Having a demo site for your WordPress plugin or theme is a great way to showcase your product to your potential customers. That way they can test drive it and see for themselves how it works and its features firsthand.
You might be thinking that you can just host it on your existing hosting where you have all your sites. That might sound like a good idea but it’s a matter of fact it’s a terrible idea.
The reason for this is you’re most likely super busy working on the business and might forget to update a plugin or two on the demo site. This may expose it to hacker attacks.
If the attack succeeds the attacker will try to see if they can access any other sites under that account.
Usually, the sites are hosted within the same account. This means that each site can access other site’s files. This is both good & bad at the same time.
This is very convenient because you can have one (S)FTP account and access all sites without having to remember many passwords.
The bad is that again you can access.
Because of all of that an attacker to get access to your other sites and their databases. From there they could infect the sites and steal your customer data.
Solution
To solve this problem you need to set up each site under a separate cpanel/plesk user, use a completely separate account on the same WordPress hosting provider, a new hosting provider or use a service such as WPDemo to host your Plugin and Theme demo Sites.
That way even if one of the sites gets hacked the incident will be contained.