More and more, I am recommending hosts like WP Engine, Get Flywheel, and Site Ground because of their good performance, security, backups, and a one-click staging environments.
Pretty soon, all of these things add up, and the cost of setting these things up manually versus taking advantage of the service makes more sense.
Many people offer maintenance plans to help you stay up to date.
The problem with some of these plans is that they offer weekly, monthly, or quarterly updates.
Hackers can immediately write bots to automatically crawl the web and exploit these vulnerabilities.
Outdated themes, plugins, and Word Press version are the number one way hackers gain access to your site (besides brute force hacks of your login).
Create both a FULL SITE (aka Complete) BACKUP as well as a DATABASE ONLY backup. There are many ways you can create a staging environment for your site to test updates without effecting the live site: Ideally, you should keep a perpetual locally hosted copy of the websites you maintain.
Download both of these backups to your local computer. You can run all updates on the local site first then push the updates to the live server (using Git) or repeat the process on the live server. The only variation between your locally hosted Word Press and the server are PHP and My SQL versions.
Following are best practices for keeping your site up to date.So waiting even a few days for to perform a critical security update can put your site at risk.When a security vulnerability is discovered, the details of the exploitable code are published on the Internet.View Slideshare Presentation on How to Update Word Press Safely If you don’t want to worry about logging into your site constantly to perform updates, you can use one of these tools to automate tasks on your site or multiple sites: https://askwpgirl.com/wordpress-management-plugins/.With each of these tools, you can select which plugins and themes are “safe” to auto update and which plugins or themes you should pay attention to and manually update.