Magento 2 security patches

What are the security patches?

Magento 2 security patch is an additional code that will resolve certain vulnerability and malware issues. Security patches are supplied in the additional code in the form of patch script, which locates the place where the code will fix the vulnerability issues.

Magento store owners and developers need to keep in mind that security patches depend on the Magento core code files for proper installation, which means that if you or your store developer alter any Magento core files code then there is no chance to install the missing security patches.

You can check below a few more common points of a Magento store which are being hacked.

• Credit / Debit card information of the customers can get stolen.
• Admin access also can get stolen.
• Website servers can get compromised by hackers.
• Malware can get installed into your shop

Why do you need magento 2 security patches?

In Magento the development policy was more focused on improving the platform and adding new additional features. This meant that security issues were mostly fixed and to get rid of certain vulnerability and malware issues, a store owner would have to simply update their Magento to the latest version or install the missing security patches which are released by Magento.

How to install magento security patches?

We can follow the below different methods to install the Magento security patches.

Method 1: Using SSH

Here’s a Step by Step Guide on How to install Security Patches in Magento 2 using SSH command line.

• Take the database and files backup.
• Disable all types of cache.
• Enable the developer mode with this SSH command line: php bin/magento deploy:mode:set developer
• Download the missing Security Patches from this link – https://magento.com/tech-resources/download
• Upload the Security patches on your server using the FTP.
• Open the SSH command line console and execute the below few commands. sh PATCH_FILE_NAME.sh

Method 2: Using the PHP script

You can also install the missing security patches using the PHP script instead of inputting the many commands in the SSH console. You can use FTP client to upload patch files to your server. Then open any simple text editor (WordPad, Notepad, etc…), and enter the text below and save the file as patch.php

“);
passthru(“/bin/bash PATCH_FILE_NAME.sh”);
print(““);
echo “Done”;
?>

Once the php file will be ready as per above steps you can follow the below steps to run the file for install the missing patches.

• Take the database and files backup.
• Disable all types of cache.
• Enable the developer mode with this SSH command line: php bin/magento deploy:mode:set developer
• Download the missing Security Patches from this link – https://magento.com/tech-resources/download
• Upload the security patches on your server using the FTP.
• Upload the PHP file to your project root folder.
• Then run the PHP file in your browser by adding /patch.php after your website domain name.
• You can see the message that the patch was successfully installed.
• Then get back to the FTP client and delete the PHP script file from the server which you have uploaded for install the patch.

How to revert the installed security patches?

Here’s a step by step Guide on How to revert the installed security patches in Magento 2 using SSH command line.

• Take the database and files backup.
• Disable all types of cache.
• Enable the developer mode with this SSH command line: php bin/magento deploy:mode:set developer
• Download the missing Security Patches from this link – https://magento.com/tech-resources/download
• Upload the Security patches on your server using the FTP.
• Open the SSH command line console and execute the below few commands. sh PATCH_FILE_NAME.sh -R

How to check installed / missing patches?

You can use this https://www.magereport.com website for checking the installed / missing patches.