For WordPress websites, updates to the basic software and the associated plug-ins should be carried out at least once a month for an average website.
Other CMS such as Contao or Statamic are less well known and therefore less often exposed to attacks. They may have slightly longer update intervals. With Contao, however, you have to be careful that the gap between the server software (PHP version) and the CMS does not become too large. Statamic is still a relatively young system that is growing rapidly. Updates usually provide interesting new features that can add value to the website.
Of course, you should not wait for the latest security news, but update the website quickly. With our maintenance package, you can save yourself the trouble of scouring the news for security vulnerabilities every day: we are automatically notified if the basic software or plug-ins have serious security vulnerabilities that require immediate action.
Backups should be performed daily. For special points in the life cycle of a website (e.g. before a major expansion), you should create an archive backup.