How to Apply and Revert Magento 1.x Patches

Magento release new patch(es) for Community and Enterprise editions when it finds any vulnerability in the existing releases. It is highly recommended to install all the patches as soon as possible because your Magento store can be vulnerable till then and can hack your data. A complete overview of Magento patches can be found on Magento official website.

There’s a chance that certain modules or sections in your shop aren’t compatible with the Magento patch. That’s why always recommend you to make a backup before proceeding with patch installation.

How to check the patch(es) installed or not?

When patch(es) are applied a file named “applied.patches.list” is added in the “app/etc/” directory. So you can see what all patches applied and file changed when you open it.

You can also get the detail report by using Magereport.com. If any of the section comes up grey color it’s possible the files that are needed for the check are relocated. Therefore it can’t see whether your shop is patched or not. Don’t worry, just check the file in Magento installation directory “app/etc/applied.patches.list“.

How to Get Magento Patches?

Magento Support provides patches for Magento CE and EE on official Magento website. You can get the latest or missing patches from there.

Before going to download you need to know what version of Magento you are using. You can get it from magereport.com or log-in to check in your Magento backend.

Alternatively, you can create a php file in the magento root and use the below code.
[php light=”false”]
<?php
include ‘app/Mage.php’;
echo ‘Magento version is: ‘, Mage::getVersion();
?>
[/php]

Download the patch file(.sh) you need from the Magento downloads section.

How to Apply a Magento Patch?

Make sure compilation has been disabled in your store before installing patches. If you haven’t disabled the compiler and installed the patch, test everything and run the compiler to again. It needs to run the compiler to take effect of the code of the patch.

1. Transfer the patch .sh file to your Magento installation root directory.

2. You can apply the patch(es) via command line or through the browser.

Method 1 :
Create a file with the name patch.php, write following code in it and upload it in the installation root. Note that the System tools have to installed in your server to run the “sh” script, if below code doesn’t work you can contact your hosting provider or follow another method.
[php light=”false”]
<?php
echo "<PRE>";
passthru("/bin/bash PATCH_SUPEE-xxxx.sh");
echo "</PRE>";
echo "Done";
?>
[/php]
Replace the file name(PATCH_SUPEE-xxxx) in it and run the file from the browser. The result will shown on the screen. The message should look like the following:

Patch was applied/reverted successfully.

Method 2 :
You can install the patch(es) with SSH(shell) as well. You need the SSH access, if you don’t know how to set up SSH, contact your hosting provider.

Open up your console(terminal) and run the following commands.

For .sh file extension
sh PATCH_SUPEE-xxxx.sh

For .patch file extension
patch —p0 < patch_file_name.patch

After few moments you should receive a confirmation message that your security patch has been successfully applied to your Magento installation. The message should look like as following:

Patch was applied/reverted successfully.

3. Clear your Cache

It’s important to flush and clear the Magento cache after applying the patch.
Through the Magento Admin Panel

• Log in to your Admin Panel account
• Go to the System -> Cache Management section
• Click on the Flush Magento Cache button

Using SSH/FTP or the cPanel File Manager
Delete the contents of the var/cache/ folder using the following SSH command (MUST be executed from your Magento base directory):
rm -rf var/cache/*
OR
Delete the folder var/cache/ through your FTP client or using the cPanel File Manager.