You should always update WordPress to the latest version. When a new version of WordPress is available you will receive an update message in your WordPress Admin Screens. To update WordPress, click the link in this message.
There are two methods for updating - the easiest is the one-click update, which will work for most people. If it doesn't work, or you just prefer to be more hands-on, you can follow the manual update process.
If you are updating across multiple versions, follow the procedure at Upgrading WordPress - Extended Instructions
Before you get started, it's a good idea to back up your website. This means if there are any issues you can easily restore your website. Complete instructions to make a backup can be found in the WordPress Backups section of the Codex.
For WordPress 3.7+, you don’t have to lift a finger to apply minor and security updates. Most sites are now able to automatically apply these updates in the background. If your site is capable of one-click updates without entering FTP credentials, then your site should be able to update from 3.7 to 3.7.1, 3.7.2, etc. (You’ll still need to click “Update Now” for major feature releases.)
See Also: Configuring Automatic Background Updates
Modern versions of WordPress let you update with the click of a button. (This feature was added in 2.7, so if you are using an older version, you will need to follow the steps to update manually.) You can launch the update by clicking the link in the new version banner (if it's there) or by going to the Dashboard > Updates screen. Once you are on the "Update WordPress" page, click the button "Update Now" to start the process off. You shouldn't need to do anything else and, once it's finished, you will be up-to-date.
One-click updates work on most servers. If you have any problems, it is probably related to permissions issues on the filesystem.
WordPress determines what method it will use to connect to the filesystem of your server based on the file ownership of your WordPress files. If the files are owned by the owner of the current process (i.e., the user under which the web server is running), and new files created by WordPress will also be owned by that user, WordPress will directly modify the files all by itself, without asking you for credentials.
WordPress won't attempt to create the new files directly if they won't have the correct ownership. Instead, you will be shown a dialog box asking for connection credentials. It is typical for the files to be owned by the FTP account that originally uploaded them. To perform the update, you just need to fill in the connection credentials for that FTP account.
Whether your files are owned by the web server user, or not, will depend on how you installed WordPress and how your server is configured. On some shared hosting platforms, it is a security risk for the files to be owned by the web server user and not a FTP user. See the tutorial on Changing File Permissions for more information, including how to configure file permissions so that multiple FTP users are able to edit the files.
If you see a "failed update" nag message, delete the file .maintenance from your WordPress directory using FTP. This will remove the "failed update" nag message.
If the one-click upgrade doesn't work for you, don't panic! Just try a manual update.
These are the short instructions, if you want more check out the extended upgrade instructions. If you experience problems with the Three Step Update, you may want to review the more detailed upgrade instructions
For these instructions, it is assumed that your blog's URL is
wp-admindirectories on your web host (through your FTP or shell access).
wp-admindirectories to your web host, in place of the previously deleted directories.
wp-contentfolder to your existing
wp-contentfolder, overwriting existing files. Do NOT delete your existing
wp-contentfolder. Do NOT delete any files or folders in your existing
wp-contentdirectory (except for the one being overwritten by new files).
NOTE - you should replace all the old WordPress files with the new ones in the
wp-admin directories and sub-directories, and in the root directory (such as index.php, wp-login.php and so on). Don't worry - your wp-config.php will be safe.
Be careful when you come to copying the wp-content directory. You should make sure that you only copy the files from inside this directory, rather than replacing your entire wp-content directory. This is where your themes and plugins live, so you will want to keep them. If you have customized the default or classic themes without renaming them, make sure not to overwrite those files, otherwise you will lose your changes. (Though you might want to compare them for new features or fixes..)
Lastly you should take a look at the wp-config-sample.php file, to see if any new settings have been introduced that you might want to add to your own wp-config.php.
If you're upgrading manually after a failed auto-upgrade, delete the file .maintenance from your WordPress directory using FTP. This will remove the "failed update" nag message.
Visit your main WordPress admin page at /wp-admin. You may be asked to login again. If a database upgrade is necessary at this point, WordPress will detect it and give you a link to a URL like
http://example.com/wordpress/wp-admin/upgrade.php. Follow that link and follow the instructions. This will update your database to be compatible with the latest code. You should do this as soon as possible after step 1.
If you have caching enabled, clear the cache at this point so the changes will go live immediately. Otherwise, visitors to your site (including you) will continue to see the old version (until the cache updates).
Your WordPress installation is successfully updated. That's as simple as we can make it without Updating WordPress Using Subversion.
Consider rewarding yourself with a blog post about the update, reading that book or article you've been putting off, or simply sitting back for a few moments and letting the world pass you by.
Your update is now complete, so you can go in and enable your Plugins again. If you have issues with logging in, try clearing cookies in your browser.
If anything has gone wrong, then the first thing to do is go through all the steps in our extended upgrade instructions. That page also has information about some of the most common problems we see.
If you run into a request for FTP credentials with trying to update WP on a IIS server automatically, it may well be a matter of rights. Go into the IIS Management Console, and there to the application pool of your blog. In its advanced settings, change the Process Model Id into LocalSystem. Then on Sites, choose your blog, right click, click on Edit permissions and on security tab add authenticated users. That should do it.
If you have some knowledge of unix shells you should check out wp-cli.