When you are developing a WordPress site I recommend doing it on your own machine, using WAMP/MAMP/LAMP. It is just simpler and faster to do it that way. However if you want the client to be able to preview the site (and you don’t want them to come to where your computer is) it needs to be on the internet. Consider thought that if the development version of the site is out on the internet there is a slight chance that someone might stumble upon it, even if you have a unique address/URL for it, that is not linked from anywhere. For these situations I recommend protecting the whole development site with a password. You could do this by playing with the .htaccess file, or just use a plugin. I found the second solution simpler. And my favorite such plugin is
- Plugin’s homepage
- Plugin’s page at WordPress.org
- Plugin’s description: “Want to make your blog private from prying eyes? Well my password protection plugin is perfect for that job; with its intelligent UI and endless features it will make the chore of keeping your data secure and private easy.”
It’s not perfect because it has conflicts with an other plugins (WP Super Cache) and host (WPEngine), but works every other times. It is indispensable for my work as a WordPress developer. Also, any password protection can be broken by dedicated hacker. But at least this protection would deny average webuser access to the site that is not ready for the public.