For the case of a remote team who need access to the site, locally hosted WordPress stops being a viable option.
For this case, you’ll need a remotely accessible WordPress instance, so on some kind of hosting, whether you set it up yourself on an empty VPS or use a 1-click WordPress installer or any other kind of way to host WordPress remotely.
I usually refer to this as your “dev” server, where users go in and use WordPress as usual, but without it being seen by the public. When a user with authority to deploy the site is ready to (or on a schedule), you use WP2Static or other method to generate the static snapshot of your dev server’s current state and deploy it as a static site (to Netlify, S3 or other static site hosting option).
To keep your dev site secure, you should block everyone but your team from accessing it. Usually this is done with the help of a
htpasswd file. You can usually find a method of how to do this by searching for “MYHOSTINGNAME http basic authentication” or contact their support desk.
Let me know any more questions about this