Magento “Shoplift” Bug: How to Protect Your Online Store?

by Maaz Shah  May 8, 2015

Magento took the ecommerce community by storm ever since it was launched. It is now one of the most preferred platforms for ecommerce hosting. The more famous it became, the more hackers are interested to crack its code. Just a few days back Magento announced a major security patch for a vulnerability code named “Shoplift”.

Magento Shoplift

This vulnerability was first detected by Netanel Rubin who explained the flaw to be a major setback for Magento store owners. Shoplift gives the right of admin access to the attacker, allowing him (or her) to take over your web store without actually having the admin rights. Just imagine the amount of data this hacker will have access to.

But before you start panicking, check your store’s status with Magento security patch and placing your Magento store URL in it to check if your store is compromised or not.

So, you are scared by the outcome? Don’t be. Just follow these steps to apply the patch and secure your store. Before applying the patch, you would need SSH access to download and apply the patch.

Download the patch from the official Magento Community Edition page. Be careful with the version of the store and make sure you download the patch for your installed version. You may locally download the patch and then upload it to your Magento root directory using SFTP.

When you have uploaded the patch, follow these steps to install the patch:

1. Go to your server via the SSH (shell)

2. Change permission to make file executable

chmod +x

3. Finally, you need to execute the patch via the following command, where the patch file name matches is the version you have downloaded: ‘sh’



When you have installed the patch, you need to clear your Magento cache and then recompile it using the Magento compiler. To know more about the cache clearing, you can read the Magento Commerce Knowledgebase. You must clear your OPCode/APC cache as well.

When done, check if your shop is still vulnerable or not by checking out for the signs at the Magento’s Security Patch Page.

Before you make the production site go live, it is recommended that you check the patch in your dev environment.

The patch is necessary for existing installations on Cloudways Magento Cloud Platform. However, newer installations have this patch already included in the instances.

Start Creating Web Apps on Managed Cloud Servers Now!

Easy Web App Deployment for Agencies, Developers and E-Commerce Industry

About Maaz Shah

Maaz Shah works as System Engineer for Cloudways. His days are spent in tackling technical troubles.

Stay Connected:

You Might Also Like...