WordPress updates can be pretty insecure. FTP was invented back before there was an Internet, and when when no one thought that bad people might be on the same network you’re using (why even have a password if you let everyone see it?). Ah, for those naïve and simple times!
Yet even today most of the Web-site-in-a-box products you can get to run on your GoDaddy account use FTP. I control my own server, and you can bet your boots that FTP is turned right the hell off.
It can be a hassle setting WordPress up to allow its update features to work in a very secure fashion, however. I was wrangling rsa certificates when I ran across another solution: rather than push a button on a web page to run an update, log into the server and run a command there. Simple, effective, secure, without file permission fiddling and authorized_keys files.
wp-cli does way more than updates, too. It is a tool I’ve been pining for for a long time, without even knowing it. Want to install a plugin?
wp plugin install "xyz" and you’re done. Back up the ol’ database? They have you covered. Welcome to my tool belt, wp-cli!
If you’re not afraid to type three commands to update your site, rather than trying to maintain a hole in your security in such a way that only you can use it, then this is a great option for you. Check it out at wp-cli.org.