Updates are necessary. Security, bug fixes, compatibility. But every update carries a risk: something might break. A simple routine reduces the risk from "potential disaster" to "manageable excitement".
Staging environment
Always test updates on a copy of the site. Many hosting providers (Kinsta, Cloudways, WP Engine) offer one-click staging. If you don't have that, WP Staging (plugin) or a manual copy on a subdomain works.
We run staging on all client projects. It takes five minutes to test in staging, thirty seconds to push to live if everything works. Compared to debugging a crashed production site on a Friday evening, that's a solid investment.
Update order
Plugins first. Then the theme. Last, WordPress core. The reason: if something breaks after you updated three plugins and the theme, you know it was one of those four. Update everything at once and you have no idea what caused the problem.
Backup first
Always. No exceptions. UpdraftPlus, Duplicator, or manual database dump plus file copy. Takes one minute and can save hours. We have a client who skipped the backup step and lost a week's work. Once was enough.
Automatic updates
Minor releases (6.4.1 to 6.4.2) are automatic by default. That's good; they contain security fixes. Major releases and plugin updates can be enabled in wp-config.php, but only do it if you have automatic backups and monitoring in place.
We update manually once a week. Takes fifteen minutes per site. Worth every second.