Updating shrewdly
What's worse: not upgrading and getting hacked or upgrading too early and hacking yourself? The answer is the former but, then again, it's better not to get hacked at all.
Updating WordPress isn't always a straightforward process, as many early jumpers from 2.9 to 3.0 would attest. We've been here before as well, white screens galore. Ideally Automattic would have parallel upgrade programs, one for vulnerability patching and another for candy. But they don't. Here's a typical scenario.
Jonny upgrades because he read he should. But, oh dear, there's some incompatibility with some plugin and something breaks. Great! Having whittled down to the something can't Jonny just disable the plugin? Well, no, not if it's the one paying the rent. He's thinking this through, thirteen to the dozen. How does he rollback again? Meanwhile, the traffic's dropped off the map. No pressure! You get the picture.
Think, research, update
While upgrading as soon as you can is in general good advice...
