Installing Magento Patches

Magento recently launched several patches to correct vulnerabilities in the system. It is
recommended that you upgrade your store to the latest version of Magento, and install any
security-related patches as soon as they become available.
Make sure to stop by our Magento Security Center, and sign up for the Security Alert Registry to
receive direct notification from our security team of any emerging issues and solutions.
Because of the variation in hosting environments and access to the server, there is no “one size
fits all” way to install a patch. This article describes three methods to install a patch, and also
how to revert a patch.

  • Use SSH
  • Run a Script
  • Upload Pre-Patched Files
  • Revert an Installed Patch

If your hosting provider doesn’t provide SSH access to the server, try one of the other methods.
Although the focus of this article is on security patches, the same methods can be used to
install any Magento patch.

Step 1: Back Up Your Magento Installation

Always back up your Magento installation before installing a patch. To learn more, see: Creating a

Step 2: Download the Patch

To download the recommended patches for your version of Magento Community Edition, visit
the Magento download page.

Step 3: Disable the Compiler

If your store is compiled, make sure to disable compilation before installing a patch. After
installing a patch, test the store thoroughly. Then, run the compiler again. Your store must be
recompiled for the patch to take effect.

Step 4: Install the Patch

Method 1: Use SSH

Secure Shell (SSH) is the recommended way to install a patch. If you don’t know how to set up
SSH, contact your hosting provider. For detailed instructions, see: Installing Patches with
1. Upload the patch files to the root of your [magento] installation folder.
2. If the store is compiled, make sure the compiler is disabled.
3. In the SSH console, run the following commands according to the patch extension:
.sh extension
patch –p0

  • Download or view the file: app/etc/applied.patches.list.
    • From the command line, run the patch file with the –list argument for a report of all
      patch installations.

    Method 2: Run a Script

    The following example shows how to install the patch. Make sure to replace
    the patch name in the example with the name of the patch file to be installed.
    1. Upload the patch files to the root of your [magento] installation folder.
    2. If the store is compiled, make sure the compiler is disabled.
    3. From your desktop, do the following:
    a. Use a text editor to create a file named patch.php that contains the following script.
    echo “Done”;
    b. Upload the patch.php file to the root of your [magento] installation folder.
    4. Run the script from your browser.
    Then, look for the following message:
    Checking if patch can be applied/reverted successfully…
    Patch was applied/reverted successfully.
    5. After the patch is successfully installed, delete the patch.php file from your server.
    If you receive the following error, either ask your hosting provider to install the missing tools,
    or try one of the other methods.
    “Error! Some required system tools, that are utilized in this sh script, are not installed; Tool (s)
    “patch” is (are) missed, please install it(them).
    6. Refresh your cache from the Magento Admin, Don’t forget to refresh your OPcode or APC cache
    as well.
    7. If your store is compiled, rerun the compiler.

    Method 3: Upload Pre-Patched Files

    1. Download your Magento installation to your local machine.
    2. Apply the patch locally.
    3. Upload the updated files to your server.

    Reverting an Installed Patch

    Occasionally it is necessary to uninstall a patch. The command to revert a patch is essentially
    the same as the command that is used to install a patch, but with the addition of the -R flag.
    1. Before you begin, make sure that you have appropriate permissions to the Magento installation
    directory on the server. If the directory is owned by a web server user such as apache or root,
    change to the appropriate user to ensure that you have the necessary permissions. For
    su – apache
    Then when prompted, enter the password.
    2. Change to your magento installation folder.
    3. On the command line, enter the following command to revert the patch:
    sh -R

    Leave a Comment

    Your email address will not be published. Required fields are marked *