With the continuously growing number of hacking attempts on eCommerce sites, finding vulnerabilities in your website to make it secure has become more important than ever. Since hackers launch attacks on sites on popular e-commerce platforms such as Magento (and others), you must take precautionary measures to avoid becoming a victim.
Thankfully, Magento releases security patches to protect a store against vulnerabilities detected in the system. So, if you’re running a Magento store, updating the store as soon as possible is good practice. Or else you might suffer massive data loss. Besides, it is needless to say the damage a hacked site can cause to your reputation among visitors (and customers).
Magento rolled out two new security patches named SUPEE-7405 and SUPEE-7616 this year. But, sadly, 80 percent of Magento stores still haven’t applied the patches. So, if you’ve discovered any security breaches in your e-store, make sure to install the latest available patches that could help improve the security of your Magento store. But if you’re having difficulty implementing the security patches, it would be better to seek the assistance of a reputed Magento e-commerce development company.
This post covers the installation procedure for the latest SUPEE-7405 security patch on your Magento store version 1. x. But let’s have a brief overview of the patch first.
Introduction to SUPEE 7405
SUPEE 7405 security patch was released on January 20, 2016, and provides fixes for vulnerabilities like SQL Injection, Cross-site Scripting, Cross-site Request Forgery (CSRF), etc. These vulnerabilities can steal your critical customer information or access administrator sessions. This security patch is available for Magento versions 1.4.0.0 to 1.9.2.2 and 2.0.0.0 to 2.0.1.0.
Installation of SUPEE-7405 Security Patch
When it comes to installing the SUPEE-7405 security patch, you can accomplish the task with or without SSH. In this part, we’ll discuss both ways to install the patch in question.
Installing SUPEE-7405 With SSH
If you have SSH access to your server, install SUPEE-7405 with SSH. Below are the steps you need to follow to perform the installation:
Step 1 – You can download the SUPEE-7405 patch from the Downloads page:
https://www.magentocommerce.com/products/downloads/magento/
Or else, install the patch just like any regular Magento upgrade by using the Downloader (which comes with the Magento 1.9.2.3 version).
NOTE: Before installing the SUPEE-7405 patch, install all other patches to keep your site secure from previous patches identified in the Magento version.
Step 2 – You must disable the Magento Compiler on your system before installation. To do so, go to System, Configuration, Tools, and Magento Compiler. Once you’ve opened up the compiler, make sure to clear the compiled cache.
Step 3 – Next, you must verify the Magento version on which your store is running. You can easily check your store version by looking at the following code saved in the Magento Mage.php file:
$ grep -A6 ‘static function getVersionInfo’ app/Mage.php
public static function getVersionInfo()
{
return array(
‘major’ => ‘1’,
‘minor’ => ‘9’,
‘revision’ => ‘2’,
‘patch’ => ‘2’,
}
The code determines that the version of your Magento store is 1.9.2.2
Step 4 – Upload the patch file into the root directory of your Magento install, and then execute it using the below given command:
sh patch_file_name.sh
In the above command, the filename could be something like:
PATCH_SUPEE-7405_CE_1.9.2.2_v1-2016-01-20-04-35-33.sh
Once you run the above command, a message will be displayed as follows, confirming whether the patch was installed successfully:
The patch was applied/reverted successfully
Step 5: You must verify whether your Magento store is functioning correctly. Also, you’ll have to flush the PHP opcode caches (like APC/XCache/eAccelerator). Keep in mind to flush the cache after applying the patch (or when you restart your web server).
Installing SUPEE-7405 Without SSH
Of course, applying a patch will be easy if you have SSH access. But what if you don’t have such access? In that case, follow the below listed steps to install the SUPEE-7405 patch without SSH:
NOTE: Before you begin the installation process, upgrade your Magento store version to 1.9.2.3.
Step 1: First, make sure to install all the previous patches before installing the new one. Simply put, ensure to install the security patches SUPEE-1533, SUPEE-5344, and SUPEE-5994, to name a few.
Step 2: Next, you’ll need to disable the Magento Compiler on your system. This requires navigating to System, Configuration, Tools, and Magento Compiler from your admin panel.
Step 3: Now, you must download all of the already patched files available in the Github repo (or the ones mentioned in the below table). And then, upload those files to your Magento root directory.
|
Magento version |
SUPEE-7405 |
|
Magento 1.9.2.2 |
SUPEE_7405_Magento_1.9.2.2 |
|
Magento 1.9.2.0-1.9.2.1 |
SUPEE_7405_Magento_1.9.2.1 |
|
Magento 1.9.1.0-1.9.1.1 |
SUPEE_7405_Magento_1.9.1.1 |
|
Magento 1.9.0.1 |
SUPEE-7405-1.9.0.1 |
|
Magento 1.8.1.0 |
SUPEE_7405_Magento_1.8.1.0 |
|
Magento 1.7.0.0-1.7.0.2 |
SUPEE_7405_Magento_1.7.0.2 |
NOTE: Make sure to keep a backup of all the files that you are replacing.
Step 4: Empty your cache. Also, flush the PHP opcode caches like APC/XCache/eAccelerator after patching. And at last, test the functionality of your Magento store.
Conclusion
Are you a Magento store owner and concerned about hardening your website’s security? Well, then you must update your version according to the latest security patches, as they come with fixes to deal with vulnerabilities detected in Magento versions. This post will guide you in installing the latest SUPEE-7405 security patch for Magento version 1. x.
