WordPress 5.5 will include a new AutoUpdate feature. Previously, you could choose an auto-update feature to update WordPress core via various lines of code added to wp-config.php. You could even direct WordPress to update themes and plugins within wp-config.php.
As of 5.5, the default behaviors of updating core will also extend to plugins and themes. This will be a great improvement over letting your themes and plugins lapse in their code updates since outdated code is a major way that hackers gain control over and deface WordPress sites.
It might be a bit irksome, however, to WordPress professionals who charge a premium for WordPress updates. But, don’t fire your WordPress management company just yet.
The problem with turning on automatic updates and just walking away is that you can’t always be sure that an automated update won’t break your site. It’s important, when upgrading a plugin or a theme, to first take a backup of your site, and then do the update first in a development or staging environment, hosted away and separately from your live site. That way you can see the effects of the changes to plugin or theme code (and core code as well) before you commit the same changes to the live site.
This is where WordPress maintenance professionals can still shine, by offering their services to individually “regression test” your site with each core, plugin, and theme update. Some of those tests can be automated through “continuous integration” via CircleCI and visual regression testing. These techniques and tools can still be out of reach of the technical abilities of most website owners.
Automatic updates can reduce risk to your website. But without such rigorous regression testing, automatic updates can also introduce new risks. Be sure you have a plan for regression testing your site when applying any type of update, whether automated or manual.