This guide will teach you how to apply Magento patches on your web store(s). To avoid multiple types of vulnerabilities including the Shoplift bug, these patches are critical for the security of your site and your users.
Before applying patches, we strongly recommend you create a staging environment of your web store by following this guide and then apply patches to your test application. When you are confident that everything is working fine on your staging site, only then proceed to replicate the installation on your live store.
How to Apply Magento Patches
Step 1: Check Magento Version and Read Latest Messages
First, you should know which version of Magento you are using. You can do so by logging into the admin area with your credentials. Scroll down to the bottom of the page where you will see your Magento version.
Now, scroll up to the top of the page where you will see the latest messages and note down the security patch(es) to apply.
Step 2: Downloading the Appropriate Patch(es)
Login to Magento Commerce by clicking on My Account in the upper-right corner of the screen. If you are not registered, then you can create a free account.
After you’re logged in, click on Release Archive to see the Magento releases and security updates.
Scroll down the page until you find Magento Community Edition Patches – 1.x. Locate the suitable patch to install by clicking on Select your format and then click on the Download button.
In this example, we will download the SUPEE-7405 patch.
Step 3: Apply Magento Patch(es)
You will need to upload the downloaded patch file to the root of your Magento installation using an SFTP software like FileZilla. Visit this guide to know how to connect your server via SFTP.
After uploading the patch, you need to set the permission of the patch file to be executable.
Log into the SSH terminal and run the following command:
chmod +x PATCH_SUPEE-7405_CE_188.8.131.52_v1-2016-01-20-04-35-33.sh
In the above command, we have set the permission for the SUPEE-7405 patch. You can replace the patch name in the command with the one you have uploaded to the root of your Magento application.
Now, to apply the patch run the following command to execute it.
You will see a similar message as shown below:
Step 4: Flush Magento Cache
After the verification process, you need to clear the cache of your Magento store.
To clear the Magento Cache, follow these two steps:
On the Admin menu, select System and navigate to Cache Management.
Click on the Flush Cache Storage button.
Step 5: Verify Magento Patches
To check whether your Magento store is secure, go over to Mage Report and enter your website URL. If your patch was installed correctly, you should see something like this: