Ask the experts and they’ll tell you that keeping your WordPress site updated is the best security measure you can take to protect your blog from being attacked. By far, the most common reason why a WP site is hacked is because of outdated code. Keeping your WordPress blog up to date includes making sure you not only have the latest version of WordPress installed, but also the most current versions of your plugins and themes.
The good news is, the updating process is very simple and WordPress will notify you via the dashboard when there is a new version of WP, a plugin, or theme available for updating. When you login to WordPress, a message will appear at the top of the screen with an option to update when a new version of WP is available. There is also an Update link on the left side dashboard menu. Clicking this link takes you to the Update screen which lists the available updates for WordPress, plugins, and themes.
When a new plugin version is available, you’ll see a number (representing the number of plugin updates available) next to the plugins menu item on the left side. You can update your plugins from the general WordPress Update screen or from the plugin section itself. Click to view all of the plugins you currently have installed and you’ll see an option to update those plugins that have a new version out.
WordPress themes can also be updated by clicking the Update link on the left side dashboard menu or by clicking the update arrows on the top bar of the dashboard.
Click on the arrows and you’ll see any available theme updates.
Remember; always backup your WordPress site before performing any updates! While major releases of WordPress contain new features and minor releases (those labeled as 3.5.x, etc.) contain bug fixes and security patches only, you always want to be on the safe side and be able to restore your blog to its previous state if something funky occurs.