I like programing on my localhost, however it really bugged me to make changes to index.php & config files on my production server. After combining all available wiki articles on this topic and some trial and error this is what I use for my applications so I could just upload it to production server and it will work without any changes.
This article is called extended guide is because there is already a security guide in the Yii tutorial security section. but that guide is not complete in the sense that it does not rise the developers' attention to some other commonly happening attacks: SQL injection and magic URL, which can be major vulnerabilities in your application without much caring.
Here is a step by step To-Do list for Yii beginners. The list is an advice of what tutorials and documentation you can walk through to get a full understanding of the Yii Framework. These can be a help to learn Yii.