How We Installed Magento Security Patches With No Experience

Posted on by Gchanmako

Related Post

We have two e-commerce stores and we try to keep them up with new versions and security patches. It would seem that our OpenCart installation is a little easier to maintain then our Magento Community Edition site is. But we were faced with a new security update, and with a loss of our tech guy, its causing us to procrastinate as long as we can. So there sit our Magento Security Patches, waiting to be installed like little lonely never used files.

But in order to make sure our customers are getting the highest security on our sites and to maintain PCI compliance and to keep our sites as up to date as possible we had to face our nemesis. Upgrading things that are not automated!

So we did what any person faced with our same situation does…we hit the internet and searched for others who have had the same problem. And there was a lot of people. The problem was that everyone had great ways to upgrade but it involved us doing things that were, well Greek to us.

But we did find one way that worked well and allowed us to install a patch with ease. Here is what we did.

Getting Magento Community Edition Patches:

To get patches the right Magento Security Patches for your Magento version you need to go to the official Magento site:

  1. Log in to magentocommerce.com/download.
    (Click My Account in the upper right corner of the page.)
    If you don’t have an account, you can register for one; the account is free to setup and does not require much information.
  2. In the Magento Community Edition Patches section, locate the patch to install.
  3. From the list next to the patch, choose your current Magento version, you can locate this on the Dashboard page when you log into your Magento installation on the very bottom.
  4. Click Download and save the file to your computer.
  5. After the patch downloads, continue with how to Apply a Magento Patch.

How to Apply Magento Security Patches in your Community Edition Magento installation.

  • Compilation: Make sure compilation has been disabled in your store before installing patches. If you haven’t disabled the compiler and installed the patch, test everything and run the compiler to again. It needs to run the compiler to take effect of the code of the patch. It is under the TAB  —->SYSTEM—–>COMPILATION.
  • Upload the patch file to the root directory of your Magento installation. For us, we did this in the Control Panel of our Bluehost account, and used the File Manager, and the upload button. We uploaded the patch file that we saved in our Download file on our local computer into our Magento installation root folder.
  • Once we verified the file was there we created a new file in the same folder called patch.php. This file is an executable file in your web broswer that will install the patch by simply going to the url. Once the files was created we used the HTML editor and added the following code in the file.
<?php
print(“<PRE>”);
passthru(“/bin/bash PATCH_SUPEE-5344.sh”);
print(“</PRE>”);
echo “Done”;
?>
  • Before you replace the file, you need to make sure the file name of the patch replaces “PATCH_SUPEE-5344.sh” with the name of your patch file. NOTE: the name of your patch file can be very long. Then save the file.
  • Once saved you can run the file in your web browser. Which simply is your url of your store with patch.php on the end so as an example —  yourdomain.com/patch.php.

Once run you should see the message, Checking if patch can be applied successfully/reverted…
Patch was applied/reverted successfully.

Done

please note that there may be other information displayed. When we did it, there was a long line of text but as long as you get the Done at the end, then all should be well. If you get this message, then your in big trouble…no not really. But it means that your hosting system does not have the tools installed to allow you to upgrade patches this way.

Error! Some required system tools, that are utilized in this sh script, are not installed; Tool (s) “patch” is (are) missed, please install it(them).

If this happens you will need to find another way to install patches, either through SSH, or manually with already unzipped files. Either one of these is a lot harder then the way above and we hope that you dont have to do it that way.

SO do you have another easy way to install patches in Magento, if so let us know in the comment section.