Magento 1.x Knowledge Base » Magento Maintenance » 4
MAY 29 2019

Magento recovery after Shoplift vulnerability (post SUPEE-5344)

If your Magento store was not yet patched, highly likely it was already compromised / hacked by automatic exploit that gone wild on April 22, 2015. To the date, almost every not yet patched store I see have all signs of intrusion: lib/Varien/Db/Adapter/Pdo/Mysql.php file modified, so patch can not be applied seamlessly: app/code/core/Mage/Cms/controllers/IndexController.php file have a hijacking cookie key installed Magpleasure/Filesystem extension is installed for easy access to filesystem (file upload/PHP code modification) from Backend… Read the rest
APR 27 2020

How to install SUPEE-5994 without SSH


79 comments

UPDATE: July 7, 2015: New Magento Security Patch (SUPEE-6285), save time on installing both SUPEE-5994 and SUPEE-6285 at once as shown in SUPEE-6285 & SUPEE-5994 installation without SSH. According to announce sent on May 15, 2015 to all Magento installations new security patch SUPEE-5994 should be installed in addition to two recent shoplift patches (SUPEE-5344 and SUPEE-1533). Important: New Magento Security Patch – Install it Now It is important for you to download and install… Read the rest
APR 27 2020

How to install SUPEE-5994


15 comments

UPDATE: July 7, 2015: New Magento Security Patch (SUPEE-6285). Make sure to apply it after SUPEE-5994 installation. For details refer to How to install SUPEE-6285. According to announce sent on May 15, 2015 to all Magento installations new security patch SUPEE-5994 should be installed in addition to two recent shoplift patches (SUPEE-5344 and SUPEE-1533). Important: New Magento Security Patch – Install it Now It is important for you to download and install a new security… Read the rest
NOV 23 2018

Securing Magento /admin/ by admin path change


6 comments

Default Magento backend URL is set to /admin/ (i.e. http://www.example.com/admin/), it knows everyone, including bots and crackers, who brute-forcing it for weeks according to my logs. Recent Shoplift vulnerability (known by its SUPEE-5344 patch widely announced to public) indicated that Magento Backend should not be accessible / known for anyone except store staff. Lucky us, changing default /admin/ path to any other random string is easy task for anyone who can edit text in XML… Read the rest
APR 23 2015

How to get list of installed Magento patches


1 comments

Due to recent changes in Magento release policies, as they are continue to release updates in a patch form, it is getting more vital to keep a track on which patches were installed and which core files were modified in this patches. All patches that were installed successfully are logged into app/etc/applied.patches.list file. You can just open this file in your favourite text editor to find out all installed patches and changed files: Also you… Read the rest
APR 27 2020

How to apply SUPEE-5344 and SUPEE-1533


10 comments

Recently released announce regarding Magento vulnerability which is about to be disclosed by CheckPoint mentions necessity of installing Magento patches SUPEE-1533 and SUPEE-5344 available for download at MagentoCommerce site: https://www.magentocommerce.com/products/downloads/magento/ To apply these patches you need SSH access (shell access actually, SSH is just most used way to get shell access) to the server. To apply patches without SSH access please refer to this article. Update: Make sure also to apply the latest SUPEE-5994 released… Read the rest
MAY 26 2015

How to check Magento version in shell / console

When you are working on several Magento installations you may need to determine version of every Magento site without going to Backend (it is shown at bottom of every page in Backend) or looking down through contents of app/Mage.php (it is in content of getVersionInfo function). I use this simple shell command line to check Magento version (when under Magento root directory): As you can see in the example above it is Magento 1.9.1.0. Another… Read the rest
APR 27 2020

How to apply SUPEE-5344 and SUPEE-1533 without SSH


99 comments

Recently released announce regarding Magento vulnerability disclosed by CheckPoint urges Magento patches SUPEE-1533 and SUPEE-5344 installation. The patches are available for download at MagentoCommerce site: https://www.magentocommerce.com/products/downloads/magento/ To test if your store is vulnerable use our Scan your store button in sidebar. The only problem with these patches is SSH requirement, which some hosts do not provide. If you have SSH access, you can install patches as shown in How to apply SUPEE-5344 and SUPEE-1533 via… Read the rest
SEP 25 2019

How to edit Magento Maintenance page

Magento maintenance page design can be changed just like any other Magento error page. By default, it looks like the following: It is shown when your store is in Maintenance mode, you can read how to turn it on or off in How to turn Magento Maintenance ON or OFF article. To change it to match your site’s look and feel use the following steps: under Magento root on filesystem copy errors/default/ folder into errors/your_skin/,… Read the rest
MAR 28 2015

How to completely disable Magento extension

Sometimes you may need to temporarily disable or turn off some Magento extension/module completely due to misbehave or other reasons, so it can not affect Magento installation and site can function just let the module never existed. Warning Some users spreading the false idea of disabling extension in Magento Backend by disabling its output at System > Configuration > Advanced > Disable Module Output. Do not do this, it would not disable the extension, would… Read the rest
FEB 06 2021

How to turn Magento Maintenance ON or OFF

Magento has built-in Maintenance mode which is ready to use with simple minimalistic approach. For advanced features, like switching maintenance mode on per-store-view basis from Magento Backend, please skip to the next section. Magento maintenance mode is controlled by maintenance.flag file under Magento’s root and coded in Magento’s index.php file: To turn maintenance mode ON this file (with any content) needs to be placed in Magento root, i.e.:   To turn Mageno maintenance mode OFF… Read the rest