Install Security Patch Without Shell/SSH Access

Submitted by metaharper - 5 years ago

Several times a year, Magento will release security patches for its various versions. Most of them can be found here: They provide directions for installing them over SSH but they do not offer any insight for those on shared hosting or site owners without direct SSH access. Here is a proposed solution using just FTP and a bit of PHP scripting. MORE INFORMATION: It appears that at least for SUPEE-5344 and SUPEE-1533, there is a sort of log written to app/etc/applied.patches.list. Gives general information about what the patch actually did. I did a grep for reference to this file in Magento's codebase but it returned nothing which could mean there may be no logic for tracking applied patches. SIDE NOTE: Patches seem to be indistinguishable from core hacks: Other Links:

// ***** INSTALL USING PHP *****
// Use an FTP client to upload the specific patch to the root of your Magento folder. Create a PHP file called applypatch.php that will run the patch for you, and upload it to the root of your Magento folder. Make sure to use the right patch name here, if you don't use the patch for version 1.8.x-1.9.x


// Visit the file at, and check if the output looks as expected.

// ***** INSTALL MANUALLY w/o PHP *****
// The .sh file contains a 'DIFF' patch. These show what lines were removed and added. While I don't advise it, you should be able to manually download the files through FTP, and edit these files in your editor of choice, and then reupload them again through FTP. The format isn't too hard to interpret, so you can do this for all the files and shouldn't take more then a few minutes.
Learn PHP
comments powered by Disqus
Proudly hosted on Digital Ocean