We live in a world where now using "-Wall -Wextra" is a positive outlier. :D God damn. I have ALWAYS used these options, along with "-pedantic", "-std=c99" and so forth.
I picked up C for fun last year and this is exactly the flags I have always used by default. Can't remember where I picked that up, but glad to hear I'm doing it right
I always use "-std=c99 -Wall -Wextra -Wpedantic -Werror". You could replace "-Wpedantic" with "-pedantic" though (it is more supported). You may omit "-Werror".
Sometimes I also use "-D_XOPEN_SOURCE=700" and "-D_FORTIFY_SOURCE=2" along with "-fstack-protector-strong".
For debug builds you want "-O0 -g" at the very least.
I also have a make target that uses "scan-build", "cppcheck", and "clang-tidy".
While we are at it, here are some more useful warning flags I have used: https://github.com/cpp-best-practices/cppbestpractices/blob/.... Some C++-only though, some are a bit opinionated (like -Wsign-conversion) and some useful C-only flags might be missing.
Few C-specific references I found just now, but haven't tried myself yet:
Also a good idea to regularly run the program with sanitizers, using them in tests is a good way to do that I think. Why not during development as well if the performance is acceptable for that specific program.