How To Install Magento SUPEE 6788 Security Patch

The Most Popular Extension Builder for Magento 2

With a big catalog of 234+ extensions for your online store

For e-commerce store owners, perhaps, one of their biggest worries is unwanted attacks from potential hackers on their websites. Of course, the consequence of these attacks is that all the vital information is stolen. Therefore, protecting the store against potential attacks or threats is always a must for any e-commerce store today.

Understanding the worries of Magento store owners, the Magento support team regularly releases security patches to help them enhance store security as well as provide a safe transaction experience for customers when purchasing. One of the most secure security patches available today is SUPEE-6788.

In this article, we will guide you step by step How to install Magento SUPEE 6788 Security Patch.

Let’s jump into the details!

Table of Contents

Benefits of SUPEE 6788 Security Patch

Released on October 27, 2015, Magento Security patch SUPEE-6788 is capable of fixing more than 10 security issues, including remote execution and data leaks. Thanks to this patch, you can protect your store against potential hackers. The result is giving customers a feeling of peace of mind and safety when transacting on your website.

The patch is integrated into Magento version 1.9.2.2. You can upgrade your version to the latest version of this patch. Also, please remember that this patch is not related to malware issues; you should install and try the patch on the server before installing it directly as this patch may conflict with other 3rd party extensions.

However, with the introduction of Magento 2, the latest version 2.4.2 offers much better security than installing patches. So, when your Magento 1 version is near the end of life, consider switching to Magento 2 instead of installing this patch.

How to Install Magento SUPEE 6788 Security Patch

There are 2 ways to install SUPEE 6788 Security Patch for Magento stores. They are: install SUPEE 6788 using SSH and without SSH. Please follow us to learn each of one step-by-step.

Method 1: Install Magento SUPEE 6788 using SSH

Step 1. Access SSH of your server

To install SUPEE 6788 patch on your website, you need to have SSH access to your server.

Step 2: Disable Compiler on your store

As soon as you have the access SSH, next, make sure that you have disabled Compiler on Magento store by navigating to SYSTEM > CONFIGURATION > TOOLS > COMPILATION

Then, you need to confirm your Magento version from the backend footer.

Step 3: Download the security patch

Please go to the official website of Magento to download the security patch.

https://www.magentocommerce.com/products/downloads/magento/

Step 4: Upload the patch in the root directory

By using Cpanel or FTP, you can upload the patch in the root directory of Magento with ease.

Step 5: Connect your server by using SSH

It’s time to connect your server by using SSH access, then go to the root directory where you install Magento. After that, please run the patch statement below.

Note that you need to change the Magento version in the command to your Magento version. Suppose you are using Magento 1.9, then you may face a hunk failed issue, so please use Magento 1.8 in command.

mv .htaccess .htaccess_original
wget -qO .htaccess http://svn.magentocommerce.com/source/branches/1.8/.htaccess
wget -qO .htaccess.sample http://svn.magentocommerce.com/source/branches/1.8/.htaccess.sample
sh PATCH_SUPEE-6788_CE_1.8.1.0_v1-2015-10-26-11-59-27.sh
mv .htaccess .htaccess_patched
mv .htaccess_original .htaccess

For patch files that contains the file extension .patch:

patch –p0 < patch_file_name.patch

Please refresh the cache manually or using the following command. Occasionally, the patch you installed will not show up. Please go to the var folder in SSH and run the statement: rm -rf cache/

Step 6. Add the code in your .htaccess file manually

After finishing all the above commands, you now need to add the code below in your .htaccess file manually.

 
###########################################
## Deny access to cron.php
<Files cron.php>
 
############################################
## uncomment next lines to enable cron access with base HTTP authorization
## http://httpd.apache.org/docs/2.2/howto/auth.html
##
## Warning: .htpasswd file should be placed somewhere not accessible from the web.
## This is so that folks cannot download the password file.
## For example, if your documents are served out of /usr/local/apache/htdocs
## you might want to put the password file(s) in /usr/local/apache/.
 
#AuthName "Cron auth"
#AuthUserFile ../.htpasswd
#AuthType basic
#Require valid-user
 
############################################
 
Order allow,deny
Deny from all
 
</Files>

Step 7. Disable Secured Admin routing for extensions

Please make sure that you have disabled secured admin routing for extensions by default.

  • You are able to uninstall unusual 3rd party extensions
  • You are able to ask to get support from the extension developer or upgrade your extension package.
  • You are able to follow the tutorial of Magento to make some essential changes in 3rd party extensions or ask us to make the compatibility between any extensions and SUPEE 6788.

Step 8: Enable Secured Admin routing

After all, you can enable Secured Admin routing by navigating to System > Configuration > Admin > Security > Admin routing compatibility mode for any extension.

Method 2: Install Magento SUPEE 6788 without SSH

Before proceeding, please note some important things:

  1. You should backup all the original files before implementing any change on your Magento store.
  2. Make sure that you have disabled Compiler on your Magento store.

Below are all Pre Patched files. Please download the zip file for your patch installation. Also, you can download these Pre-Patched files from Github.

After you have downloaded the file, you only need to upload it to your Magento root folder to complete.

Magento version SUPEE-6788
Magento 1.9.2.1 SUPEE_6788_Magento_1.9.2.1
Magento 1.9.2.0 SUPEE_6788_Magento_1.9.2.0
Magento 1.9.1.1 SUPEE_6788_Magento_1.9.1.1
Magento 1.9.1.0 SUPEE_6788_Magento_1.9.1.0 – Updated!
Magento 1.9.0.1 SUPEE_6788_Magento_1.9.0.1
Magento 1.9.0.0 SUPEE_6788_Magento_1.9.0.0
Magento 1.8.0.0 SUPEE_6788_Magento_1.8.0.0
Magento 1.8.1.0 SUPEE_6788_Magento_1.8.1.0
Magento 1.7.0.0-1.7.0.1 SUPEE_6788_Magento_1.7.0.0-1.7.0.1
Magento 1.7.0.2 SUPEE_6788_Magento_1.7.0.2
Magento 1.6.2.0 SUPEE_6788_Magento_1.6.2.0
Magento 1.6.1.0 SUPEE_6788_Magento_1.6.1.0
Magento 1.5.1.0 SUPEE_6788_Magento_1.5.1.0

Another important thing, remember to follow step 6,7,8 from method 1.

How to check if SUPEE 6788 has been installed successfully on the Magento store?

To check if Magento SUPEE 6788 has been installed on your Magento store correctly, you can go to this link: https://www.magereport.com/

Common issue after installing Magento SUPEE 6788

After installing Magento SUPEE 6788 patch, some custom blocks may disappear from the front page as Magento has added new restrictions in the blockDirective method with the security patch.

You need to find out if the type of block to be displayed is allowed in the permission_block database table. A new code in the Mage_Core_Model_Email_Template_Filter class will check to see if it exists in the table. To resolve issues with custom blocks that are not listed in permission_block and consequently will not be displayed, you need to follow the steps below:

  • Determine your custom blocks to be used in cms {{block}} directive

  • Go to System/Permissions/Blocks, add your block type if allowed.

Now, you can open the file: app/code/core/Mage/Core/Model/Email/Template/Filter.php file in a text editor, look for public function blockDirective somewhere around the 169th line, and then, add the following commands:

Mage::log($blockParameters[‘type’], null, ‘blocks_used.log’, true);

Afterwards, you are able to log all blocks that Magento is checking:



// ...

/* Mage_Core_Model_Email_Template_Filter */

public function blockDirective($construction)
{
  $skipParams = array('type', 'id', 'output');
  $blockParameters = $this->_getIncludeParameters($construction[2]);
  $layout = Mage::app()->getLayout();

  if (isset($blockParameters['type'])) {

     Mage::log($blockParameters['type'], null, 'blocks_used.log', true);

     if ($this->_permissionBlock->isTypeAllowed($blockParameters['type'])) {
        $type = $blockParameters['type'];
        $block = $layout->createBlock($type, null, $blockParameters);
     }
   } elseif (isset($blockParameters['id'])) {
        $block = $layout->createBlock('cms/block');
        if ($block) {
           $block->setBlockId($blockParameters['id']);
        }
   }

// ...

Finally, you just need to flip through all the pages on your Magento store while the block types will be automatically logged in the var/log directory. Please copy and add them to the allowed block types.

Similarly, variables can also be affected by the SUPEE 6788 Magento security patch. So you can add variables by going to System > Permissions > Variables.

Plugins that use custom variables should be updated. Please check in the following example:



if (version_compare(Mage::getVersion(), '1.9.2.2', '>=')) {

    $installer = $this;
    $connection = $installer->getConnection();

    $installer->startSetup();

    $installer->getConnection()->insertMultiple(
        $installer->getTable('admin/permission_block'),
        array(
            array('block_name' => 'core/template', 'is_allowed' => 1),
            array('block_name' => 'catalog/product_new', 'is_allowed' => 1),
        )
    );

    $installer->endSetup();
}


The bottom line

Security is an important factor for any website. With the help of SUPEE 6788 patch, there will be no more worries about potential hacker attacks on your Magento store.

In addition, you can also protect your eCommerce store by installing an extension. Mageplaza Security Suite is the best choice for you. Thanks to this module, you can completely prevent unwanted attacks from potential hackers. Moreover, it provides a smart warning system for store owners if there are any risks.

Hope our tutorial on How to install Magento SUPEE 6788 Security Patch will help you to install the patch on the Magento website easily.

If you find our article missed something important, please leave a comment in the below section. And don’t forget to share it with your friends!

Thanks a lot for reading!

Looking for
Customization & Development Services?

8+ years of experiences in e-commerce & Magento has prepared us for any challenges, so that we can lead you to your success.

Get free consultant
development service

Explore Our Products:

Subscribe

Stay in the know

Get special offers on the latest news from Mageplaza.

Earn $10 in reward now!

Earn $10 in reward now!

comment
iphone
go up