Create a live WP demo site. Security Concerns.

Hi, I hope i’m posting this in the right location..

Question I’m trying to build a safe secure testing / demo WP barebones installation website with hopes of allowing potential clients the chance to get the feel of WP do some basic editing but limit their admin restrictions at the same time. I’m sure there are other demo sites I could just redirect the client to but I’m hoping to brand the site as my own, also I need to be able to display themes in a live environment in the near future.

This website has a demo site very close to what I’m seeking, allowing clients to view the WP site as admin or non-admin, Click Here!

My number #1 concern is security. I don’t need to open the flood gates to maleware or some brute-force attack guessing my basic PW. Such as admin / user just like the demo site above offers.

Number #2 concern is the ability to limit clients admin access.

I’ve thought about just running the site from localhost, portforward 80 and 443, I’ve already got a static IP but my concern with that is page speed.

I have no problem with installing a new WP installation subdomain / sub-directory or even a new demo testing domain if that’s my only option.

Would a WP installation of multisite installed on a subdomain do the trick?

I would really appreciate any advice, or just basic remarks as to why this is a bad idea / good idea.. Be honest!

Thanks
Fish!