Keeping WordPress updated is the single most important security practice. Outdated plugins and themes are the #1 cause of WordPress site hacks.
Always Backup Before Updating
Before any updates, create a backup using Softaculous or a plugin like UpdraftPlus. If an update breaks something, you can restore in minutes.
Updating WordPress Core
When an update is available, a notice appears in your WordPress admin. Go to Dashboard > Updates. Click Update Now. Minor updates (e.g., 6.4.1 β 6.4.2) are generally safe; major updates (6.4 β 6.5) warrant testing on a staging site first.
Updating Plugins and Themes
From Dashboard > Updates, you'll see available plugin and theme updates. Select all and click Update Plugins/Themes. For critical sites, update one at a time and check the site after each update.
Enabling Automatic Updates
In Plugins or Themes, you can enable auto-updates per item. For security-focused plugins (Wordfence, Akismet), auto-updates are recommended. For plugins that affect layout or functionality, manual review before updating is safer.