Is it a bad idea to develop my project directly on production server?

and if not, from security perspective what should I do - besides disabling the debug mode - when development is finished?

It’s a really bad idea.

One mistake at the wrong time, and you might leak all your data, expose your server to be hacked, accidentally delete all your code or data, …

Don’t do it. Use a PaaS instead if you’re just learning. Check out the djangogirls tutorial.


Absolutely agree with @adamchainz on this.

To address your other question, check out the Deploying Django page along with the Deployment Checklist.