Skip to content
Mo. MotassemStart a Project Brief

Rebuilding a Legacy Platform Without Breaking What's Underneath

Most legacy rebuilds fail in one of two ways.

Either you keep patching a system that's quietly rotting — another plugin, another hotfix, another late night — until it finally collapses under its own weight. Or you burn it all down and start clean, and discover on launch day that you've thrown away the things that were quietly holding the business together: the customer logins, the search rankings, the content nobody remembered to document.

The real work sits between those two mistakes. I'll walk through how I approach it using a recent rebuild.

The client was a premium Arabic voice-over house running on four separate WordPress sites — four codebases, three of them legacy, one actively compromised. A hidden backdoor was feeding spam to search engines and had injected roughly 48,650 junk URLs, invisible to visitors but not to Google. Booking meant manual email back-and-forth. The marketplace propped itself up with 11,415 fabricated five-star reviews. One site's order form posted to a stranger's server, outside the client's control. It was, in every sense, held together with tape.

Here's how you rebuild something like that without breaking what's underneath.

Contain before you rebuild

The instinct is to open the design tool. Resist it.

When a system is actively leaking trust — a live backdoor, injected spam, a re-hack cycle — the first job isn't design, it's stopping the bleeding. You cannot rebuild on a foundation that's on fire. Before a single screen was redrawn, the priority was cutting off the compromise and understanding exactly what the old system was doing, including the parts nobody meant to build.

Containment buys you something valuable: the freedom to rebuild deliberately instead of in a panic.

Separate what's worth keeping from what has to go

Every legacy estate is a tangle of assets and liabilities, and the whole job is to pull them apart.

On the asset side of this one: 263 real voice talents and their existing logins, original talent audio, two sibling sites whose designs still worked, and established domains carrying years of search history. On the liability side: the backdoor, the spam network, the 11,415 fake reviews, and four separate codebases nobody wanted to maintain.

The mistake is treating the whole system as either sacred or disposable. It's neither. You carry the value across and you leave the risk behind — and being honest about which is which is most of the work.

Migrate data like it's irreplaceable, because it is

This is where rebuilds quietly go wrong, long after the visible design is done.

The 263 talents were migrated with their existing passwords still working — because asking every user to reset their login is how you lose half of them in a week. Audio moved to durable storage so sample links stop rotting the way loose files always eventually do. The approval queue was preserved intact. And the 48,650 spam URLs were retired properly — returned as clean 410s, with real redirects for the pages that actually mattered — so the junk disappeared without taking the site's search history down with it.

None of that is glamorous. All of it is the difference between a migration users never notice and one they never forgive.

Debug edge to origin, not just the app

One launch detail worth naming: at one point the firewall was quietly returning 403s on any URL containing the word "booking." The application code was completely fine. The bug lived in the layer above it.

Legacy systems fail in the seams — DNS, CDN, firewall, origin, the application — and if you only ever look inside the app, you'll spend days chasing ghosts. Assume the problem can be anywhere in the stack, and debug from the edge inward.

Launch on rails, gate the risky parts

You don't have to ship everything at once to ship safely.

The secured core went live first. Accounts, Google sign-in, and payments were built and tested, then held behind feature gates — real, working, and dark until the moment they're needed. A staged launch, where each risky piece is switched on deliberately, beats a heroic all-at-once launch every time. It also means the day you go live is boring, which is exactly what you want.

What actually changes for the business

A redesign changes how the system looks. A rebuild changes what the business has to worry about.

The point of all of this was never "a nicer website."

It was this: the spam and the backdoor are gone. Publishing a new voice takes minutes instead of a developer ticket. Four codebases became one. The order form is back under the client's control. The maintenance burden dropped, and so did the security exposure. The business stopped spending its attention on keeping the old thing alive and started spending it on the work that actually makes money.

That's the line between a redesign and a rebuild. A redesign changes how the system looks. A rebuild changes what the business has to worry about.

The real goal

A rebuild isn't really a design project or an engineering project. It's a trust project.

The measure of success isn't how the new thing looks on launch day — it's that nothing anyone depended on quietly disappeared in the move. Contain the risk, carry the value across, and land the change on rails. Do those three things and the rebuild feels, from the outside, almost uneventful. That's the whole point.

If you're staring at a platform that's become more liability than asset, that's the kind of work I do — one accountable owner, from the first audit to a launch that holds.

Next step

Have a product idea worth building?

Tell me what you want to build — I'll help you scope the first version and the fastest path to launch.