The vast majority of hacked WordPress sites were compromised due to outdated plugins, themes, or WP core. I need to keep my site updated. But should I update manually, or automatically? If I choose automatic, updates will be more timely but there is always a small chance that an update will break something. If I update manually, I can make a full site backup first, and restore if anything breaks – but I am at more risk of a hack occurring in between my manual updates.