Keeping WordPress, your theme, and plugins up to date is the single most important thing you can do for security. Outdated software is the leading cause of hacked websites.

Before updating — take a backup

Always back up your website before running updates. In cPanel, go to Files → Backup and download a full account backup.

Update WordPress core

1. Log in to your WordPress admin panel at https://yourdomain.com/wp-admin.
2. If an update is available, you will see a notice at the top of the dashboard.
3. Go to Dashboard → Updates.
4. Click Update Now under the WordPress version section.
5. Wait for the update to complete. WordPress will display a success message.

Update plugins

1. Go to Dashboard → Updates.
2. Under Plugins, check the plugins you want to update (or click Select All).
3. Click Update Plugins.

Update themes

1. Go to Dashboard → Updates.
2. Under Themes, select the themes to update and click Update Themes.

Enable automatic background updates (optional)

WordPress can apply minor security updates automatically. To enable this, add the following line to your wp-config.php file:

define('WP_AUTO_UPDATE_CORE', true);

After updating

Visit your website and check that everything still works correctly. If something breaks after an update, you can restore your backup or deactivate the updated plugin to identify the conflict.