I was stressing about my new store install and installing the critical patch, I found this excellent guide and download to patch via FTP. I first tested my site at shoplift.byte.nl and I got the dreaded red warning that my site was vulnerable. I followed the instructions below and made a backup first.
Applying Magento patches via FTP/sFTP or FileManager / File UploadTo apply patches in this way we simply replace changed files. This way can not be used blindly if you or your developers have changed any core Magento files (which is a big no-no, by the way). Such changes should be re-applied to patched files, or you loose these changes.Patch SUPEE-1533 (Magento 1.7.x.x-220.127.116.11) applied to the following files:
- app/code/core/Mage/Adminhtml/controllers/DashboardController.phpPatched version of files for Magento 18.104.22.168-22.214.171.124 (including 126.96.36.199, 188.8.131.52 and 184.108.40.206 versions) packed into single ZIP archive: SUPEE-1533.zip. Simply unpack it and replace patched files on your store by uploading app folder into your Magento root directory.Patch SUPEE-5344 (Magento 1.8.x.x-220.127.116.11) applied to the following files:
- lib/Varien/Db/Adapter/Pdo/Mysql.phpPatched version of these files for Magento 1.8.x.x-18.104.22.168 packed into single ZIP archive: SUPEE-5344.zip. Simply unpack it and replace patched files on your store by uploading app/ and lib/ folders into your Magento root.
Took only a few minutes, when done, login to store and clear cache then check shoplift.byte.nl again. I got the green safe message, phew!
Unfortunatel,y Magento don’t make it easy for us poor souls with not enough money to switch to the enterprise version and the unhelpful users in the forum don’t offer much help.