Magento Community Edition has had 3 critical patches this year to correct a vulnerability that was exposed which would allow hackers to gain access to your customers info. Details and patches can be found here: https://www.magentocommerce.com/download. You’ll need to have access to SSH to patch your installation, and if you don’t know how to do this click here for SSH instructions (this is for siteground hosting, but most hosts using cPanel will have a similar process). This is often the most tedious part, and if you don’t have SSH/Shell access you might need to contact your host or developer.
Here is what I did to patch:
- Backup your site files & database. If you don’t know how, Read my article on backing up magento.
- Download the file PATCH_SUPEE-5994_CE_220.127.116.11_v1-2015-05-15-04-34-46.sh from https://www.magentocommerce.com/download (if you didn’t do the previous SUPEE-1533 & SUPEE-5344, do those first).
- Upload the .sh file into the root directory of you Magento Install
- Login to your site using SSH (I use Putty) and navigate to your root Magento directory (usually PUBLIC_HTML).
- Run the command:
sh PATCH_SUPEE-5994_CE_18.104.22.168_v1-2015-05-15-04-34-46.sh. This will initiate the patch. If all goes well, it should say something like “Patch was applied/reverted successfully.”.
- Now login to your store backend, go to the “Cache Management” page and refresh your caches to apply the changes.
Now, you should be all set, but there is a chance that you might have a broken store (which did happen to me) giving you a blank screen with an error like “PHP Fatal error: Class ‘Mage_Install_Controller_Router_Install’ not found in /var/www/x/public_html/app/code/core/Mage/Core/Controller/Varien/Front.php on line 138″. This kind of error always gives me a sickening feeling in the pit of my stomach, because I know you shouldn’t deploy changes on a live site, but I do it anyways. It could either be a quick fix or it could require you to restore your whole damn site backup (you did backup your site before you tried to apply this patch didn’t you?).
Luckily, this time its an easy fix, which a quick google search revealed on Magento Stack Exchange. Turns out it’s just a compiler error. Here’s the skinny:
- If you logged out of SSH, log back in
- Run the Following commands (in order):
php -f shell/compiler.php -- disable
php -f shell/compiler.php -- clear
php -f shell/compiler.php -- compile
php -f shell/compiler.php -- enable
Now just refresh your page and you should be back up and running. Here's the page i found on Stack Exchange which I'm citing here.
Hopefully, you are now all patched and ready to go and I hope this helped.