Fixed your typo.
1. Have a test copy of your production environment. What does that mean?
Same version of OS, same version of PHP, same version of web server, same version of MySQL, same extensions, same configurations, different hostname, behind a firewall or otherwise secured. Not "kind of the same," or "almost the same," or "completely different."
Same plugins, extensions, themes, languages, configuration for IPS
Ensure things that interact with the outside world (payments processors, e-mail configurations, APIs, etc.) are pointed to corresponding test environments as well. You don't want real payments being processed or real e-mails being sent out from your test environment that affect your members.
2. Make changes in your test environment and document your changes carefully, noting the exact steps you took.
3. Test!
4. Have an issue in test? Investigate and open a ticket.
5. No issues, follow the same steps you documented in step 2 in your production environment.
If you're doing it any other way, you're gonna have a bad time.