The software that your site runs on was created by thousands of people. It’s under very active daily development to add new features and keep it safe.
WordPress usually performs the critical security updates automatically, but the plugins that provide critical features to your site—like contact forms—do not. Security is an arms race, and for the relatively low amount of time it takes to monitor, perform updates and test afterwards, I always recommend you have someone perform these updates regularly.
What I do
If you host with me or hire me to support your website I run these updates once a month and double-check to make sure the updates didn’t cause changes or issues with the site. I watch for known issues and we can discuss attack prevention, site security, and monitoring.
For sites that send large volumes of email, we will talk about using 3rd party email services to ensure proper delivery.
If you host on the HAMILTON platform I also regularly maintain, backup, automate, and run security tests and checks on all of our servers. It’s all taken care of behind-the-scenes, and the WordPress updates are usually included with the hosting costs. Any emergencies or maintenance that causes impacts to your site or business are reported directly to you.
What it costs
Around 15 minutes to an hour per month depending on the scale of the site. There may be other costs involved and brought up ahead of time. It is always cheaper than the hard costs of bringing your site back up from an intrusion, and the indirect business impact of lost traffic and search ranking after that happens.