New SUPEE-6788 patch can be downloaded as usual from Downloads page:

or installed as a regular Magento upgrade via Downloader (it is included in Magento version).

You can install it in the same way as previous patches or by upgrading to Magento

To apply the patch you need SSH access (shell access actually, SSH is just most used way to get shell access) to the server.

If you wish to save time and have us to install these patches for you, simply click here to order installation.

Step 0: Preparations

Update all third-party extensions, disable and uninstall any unused extensions.

Step 1: Verify your Magento version

$ grep -A6 'static function getVersionInfo' app/Mage.php
    public static function getVersionInfo()
        return array(
            'major'     => '1',
            'minor'     => '9',
            'revision'  => '1',
            'patch'     => '1',

As you can see in the example, it is Magento

Step 2: Download corresponding patches

Patches are obtained from

Make sure to get the right version.

Step 3: Place patches into Magento Root directory

Upload your files into Magento root directory. It is important to place patch files directly into Magento root directory and execute it also directly in Magento root directory.

$ ls -1 .


Step 4: Run the patches

$ bash ./
Checking if patch can be applied/reverted successfully...
Patch was applied/reverted successfully.

Step 5: Verification and flush of PHP opcode cache

Verify patch status at our patch tester page.
Test that your store is working. If you use PHP opcode caches (APC/XCache/eAccelerator) make sure to flush it after patching (or restart webserver), otherwise code will continue to run from caches.


You can disable it as shown below:

Disabling Secure Admin Routing compatibility mode for extensions

Additionally, if your store still use default /admin/ path, you may consider securing your Magento /admin/ by admin path change and restrict access to /downloader/.

Known issues

  • CMS pages and transactional emails broken after SUPEE-6788 patch to Magento
  • Reset Password page is blank after SUPEE-6788
  • Magento registration form does not work after SUPEE-6788


If you need to rollback the patch due to some reason, you can use –revert option, Just execute it again in the same Magento root directory by appending –revert option:

$ bash ./ --revert
Checking if patch can be applied/reverted successfully...
Patch was applied/reverted successfully.