It is common WordPress security advice to “Ensure your plugins are up to date!”

You can install a plugin that will update plugins immediately, or you can put an instruction in wp-config.php to do the same thing.

We do neither.

For an example why, take a look at the changelog page of the plugin Schema.

You’ll see version 1.6.9.8 with 13 changes, hastily followed by version 1.6.9.8.1 with the legend

  • Reverted back all changes made in version 1.6.9.8, since it breaks!

Quite.

We have found you are much more likely to have a site go down due to plugin conflicts than hacking.  As part of the Maintenance Package at Finflix we combine careful manual upgrades of plugins with offsite backups.