With the continuously growing number of hacking attempts on eCommerce sites, finding vulnerabilities in your website to make it secure has become more important than ever. Given the fact hackers launch attacks on sites running on popular e-commerce platforms such as Magento (and others), you must take precautionary measures to avoid becoming a victim of such attacks.
Thankfully, Magento releases security patches to make a store protected against vulnerabilities detected in the system. So, if you’re running a Magento store, it is a good practice to update the store as soon as possible. Or else, you might suffer massive data loss. Besides, it is needless to say the damage a hacked site can cause to your reputation among visitors (and customers).
Magento rolled out two new security patches named SUPEE-7405 and SUPEE 7616 this year. But, sadly 80 percent of Magento stores still haven’t applied the patches. So, if you’ve discovered any security breach in your e-store make sure to install the latest available patches that could help improve the security of your Magento store. But in case you’re having difficulty in implementing the security patches, it would be better to take assistance of a reputed Magento e-commerce development company.
In this post, we’ve covered the installation procedure for the latest SUPEE-7405 security patch on your Magento store version 1.x. But, let’s have a brief overview of the patch first.
Introduction to SUPEE 7405
SUPEE 7405 security patch was released on January 20, 2016, and provide fixes for vulnerabilities like SQL Injection, Cross-site Scripting, Cross-site Request Forgery (CSRF), etc. These vulnerabilities can steal your critical customer information or gain access to administrator sessions. This security patch has been made available for Magento versions 1.4.0.0 till 1.9.2.2, and 2.0.0.0 till 2.0.1.0.
Installation of SUPEE-7405 Security Patch
When it comes to installing the SUPEE-7405 security patch, you can accomplish the task with or without SSH. In this part, we’ll be discussing both these ways to install the patch in question.
Installing SUPEE-7405 With SSH
In case you have SSH access to your server, then begin installing SUPEE-7405 with SSH. Below are the steps you need to follow to perform the installation:
Step 1 – You can download the SUPEE-7405 patch from Downloads page:
https://www.magentocommerce.com/products/downloads/magento/
Or else, simply install the patch just like any regular Magento upgrade by making use of Downloader (which comes added with Magento 1.9.2.3 version).
NOTE: Before installing SUPEE-7405 patch make sure to install all other previous patches to keep your site secure from previous patches identified in Magento version.
Step 2 – Prior to the installation process, you must disable Magento Compiler from your system. To do so, go to System → Configuration → Tools → Magento Compiler. Once you’ve opened up the compiler makes sure to clear the compiled cache.
Step 3 – Next, you must verify the Magento version on which your store is running. You can easily check your store version by looking at the following code saved in Magento Mage.php file:
$ grep -A6 ‘static function getVersionInfo’ app/Mage.php
public static function getVersionInfo()
{
return array(
‘major’ => ‘1’,
‘minor’ => ‘9’,
‘revision’ => ‘2’,
‘patch’ => ‘2’,
}
The code determines that the version of your Magento store is 1.9.2.2
Step 4 – Upload the patch file into the root directory of your Magento install, and then execute it using the below given command:
sh patch_file_name.sh
In the above command, the filename could be something like:
PATCH_SUPEE-7405_CE_1.9.2.2_v1-2016-01-20-04-35-33.sh
Once, you run the above command a message will be displayed as following confirming whether the patch was installed successfully:
Patch was applied/reverted successfully
Step 5 – Lastly, you just need to verify whether your Magento store is functioning correctly or not. Also, you’ll have to flush the PHP opcode caches (like APC/XCache/eAccelerator). Keep in mind to flush the cache after applying the patch (or when you restart your web server).
Installing SUPEE-7405 Without SSH
Of course, applying a patch will become easy in case you have SSH access. But what if you don’t have such access? In that case, follow the below listed steps to install the SUPEE-7405 patch without SSH:
NOTE: Before you begin the installation process ascertain to upgrade your Magento store version to 1.9.2.3.
Step 1 – First off, make sure to install all the previous patches prior to installing the new one. Simply put, ensure to install the security patches SUPEE-1533, SUPEE-5344, and SUPEE-5994, to name a few.
Step 2 – Next, you’ll need to disable the Magento Compiler from your system. This requires you to navigate to System → Configuration → Tools → Magento Compiler from your admin panel.
Step 3 – Now, you must download all of the already patched files available in Github repo (or the ones mentioned in the below table). And then, upload those files in your Magento root directory.
|
Magento version |
SUPEE-7405 |
|
Magento 1.9.2.2 |
SUPEE_7405_Magento_1.9.2.2 |
|
Magento 1.9.2.0-1.9.2.1 |
SUPEE_7405_Magento_1.9.2.1 |
|
Magento 1.9.1.0-1.9.1.1 |
SUPEE_7405_Magento_1.9.1.1 |
|
Magento 1.9.0.1 |
SUPEE-7405-1.9.0.1 |
|
Magento 1.8.1.0 |
SUPEE_7405_Magento_1.8.1.0 |
|
Magento 1.7.0.0-1.7.0.2 |
SUPEE_7405_Magento_1.7.0.2 |
NOTE: Make sure to keep a backup of all the files that you are replacing.
Step 4 – Empty your cache. Also, flush the PHP opcode caches like APC/XCache/eAccelerator after patching. And at last, test the functionality of your Magento store.
Conclusion
Are you a Magento store owner and concerned about hardening your website security? Well, then you must update your version according to latest security patches as they come with fixes to deal with vulnerabilities detected in Magento versions. This post will guide you the process of installing the latest SUPEE-7405 security patch for Magento version 1.x.
