One of my clients got hacked last week. They had been running a copy of WordPress 2.5 (WP) that was installed in May of 2008 and never updated. Although WordPress 2.5.1 was released 25 April 2008 and included an important security fix, the Client software was never upgraded.
So how do you keep your WP install up to date?
Pay someone to keep it all up to date.
And lastly, if you don’t want to have to be bothered with all this, then don’t run your own blogging software. Run a hosted solution.