Magento released a new security patch SUPEE-6788 on Oct 27, 2015 which address 10+ security issues, including remote code execution and information leak vulnerabilities. A new Magento community edition 18.104.22.168 also released which comes with all these vulnerabilities fixes included. This patch is not related to Guruincsite malware infection in thousands of magento website worldwide.
Security of an online store must be maintained at any cost. When you use an open source platfrom, its important that you keep your store updated to latest version. If you still using magento 1, I highly recommend to migrate your store to magento 2.
Its strongly recommended to install this patch in a development environment first as it can effect several popular extensions and customization.
If you have SSH, Download the patch from the Community Edition Download page and read how to install SUPEE-6788 security patch. Learn more at http://magento.com/security/patches/supee-6788
How to apply SUPEE-6788 security patch to your magento
Update magento – Upgrading your magento to Magento 22.214.171.124 will include all security patches (SUPEE-5344, SUPEE-5994, SUPEE-6285, SUPEE-6482, SUPEE-6788) released by magento so far.
Apply Security Patch to your version – By some reason if magento upgrade is not possible you can apply this security patch via FTP/sFTP upload as shown in this article.
Before applying this patch to magento, make sure you apply all previous security patches for your version of magento.
Getting ready to install SUPEE-6788 –
Cautions – SUPEE-6788 can possibly break some third party extensions those uses custom variables and custom admin routes. Checkout if you are using any such extension by verifying it on the community maintained list of incompatible extension.
- Update all third-party extensions, disable and uninstall any unused extensions.
- Disable Magento Compiler and clear compiler cache
- Install all previous patches (namely, SUPEE-1533, SUPEE-5344, SUPEE-5994, SUPEE-6285, SUPEE-6482)
Applying Magento patch via FTP/sFTP or FileManager / File Upload –
Next step is to upload these files in respective folder on the server using FTP or sFTP. If you have changed any core magento file (not recommended at all though) from the above list, you need to reply your changes to this new patch file and upload it on the server.
Steps To install the patch via FTP/File Upload –
- Select patch bundle archive corresponding to your Magento version from the table below and unpack it
- upload all files and folders to Magento root directory of your store, replacing all files
- delete dev/tests/functional/.htaccess from your store (if exists)
Patch for all magento version –
List of Files updated in SUPEE-6788 patch –
Once you apply clear your magento store cache to make sure these files are not longer in the cached version.
Post-installation Check –
With this security patch magento added a new option in System/Configuration. Its in System > Configuration > Admin > Security as a new option Secure Admin routing for extensions. This option is not applied by default after patch installation. In order to achieve maximum security benefit from this patch Admin routing compatibility mode should be Disabled.
Security of online transaction is really important and if you want to maintain trust of your customer in your business, its important to maintain the security of your website. When you use a open source platfrom like magento, you become more vulnerable to such threats. Checkout our magento development services and explore how our eCommerce development services can be beneficial for your online magento store.
Checkout 11 steps to insure magento security to bullet proof security of your magento website to secure your website further.
In case of any difficulty to apply any magento security contact us or write below in the comment, we will work on it together. Share this post with your social network to let your friends know about this important security update of Magento.
Dhanpat has over a decade of experience in helping businesses worldwide to design, develop and market them more effectively.
He is co-founder at Axis Web Art and leading the organisation with his all around knowledge of web design, web development and digital marketing technologies. With his leadership Axis Web Art is serving clients all over the world including some fortune 500 companies.