The free Wordfence Plugin https://wordpress.org/plugins/wordfence/ [wordpress.org] alerts me when an item needs updating. It can be set to email alerts about security issues present and has a caching feature as well.

This email was sent from your website "Example Widgets" by the Wordfence plugin.

Wordfence found the following new issues on "Example Widgets home page".

Alert generated at Wednesday 29th of April 2015 at 12:52:29 AM

Warnings: * Modified plugin file: wp-content/plugins/akismet/readme.txt

I had used Limit Logon Attempts in the past; this one outshines it by orders of magnatudes.

After the last Zero Day security scare I set the Wordpress Core and Plugins to automatically update. https://www.siteground.com/tutorials/wordpress/auto-update.htm [siteground.com]

So that just leaves themes to worry about due to their elevated access to the WP core functions. I'm debating allowing themes to auto update as well because I have weekly backups running for the DB, plugins, uploads and themes. I make VERY few post launch changes so one week covers me for all but the most recent posts.

I find that I have to modify plugins slightly to make them suit my needs and for that reason I am forced to disable plugin updates with an entry in my config file. Example: my favorite open graph plugin works really well BUT on multi-page posts it does not provide the correct url, it defaults to the first post in the series. Same with archives, it never appends the page number to the url. My fix required modifying their code and it would be lost in an automatic update... can't have that.

If the plugin works and you don't need to update the WordPress version because that also works, then ignore updates as there is no need to change what is already working.

If you customise anything then forget updates as they will only break what you have created.

"If the plugin works and you don't need to update the WordPress version because that also works, then ignore updates as there is no need to change what is already working"

This is not a good plan. Many updates are security fixes, even if not always flagged as such. and ignoring them will make your site vulnerable.

Dammed if you do and dammed if you don't?

@JS_Harris: An alternative is submit those enhancements to the plugin author(s) for inclusion in their code.

It then becomes a Win-Win scenario, yes?

You should never ignore plugin updates, for security reasons if nothing else. Jetpack just had a major security hole plugged with an update, if you maintain wordpress sites for clients, it is your fiduciary duty to update them.

Plugin updates can be the source of the security weakness as can core updates.