This is the Prime Directive to keep your site less likely to get hacked and compromised. I know it can be a pain, but it’s a must for anyone running a WordPress site. I’ve seen too many bad things happen because the site was not updated.
What needs to be updated?
- WordPress Core
Most – but not all – updates deal with fixing bugs or providing security patches. When you see a WordPress version number like 4.2.4, that third digit represents one of those kinds of updates. If you see a two digit version like 4.3, that means the update also includes new features. The same general rule applies for plugins and themes (3 or 2 digits).
Keeping your WP software up to date is your responsibility even though some hosting services, like Bluehost, will automatically update WP if it involves a bug fix or security patch.
If you’re active with your site, you’ll login enough times to notice what needs to be updated. But if you’re an occasional logger-in-er, then use WP Updates Notifier. It will send you an email when updates are available. Just don’t ignore them!
Whenever you update anything, make sure your site has been backed up.