Universal plan (announced to the customer at the conclusion of the transaction):
No prepayment or symbolic prepayment.
You make a website. In the course of development, show progress only through screenshots, or through screen sharing.
When the site is ready, the actions are as follows:
If the customer immediately asks for files: demand full payment (or the full balance if there was an advance payment).
If the customer asks for something like "I want to view/test the site in different browsers/devices (i.e. front-end): require 50% payment (or more/less - depends on the volume of work on the front-end as a percentage of the volume of all work), upload to your hosting and let him watch / test.
If the customer asks for something like "I want to see the admin panel": demand full payment (or the full balance if there was an advance payment).
About

a million edits

during development / after delivery - everything should be spelled out in the TOR. Everything that is not described in the TK (if there is a TK at all), you are free to do as you see fit. But don't flaunt it. It is better to clarify all controversial points before than after.

I support the other commentators and those who answered - upload to your hosting, let the customer at least be tested, then pay 95% and upload to his hosting. Otherwise, with a high degree of probability, you will not see the money.
Well, or issue a BS (secure transaction) on any freelance resource - then you can upload it to its hosting.

I think that such customers should be avoided. You should not let the customer host your site on his host, because there is no means of protection against theft. This is his host.
In general, I recommend taking an extra for each edit. fee. (Well, make 2 edits for free, let's say). Otherwise, they will bash you to the last.
In short, in no case do not upload the site to its host, especially if it has not transferred you an advance payment before.

Breaking the site to the customer is not necessary. This is unprofessional and unethical.
That's right - do not upload the site to its hosting before payment.
There are much more crooks who are trying to cash in than adequate customers. You won’t educate everyone, in addition, there is a decent chance to spoil your mood and reputation and kill time in vain. And if the customer also proves that you went to his hosting, broke something and he suffered damage, then he can also sue him, but you can’t, because apparently you are not working with him under a contract.
In general - either fill in after payment, or score on the client and look for normal ones.

so he will already have a backup, will you break it every time? You can probably write a script that will change something in the database.
In general, even from your hosting, having access to the admin panel, you can get files and a database.
He sees that the site is ready, let him pay, then fill it in, or let him give 80%, for example.

In no case do not transfer the site without receiving payment ... It may seem to you a serious person or even an organization, but trust my bitter experience - 100% will be thrown. Organizations scammed me three times)))) So that they received the full amount of money, moreover, without any protection code (webmoney, Yandex) and transferred the site to its hosting.
I always upload to my test hosting, give it access to the admin panel. Let him check. Although, IMHO, you can also steal the site from the admin panel (for example, install updraftplus backup), create a copy of the site along with the database and download ... So you can restrict the rights of the customer.

proxy on the customer's server - in fact, the site works from your site, but in the browser the customer's domain. After payment, transfer for real.