In case you missed it, here is an article about keeping your WordPress installation safe. It begins with the old proverb “A stitch in time saves nine.” The advice to stay on top of updates is applicable to any software, but I would argue that in some titles, the update process feels less like a stitch than a major surgery whose stitches could scar for life (still better than the alternative – death!). But updating in WordPress really IS fast and painless.* My last several updates have been a matter of click-and-I’m-done. So why not do it?
If you’ve got a VERY old installation, particularly if it’s been heavily modified, it might be easier to start with a fresh copy, import your content, install whatever plugins you might need to get your old bells and whistles back, and then add the design back in around it. And then don’t fall behind.
WordPress makes it easy to know when you should update, because a link advising you to do so appears at the top of your admin section. So as soon as you see that, back up the site just to be safe (or make sure your host is keeping frequent backups for you), then click the upgrade link, and you should be good to go.
* I stand corrected; WordPress’s url rewrites can conflict with other friendly url rewrites. Which is no big deal, unless you’re using friendly rewrites for all sorts of other content. Not sure how to unhook that to make the upgrade to 2.8.x less painful for those folks.