Because we use a lot of custom code and use as few plugins as possible (keeping the site code light and more easily maintained), it is rare that there are issues with updating on websites that we build and you can set the plugins updating to “enable auto-updating”. If you are hosted with a hosting company like Dreamhost, you’ll find they will automatically update the WordPress level for you in a safe way and this saves you checking. Other companies may not do this and you should keep an eye on your WordPress dashboard to check if there are updates available.
It is a good practice to make backups of your website as you update the WordPress version and/or plugins (and as you add fresh content). You can use a plugin like Updraft which will give you the option to save the last 1 or more (your choice how many) backups to an external server (like Dropbox or Google Drive) or we can make backups for you.
You will probably also find that hosting companies have at least one backup from the last 30 days that can help you restore things if you run into trouble (and notice it in time).
Your hosting company will also upgrade the versions of PHP they support from time to time. This is the code-base on which WordPress runs. It is a good practice for both security and efficiency to switch your site to run on the highest available version of PHP when they do. Again, you should make a full backup of your website files and database before making this switch (even though you can usually switch back if problems occur). Dreamhost will automatically upgrade your PHP version for you if you are hosted with them (and switch your site back to an earlier version if the site stops working—in which case, it’ll just be a matter of some deprecated code in the site theme or an out of date plugin that needs a fix).
For absolute watertight security, it is best to make a full zipped backup of your site files at least once a year, export the database and change all passwords (your hosting account password, your ftp password, your WordPress password and your database password). These files should be stored offline or in cloud storage that is not the same as your website hosting. If you’re a tech-savvy person you may be able to do all this yourself. If not, we can do it for you.
