Updating your WordPress plugins is most easily achieved from the Plugins tab in the WordPress dashboard. From there you can see which plugins have updates available, after which it’s a matter of hitting Update now to install the new versions.
- Minimise the number of plugins you have. Always remove plugins if you aren’t using them anymore. Keep your attack surface area as small as you can.
- Keep your plugins up to date. Blogging software such as WordPress can keep itself updated, but you need to keep track of the plugins yourself.
- Get rid of plugins that aren’t getting any more love and attention from their developers. Don’t stick with ‘abandonware’ plugins, because they’ll never get security fixes.
- Learn what to look for in your logs. Know where to go to look for a record of what your web server, your blogging software and your plugins have been up to. Attacks often stand out clearly and early if you know what to look for, and if you do so regularly.