My boss and I have the same discussion every time a new version of WordPress is released. Especially the security updates. Is it better to have a software developer who brings out updates often or one who is just more thorough in their testing and delivery? Does it build trust or does it shake user confidence? It seems like lately since the switch to 3.0 there have been a stream of security updates for WordPress. It looks to me that they have been haunted by different areas of the same issue. From what I gather, WordPress does it’s upgrades and labels them like this.
Where X.X are the current feature versions and Y is the current bug fix of that version. So as long as you are upgrading from 3.0.3 to 3.0.4 or even 3.0.5 then you should not expect to see any changes that would effect how your site works or how plugins that modify how WordPress functions would work. So in general, you should go ahead and upgrade. But if you are running 3.0.5 and 3.1.0 or 3.1.1 is available, I don’t recommend clicking the button right away unless you are just blogging for fun and don’t mind if your site is effected or even down for a few weeks. Another thing to note with WordPress is that the change from 3.0 to 3.1 may be just as large a change as 3.9 to 4.0 will be. They just keep counting forward with the version number to identify major feature upgrades of the system.
On business sites or sites with big audiences, I always recommend waiting a few weeks (3-4) before clicking the upgrade button on feature version changes such as 3.0.5 to 3.1. WordPress has a large pool of beta testers. I run this site in beta for example as well as three other sites I run in alpha (nightly builds) where I test the latest software on the latest builds of WordPress. Usually by the time a major feature change has come out on WordPress to the main audience, it has been pretty well tested. But maybe not well tested on your configuration. With the number of plugins and themes available and every possilbe combination of software and settings, there is no way to know for sure.
You just have to understand the risks involved and how much it is worth to you to keep a solid up-time for the site. I have a lot of clients who will just have me push the update buttons for them. For the most part this is straight forward and inexpensive for the client if there are not problems. The advantage though being that if there is a problem they have me working on it at that moment and not later the next day when they were able to get some time with me. For even more important sites there is a sure way to know for sure that the upgrade will be flawless. Backup the site and run it on a test site on the same server. Run the upgrades on the test site and then test the functionality. This can be time consuming to do but then you will know for sure that there will be no conflicts between the new version and the plugins and configurations of the theme you are running.
Of course, for the more minor security upgrades, there are still risks involved, and it’s always good to read the WordPress blog to see if the security issues even effect you. For most people, they don’t effect your site and you don’t “have to” upgrade. But I generally always do and usually without much concern, but that comes from the experience of running the upgrade on several test sites before my own and then, because I blog regularly or am tweaking my theme and plugins, I get to test the new upgrades before upgrading more important sites. The important thing to remember is that, for most users, the upgrades are not urgent. Take your time and upgrade when you are comfortable. But don’t take so long that the upgrade will be a large jump. If you are still running 2.6, then you should start to worry about database conflicts that may occur when you upgrade to 3.1 because that jump, although probably scripted in the system, is not well tested and if bugs are present,you will be the one who finds them.