You should always update WordPress to the latest version. When a new version of WordPress is available you will receive an update message in your WordPress Admin Screens. To update WordPress, click the link in this message.
There are two methods for updating - the easiest is the one-click update, which will work for most people. If it doesn't work, or you just prefer to be more hands-on, you can follow the manual update process.
If you are updating across multiple versions, follow the procedure at Upgrading WordPress - Extended Instructions
Before you get started, it's a good idea to back up your website. This means if there are any issues you can easily restore your website. Complete instructions to make a backup can be found in the WordPress Backups section of the Codex.
For WordPress 3.7+, you don’t have to lift a finger to apply minor and security updates. Most sites are now able to automatically apply these updates in the background. If your site is capable of one-click updates without entering FTP credentials, then your site should be able to update from 3.7 to 3.7.1, 3.7.2, etc. (You’ll still need to click “Update Now” for major feature releases.)
See Also: Configuring Automatic Background Updates
Current versions of WordPress (2.7+) feature one-click updates. You can launch the update by clicking the link in the new version banner (if it's there) or by going to the Dashboard > Updates screen. Once you are on the "Update WordPress" page, click the button "Update Now" to start the process off. You shouldn't need to do anything else and, once it's finished, you will be up-to-date.
One-click updates work on most servers. Here's the technical criteria for what must be satisfied:
(a) file ownership: all of your WordPress files must be owned by the user under which your web server executes. In other words, the owner of your WordPress files must match the user under which your web server executes. The web server user (named "apache", "web", "www", "nobody", or some such) is not necessarily the owner of your WordPress files. Typically, WordPress files are owned by the ftp user which uploaded the original files. If there is no match between the owner of your WordPress files and the user under which your web server executes, you will receive a dialog box asking for "connection information", and you will find that no matter what you enter in that dialog box, you won't be able to update using the "Update Now" button.
(b) file permissions: all of your WordPress files must be either owner writable by, or group writable by, the user under which your Apache server executes.
On shared hosts, WordPress files should specifically NOT be owned by the web server. If more than one user owns different files in the install (because of edits made by deleting and re-uploading of files via different accounts, for example), the file permissions need to be group writable (for example, 775 and 664 rather then the default 755 and 644). File permissions (in general) should be adjusted as appropriate for the server environment (the shared host RackSpace CloudSites for example recommends 700 and 600 for a single ftp user, or 770 and 660 for multiple ftp users). See the file permission section for more (some files and folders require stricter permissions).
If you see a "failed update" nag message, delete the file .maintenance from your WordPress directory using FTP. This will remove the "failed update" nag message.
If the one-click upgrade doesn't work for you, don't panic! Just try a manual update.
These are the short instructions, if you want more check out the extended upgrade instructions. If you experience problems with the Three Step Update, you may want to review the more detailed upgrade instructions
For these instructions, it is assumed that your blog's URL is
wp-admindirectories on your web host (through your FTP or shell access).
wp-admindirectories to your web host, in place of the previously deleted directories.
wp-contentfolder to your existing
wp-contentfolder, overwriting existing files. Do NOT delete your existing
wp-contentfolder. Do NOT delete any files or folders in your existing
wp-contentdirectory (except for the one being overwritten by new files).
NOTE - you should replace all the old WordPress files with the new ones in the
wp-admin directories and sub-directories, and in the root directory (such as index.php, wp-login.php and so on). Don't worry - your wp-config.php will be safe.
Be careful when you come to copying the wp-content directory. You should make sure that you only copy the files from inside this directory, rather than replacing your entire wp-content directory. This is where your themes and plugins live, so you will want to keep them. If you have customized the default or classic themes without renaming them, make sure not to overwrite those files, otherwise you will lose your changes. (Though you might want to compare them for new features or fixes..)
Lastly you should take a look at the wp-config-sample.php file, to see if any new settings have been introduced that you might want to add to your own wp-config.php.
If you're upgrading manually after a failed auto-upgrade, delete the file .maintenance from your WordPress directory using FTP. This will remove the "failed update" nag message.
Visit your main WordPress admin page at /wp-admin. You may be asked to login again. If a database upgrade is necessary at this point, WordPress will detect it and give you a link to a URL like
http://example.com/wordpress/wp-admin/upgrade.php. Follow that link and follow the instructions. This will update your database to be compatible with the latest code. You should do this as soon as possible after step 1.
If you have caching enabled, clear the cache at this point so the changes will go live immediately. Otherwise, visitors to your site (including you) will continue to see the old version (until the cache updates).
Your WordPress installation is successfully updated. That's as simple as we can make it without Updating WordPress Using Subversion.
Consider rewarding yourself with a blog post about the update, reading that book or article you've been putting off, or simply sitting back for a few moments and letting the world pass you by.
Your update is now complete, so you can go in and enable your Plugins again. If you have issues with logging in, try clearing cookies in your browser.
If anything has gone wrong, then the first thing to do is go through all the steps in our extended upgrade instructions. That page also has information about some of the most common problems we see.
If you run into a request for FTP credentials with trying to update WP on a IIS server automatically, it may well be a matter of rights. Go into the IIS Management Console, and there to the application pool of your blog. In its advanced settings, change the Process Model Id into LocalSystem. Then on Sites, choose your blog, right click, click on Edit permissions and on security tab add authenticated users. That should do it.
If you have some knowledge of unix shells you should check out wp-cli.