In short, we check and patch all security issues and vulnerabilities in Magento Core that we are aware of.
In details, we check current state, verify already applied patches, local overrides and install the following Magento security patches:
SUPEE-9767, SUPEE-9652, SUPEE-8788, SUPEE-8167, SUPEE-7405v1.1, SUPEE-7405, SUPEE-6788, SUPEE-6482, SUPEE-6285, SUPEE-5994, SUPEE-5344, SUPEE-3941, SUPEE-3762, SUPEE-2725/1049 and APPSEC-212. Additionally, we patch known RCE vulnerabilities in the following third-party extensions: EM Ajaxproducts RCE vulnerability, Cart2Quote RCE vulnerability, MD Quickview RCE vulnerability, EM Quickshop RCE vulnerability, Amfeed vulnerability.
Verification of current store state prior to the patch installation takes more time than patch installation itself and some patches require other patches to be correctly installed already, so it is important to preserve the order and verify the correct order of already applied patches. Therefor installation cost is the same for all patches or only the latest one. If we should skip verification or installation of some specific patch(es), please mention this in the request.
Magento security patch installation process is usually completed within two-four hours:
- you submit the request form and initiate the payment
- we connect to your servers and verify the information and Magento state
- we check for all already applied patches, extensions installed and its state
- we backup all files to be patched
- we disable Magento compiler (if needed)
- we apply all needed security patches one by one solving any possible issues that may arise
- we patch all local overrides that were skipped during patch installation
- we flush PHP opcode cache (if needed)
- we apply fixes for known compatibility issues that may arise after patch installation
- we notify you about the process completion
In the event of unsatisfactory results (there were two such cases to the moment), we revert patched files from backup and roll back the payment transaction.
If your store was compromised or infected with malware, please mention this in additional details field and prepare to restore it from the latest backup prior to patch installation. We will confirm the schedule with you and will install patches right after backup restoration.
JFYI: You can grant the access as usual (by providing IP-address/username/password specification for login above) or use the following public DSA key by adding it to your .ssh/authorized_keys2 file: