The Arabic Voice
Platform Rebuild.
The Arabic Voice needed more than a visual redesign. The old WordPress ecosystem had become difficult to maintain, vulnerable to spam, fragmented across multiple domains, and unable to support a modern booking experience. I rebuilt it into a scalable voice-over platform with cleaner information architecture, modern CMS, structured talent and content management, a clearer booking flow, and a launch-ready technical foundation.
The engagement at a glance.
The Arabic Voice
Voice-over, Arabic media production
Platform rebuild
Product strategy, UX/UI, full-stack implementation, CMS, launch
Modern booking-ready platform replacing a messy legacy setup
The website is the storefront.
The Arabic Voice is a premium Arabic voice-over house — voice acting, dubbing, narration, IVR, and a two-sided talent marketplace. For a studio like this, the site isn't marketing; it's the audition room. A producer judges the talent in the first few seconds and decides whether to trust you with a job.
That trust was leaking — in ways the client couldn't see, but search engines could.
An estate held together with tape.
Four sites, four codebases, three of them legacy — and none of them safe to keep patching.
Dated, template-generic interfaces built on WordPress page-builders — heavy and inconsistent, pulling in four different visual directions across the four sites.
Booking meant manual back-and-forth email. The marketplace propped up 11,415 fabricated 5-star reviews, with talent audio stored as loose, breakable links.
Four separate codebases — three legacy — on one aging box. One site even posted its order form to a stranger's personal server, outside the client's control.
The flagship was actively compromised: a hidden backdoor fed spam to search engines and injected ~48,650 junk URLs — invisible to visitors, and repeatedly re-hacked.
thearabicvoice.com — the redesign, drag to compare
left: illustrative old-design mock · right: the live rebuild
Three decisions that shaped the whole engagement.
Stop the bleeding first.
Quarantine the compromised site, hash and cold-store the evidence, and freeze the infected box — rather than endlessly patch a foundation that kept getting re-breached.
One stack, not four band-aids.
A single modern, serverless platform for the entire estate. Clean-room build — no malware-era code, no plugin debt, security designed in from the first commit.
Nothing ships unverified.
Every change runs staging → independent verification → approval → production. A self-reported “it works” is never the gate — I confirm it in a real browser before customers do.
One platform. Four sites. Zero legacy.
Two flagships fully reimagined; two siblings re-platformed pixel-for-pixel — all four pulled onto the same secure, serverless stack, off the legacy boxes and off a stranger's server.

The flagship, reimagined
A clean, fast marketing site and a real Book-a-Voice-Over flow: browse the voice catalogue, hear samples instantly, request a quote — with accounts, Google sign-in, and payments scaffolded behind feature gates for a safe launch.
The marketplace, rebuilt honestly
A two-sided talent marketplace rebuilt on a clean data model. 263 real talents migrated — with their existing passwords still working — audio moved to durable storage, the approval queue preserved, and 11,415 fake reviews left behind. Full Arabic, right-to-left.

El Hakawaty — the workshop
The landing page for a quarterly Arabic voice-acting workshop — same design, same Subscribe flow, reproduced exactly — lifted off the legacy box onto the unified stack.

Arabic IVR — the store
An IVR-voice store with waveform players and a checkout — same design, same features, reproduced pixel-for-pixel — now on the unified stack, with its order form back under the client's control instead of a stranger's server.
From a patchwork to a single edge stack.
- WordPress + page-builder plugins
- Abandoned, vulnerable add-ons
- Bespoke legacy PHP apps
- A single DigitalOcean box
- Order form on a stranger's domain
- SMTP email, silently blocked
- Next.js 15 + Payload CMS 3
- Cloudflare Workers at the edge
- D1 database + R2 media storage
- Gmail HTTP API for reliable mail
- Turnstile + WAF, security by default
- One Cloudflare account · four sites
The problems that don't show up in a brief.
A rebuild is judged by the things that go wrong quietly. A few that did — and how they were caught.
Launch isn't just DNS and code.
Months after cutover, the payment processor was still firing webhooks at a dead legacy domain. The customer sees one brand; the back-end still remembers old endpoints. Launch is also every third-party dashboard nobody documented.
Read every layer, edge to origin.
A page kept returning 403 on staging. The app was fine — the firewall was challenging the literal word “booking”in the URL. The bug wasn't in the code; it was in the layer above it.
When the host fights you, route around it.
The new server simply couldn't send email — the host silently blocks outbound SMTP. So mail moved off SMTP entirely, onto an authenticated HTTP API. Same outcome for the user; a completely different path under the hood.
“It works” is never the gate.
The build passed and the page returned 200 — and still crashed at runtime. A passing pipeline proves the pipeline passed, nothing more. Every promotion is verified in a live browser before it reaches anyone.
What the client got back.
Build the platform once. Then properties cost days.
The flagship took five weeks because it was the platform — every pattern, every security control, every CMS collection built once. Once it existed, a whole new property could stand up in days on the same rails.
From a fragmented legacy estate to a shipped platform.
This project reflects the kind of work I now do independently: helping businesses move from fragmented, outdated digital systems to shipped products that combine strategy, UX/UI design, development, CMS, and launch execution.
Contain-then-rebuild call; one-stack consolidation over per-site fixes.
The unified edge stack and the data model behind the marketplace.
Designed in from commit one — gated launches, hardened access, spam neutralised.
Independent browser checks on every promotion; no change trusted on report.
Planning a rebuild that has to land cleanly?
Whether it's untangling legacy systems or an AI transformation, I help teams ship the change without breaking what's underneath.
m.motassem@gmail.com →