This website uses cookies

Our website, platform and/or any sub domains use cookies to understand how you use our services, and to improve both your experience and our marketing relevance.

CloudwaysCDN — a powerful solution that offers superior performance and satisfied global audience for your business. Read More

Magento “Shoplift” Bug: How to Protect Your Online Store?

Updated on  8th May

2 Min Read
Reading Time: 2 minutes

Magento took the ecommerce community by storm ever since it was launched. It is now one of the most preferred platforms for ecommerce hosting. The more famous it became, the more hackers are interested to crack its code. Just a few days back Magento announced a major security patch for a vulnerability code named “Shoplift”.

Magento Shoplift

This vulnerability was first detected by Netanel Rubin who explained the flaw to be a major setback for Magento store owners. Shoplift gives the right of admin access to the attacker, allowing him (or her) to take over your web store without actually having the admin rights. Just imagine the amount of data this hacker will have access to.

But before you start panicking, check your store’s status with Magento security patch and placing your Magento store URL in it to check if your store is compromised or not.

So, you are scared by the outcome? Don’t be. Just follow these steps to apply the patch and secure your store. Before applying the patch, you would need SSH access to download and apply the patch.

Download the patch from the official Magento Community Edition page. Be careful with the version of the store and make sure you download the patch for your installed version. You may locally download the patch and then upload it to your Magento root directory using SFTP.

When you have uploaded the patch, follow these steps to install the patch:

1. Go to your server via the SSH (shell)

2. Change permission to make file executable

chmod +x

3. Finally, you need to execute the patch via the following command, where the patch file name matches is the version you have downloaded: ‘sh’



When you have installed the patch, you need to clear your Magento cache and then recompile it using the Magento compiler. To know more about the cache clearing, you can read the Magento Commerce Knowledgebase. You must clear your OPCode/APC cache as well.

When done, check if your shop is still vulnerable or not by checking out for the signs at the Magento’s Security Patch Page.

Before you make the production site go live, it is recommended that you check the patch in your dev environment.

The patch is necessary for existing installations on Cloudways Magento Cloud Platform. However, newer installations have this patch already included in the instances.

Share your opinion in the comment section. COMMENT NOW

Maaz Shah

Maaz Shah works as System Engineer for Cloudways. His days are spent in tackling technical troubles.

Start Growing with Cloudways Today.

Our Clients Love us because we never compromise on these

Get Our Newsletter
Be the first to get the latest updates and tutorials.