Updates are the simplest way to reduce the risks to your wordpress site.
Set your WordPress version (core) to automatically update right from installation – it’s a no brainer. Of course, you may want to examine all the updates and make your own evaluation… assuming you have the time and expertise.
Not only that but regularly check your plugins and update them too, at least once a week if not daily. Having the latest versions means you are less vulnerable to the latest security issues. There is still no guarantee even if you update seconds after an update is available. However regular updating lowers your risk considerably.
…and guess what? – there’s a plugin for that.. I’ve only just loaded up this one, so am not sure how effective it is, but it does have a good reputation. Using this plugin, you can update everything including:
- Core WordPress version
I am personally just using it for plugins – and rather neatly, it lists them all, so if needed, I could just select specific plugins. I personally don’t update themes because I have often made some tweaks in the code that would be undone if updated. If your theme is unadulterated, then you could select auto-update for themes too. My core files update automatically anyway, so I don’t need this feature.
By default, everything is enabled, so if you don’t want your themes updating, make sure you disable this feature straight away. Other plugins are available to do the same job, so let me know if you find a better one. Of course, if you don’t have some sort of automated option in place, you are going to need to check for updates on a very regular basis. I would say daily to be safe, especially if you are using more than about half a dozen plugins.