch SUPEE-7405 February 23, 2016

SUPEE-7405

A bundle of patches for Magento 1.x that resolve several security-related issues. January 20, 2016

SUPEE-6788
Provides protection against several types of security-related issues, including remote code execution, information leaks and cross-site scripting. Oct 27, 2015

SUPEE-6482
Addresses two issues related to APIs and two cross-site scripting risks. August 4th, 2015

SUPEE-6285
Provides protection against several types of security-related issues, including information leaks, request forgeries, and cross-site scripting. July 7th, 2015

SUPEE-5994
Addresses multiple vulnerabilities. May 14th, 2015

SUPEE-5344
Addresses remote code execution vulnerability. Feb 9th, 2015

SUPEE-4829
Fixes issue with product images. Nov 26th, 2014

SUPEE-1533
Addresses 2 remote code execution vulnerabilities. Oct 3rd, 2014.


Was this answer helpful?

 Print this Article

Also Read

503 Error (Service Temporarily Unavailable)

If you see a 503 Service Temporarily Unavailable error, go to the directory you install...

How To: Improve Magento Performance

Important Note: The following tips on performance improvements have been tested to work properly...

Magento Cron Job

With Magento version 1.8.x and 1.9.x, some users are facing issues where the Magento Cron Job is...

How To: Remove Add to Cart buttons from Catalog Pages

If you want to remove the “Add to Cart” buttons from the catalog pages, this is how...

Magento Built-In Backup System (Magento Backup)

We do not recommend clients to use the Magento Built-In Backup System (Magento Backup) as there...