Critical Patch SUPEE-5344 for Magento CE installing without SSH access

I was stressing about my new store install and installing the critical patch, I found this excellent guide and download to patch via FTP.  I first tested my site at and I got the dreaded red warning that my site was vulnerable.  I followed the instructions below and made a backup first.

Applying Magento patches via FTP/sFTP or FileManager / File Upload

To apply patches in this way we simply replace changed files. This way can not be used blindly if you or your developers have changed any core Magento files (which is a big no-no, by the way). Such changes should be re-applied to patched files, or you loose these changes.
Patch SUPEE-1533 (Magento 1.7.x.x- applied to the following files:
  • app/code/core/Mage/Adminhtml/Block/Dashboard/Graph.php
  • app/code/core/Mage/Adminhtml/controllers/DashboardController.php
Patched version of files for Magento (including, and versions) packed into single ZIP archive: Simply unpack it and replace patched files on your store by uploading app folder into your Magento root directory.
Patch SUPEE-5344 (Magento 1.8.x.x- applied to the following files:
  • app/code/core/Mage/Admin/Model/Observer.php
  • app/code/core/Mage/Core/Controller/Request/Http.php
  • app/code/core/Mage/Oauth/controllers/Adminhtml/Oauth/AuthorizeController.php
  • app/code/core/Mage/XmlConnect/Model/Observer.php
  • lib/Varien/Db/Adapter/Pdo/Mysql.php
Patched version of these files for Magento 1.8.x.x- packed into single ZIP archive: Simply unpack it and replace patched files on your store by uploading app/ and lib/ folders into your Magento root.

Took only a few minutes, when done, login to store and clear cache then check  again.  I got the green safe message, phew!

Unfortunatel,y Magento don’t make it easy for us poor souls with not enough money to switch to the enterprise version and the unhelpful users in the forum don’t offer much help.

Similar Posts