I'm sorry if this is in the wrong sub forum.
I was wondering if I'm content with CE 1.7, would successfully installing all security patches make my website secure even if I don't upgrade to the latest 1.9 ?
or would my website be still vulnerable unless I upgrade to latest 1.9 ?
Solved! Go to Solution.
If you have applied all the security patches and corrected the custom modules according the patches then your Magento installation is safe.
Also follow the Magento best practices and keep visiting https://magento.com/security for the updates.
Thanks you so much for your reply
From your answer I'm assuming the security patches only fixes issues that are located in:
[Magento installation directory]/app/code/core
And I have to manually check and update all the custom modules located in:
[Magento installation directory]/app/code/local [Magento installation directory]/app/code/community
So basically get in touch with providers of the modules and ask them for the latest update compatible with 1.7, if I can't get my hands on latest update. the safest approach is to delete the modules.
btw if the website is located on a shared server which I can't restart as per the patch installation guide (last step), does this render the whole patching process useless?
I do not recommend to update all your custom modules with the latest ones provided by the provider as there may be customization in the existing one (Done by developers).
If you are not familiar with the process to patch the custom modules, you should take help from some experienced developer.
I never restart the server after applying the patch. I think you are following Installing Patches with SSH link to install patch.
If you are not using APC and/or Zend OpCache then I don't think you need to restart the server.