WordPress is a Content Management System (CMS) and we can use it to develop good websites.
If we are using WordPress as one of our software tools we need to know how to do the right things together, in our style... FairCoop style. Always thinking about distributed, free content, free software, and use our system for the good of commons.
I'm proposing to follow these kind of rules starting here:
We need to understand the requirements of the project:
Information to offer.
Way to use, way of communication, graphics...
Create a version control and issue tracker
Create a structure for file management inside using coherence, (e.g. if you upload a photo for the blog, create a folder in file management naming blog...)
In WordPress we have to take care about plugins because there are a lot with not much testing and maybe some that are not secure... please use ones with more stars and downloads.
Check which plugins are not used, and try to remove them.
Think of the future
If you can edit .htaccess will be easier and cleaner because sometimes plugins are not necessary.
Backup, backup, backup and backup --> You can use a plugin but it's enough with All In One WP Security & Firewall, and we will use more things for security.
Keep WordPress and plugins up to date
Smart username and passwords (Don’t user “admin” as your username and choose a complex password)
Block bad bots (.htaccess / robots.txt / ipblock)
Always Use Secure Connections (sftp - SSL - ssh)
Redirecction and use SSL --> Lets Encrypt and .htaccess or with plugin like "simple ssl".