How to Patch Magento – Critical Patches

You log in to your Magento backend admin panel and you are hit with a critical message at the top that says there is a patch you need to install.  Major security issues may occur if you do not install the patch.   You use FTP but have never used SSH and you are a bit afraid, so, what do you do????

Install the patch!  Here is how.

Download a SSH Tool

To do the job you need the right tools.  My preferred SSH tool is called PuTTY.  PuTTY is a free Tel-Net and SSH client and easy to use.  To read more about PuTTY, click here

Download Magento Patch Files

Magento has taken the guess work out of understanding what patch you need.  They keep a nice list in order (newest on top) of the patches available.  You can find the patches up for grabs here –

Let’s Do This!

  1. Upload the patch file to public_html, copy the full name of file to clipboard
  2. Open Putty Pageant and load in secret Key (you will have to create one first and save it to your computer then load it in)
  3. Open Putty (SSH)
  4. Username: (this is probably the same as your FTP name), you will not need to put in a password since you used a secret Key
  5. Change directory –    cd public_html  (where you dropped in your patch(es))
  6. Type in the command “sh” space, then rightclick the mouse to drop in the full patch name, hit enter
  7. All should go well and patch, if not visit the Magento site to learn how to roll back a patch

Check to make sure that the patch is listed in the log –


The applied patches list will show all of the patches you have applied and the date they were applied as well as if they installed correctly.

If something goes wrong and you need to remove a patch over SSH, use the following command series –

sh -R

Happy Patching!