Upgrade Magento CE 1.9.1.x to

created July 10, 2015, last updated July 10, 2015.

closeThis post was last updated 7 years 5 months 13 days ago, some of the information contained here may no longer be actual and any referenced software versions may have been updated!

Magento released a critical security patch bundle for Magento CE on July 7th 2015. At the same time Magento CE was released which includes the security patch bundle. The patch bundle (SUPEE-6285) is a 1260 line patch file containing numerous updates. If you are already running Magento 1.9.1.x then it makes sense to upgrade to which includes the security patches.

How to upgrade from Magento CE 1.9.1.x to

I have used Magento connect to upgrade Magento before, but I no longer find it reliable enough, it is likely to throw up errors leaving you uncertain as the the status of the code. Here is my preferred method for a step upgrade like this.

You will need full command line access to your server.

TEST, test, test

Carry out the first upgrade on your development server. I use a VMWare virtual server so that I can take a snapshot of the running 1.9.1.x system before the upgrade. Then I can always revert to the previous version if I need to, or if I need to run the upgrade again.

Note that this upgrade method will only work when you are certain that all Magento core code, template and locale files/templates have not been modified.

BACKUP, backup, backup

Take a backup of your Magento database.

Take a backup of your 1.9.1.x installation folder.


  • Obtain the Magento CE source from the Magento download site
    • at the time of writing it was called magento-
  • Unzip the source files into a working folder. This will create a magento folder containing the source.
  • Take your shop offline
    • stop your cron tasks
    • put the shop into maintenance mode
      • touch /home/pathtomagentoroot/maintenance.flag
  • Copy the source over your 1.9.1.x installation
    • I like to use rsync to do this :
      • rsync -avI –exclude=app/etc/local.xml –exclude=app/etc/config.xml –exclude=index.php –exclude=.htaccess ./magento/ /home/www/magento/
    • Where /home/www/magento is the path to the 1.9.1.x installation.
  • Reset Magento permissions
  • Update modman modules
    • Note that will overwrite Cm_RedisSession if you are using this for Magento Redis session caching force a modman update to get the latest module code.
      • modman update-all –force
  • Put shop online
    • rm /home/pathtomagentoroot/maintenance.flag
    • restart cron
  • Test
    • login to admin
      • refresh caches
    • test frontend
      • test login
      • test orders
      • test new customer registration
  • Patch affected template files
    • If your Magento frontend theme has extended/modified any of the following template files you need to manually patch them to fix the vulnerabilities identified in the SUPEE-6285 update
      • app/design/frontend/base/default/template/checkout/cart.phtml
      • app/design/frontend/base/default/template/checkout/cart/noItems.phtml
      • app/design/frontend/base/default/template/checkout/onepage/failure.phtml
      • app/design/frontend/base/default/template/rss/order/details.phtml
      • app/design/frontend/base/default/template/wishlist/email/rss.phtml
      • app/design/frontend/rwd/default/template/checkout/cart.phtml
  • Test again


You should have a working dev store with the latest security patches, you can now plan the deployment of this update via your staging to live server.



This site uses Akismet to reduce spam. Learn how your comment data is processed.