The Arabic Voice — platform rebuild
Discuss a Product Build
Case study  ·  Product strategy, UX/UI & full-stack ·  2026

The Arabic Voice
Platform Rebuild.

The Arabic Voice needed more than a visual redesign. The old WordPress ecosystem had become difficult to maintain, vulnerable to spam, fragmented across multiple domains, and unable to support a modern booking experience. I rebuilt it into a scalable voice-over platform with cleaner information architecture, modern CMS, structured talent and content management, a clearer booking flow, and a launch-ready technical foundation.

4
sites rebuilt
~6 wks
whole estate
48,650
spam URLs retired
263
talents migrated
1
unified stack
Snapshot

The engagement at a glance.

Client

The Arabic Voice

Industry

Voice-over, Arabic media production

Type

Platform rebuild

Role

Product strategy, UX/UI, full-stack implementation, CMS, launch

Outcome

Modern booking-ready platform replacing a messy legacy setup

The client

The website is the storefront.

The Arabic Voice is a premium Arabic voice-over house — voice acting, dubbing, narration, IVR, and a two-sided talent marketplace. For a studio like this, the site isn't marketing; it's the audition room. A producer judges the talent in the first few seconds and decides whether to trust you with a job.

That trust was leaking — in ways the client couldn't see, but search engines could.

The problem

An estate held together with tape.

Four sites, four codebases, three of them legacy — and none of them safe to keep patching.

Design

Dated, template-generic interfaces built on WordPress page-builders — heavy and inconsistent, pulling in four different visual directions across the four sites.

Features

Booking meant manual back-and-forth email. The marketplace propped up 11,415 fabricated 5-star reviews, with talent audio stored as loose, breakable links.

Stack

Four separate codebases — three legacy — on one aging box. One site even posted its order form to a stranger's personal server, outside the client's control.

Security

The flagship was actively compromised: a hidden backdoor fed spam to search engines and injected ~48,650 junk URLs — invisible to visitors, and repeatedly re-hacked.

thearabicvoice.com — the redesign, drag to compare

left: illustrative old-design mock · right: the live rebuild
🔒 thearabicvoice.com
After · livethearabicvoice.com — the rebuilt homepage
thearabicvoice.com
Before · original design
GET A QUOTE
Same studio, a full redesign apart — left: the original site · right: the rebuild.
The strategy

Three decisions that shaped the whole engagement.

01 — Contain

Stop the bleeding first.

Quarantine the compromised site, hash and cold-store the evidence, and freeze the infected box — rather than endlessly patch a foundation that kept getting re-breached.

02 — Rebuild clean

One stack, not four band-aids.

A single modern, serverless platform for the entire estate. Clean-room build — no malware-era code, no plugin debt, security designed in from the first commit.

03 — Launch on rails

Nothing ships unverified.

Every change runs staging → independent verification → approval → production. A self-reported “it works” is never the gate — I confirm it in a real browser before customers do.

What I built

One platform. Four sites. Zero legacy.

Two flagships fully reimagined; two siblings re-platformed pixel-for-pixel — all four pulled onto the same secure, serverless stack, off the legacy boxes and off a stranger's server.

01thearabicvoice.com homepage

The flagship, reimagined

thearabicvoice.com

A clean, fast marketing site and a real Book-a-Voice-Over flow: browse the voice catalogue, hear samples instantly, request a quote — with accounts, Google sign-in, and payments scaffolded behind feature gates for a safe launch.

Next.js 15Payload CMSTurnstile + WAFspam URLs → 410
Full redesign
02

The marketplace, rebuilt honestly

arabicvoices.net

A two-sided talent marketplace rebuilt on a clean data model. 263 real talents migrated — with their existing passwords still working — audio moved to durable storage, the approval queue preserved, and 11,415 fake reviews left behind. Full Arabic, right-to-left.

Payload + D1legacy logins preservedfake reviews droppedArabic RTL
Full redesign
03elhakawaty.com landing

El Hakawaty — the workshop

elhakawaty.com

The landing page for a quarterly Arabic voice-acting workshop — same design, same Subscribe flow, reproduced exactly — lifted off the legacy box onto the unified stack.

static PHP · legacy box Payload · Cloudflare Workers / D1 / R2
Re-platformed 1:1
04arabicivr.com homepage

Arabic IVR — the store

arabicivr.com

An IVR-voice store with waveform players and a checkout — same design, same features, reproduced pixel-for-pixel — now on the unified stack, with its order form back under the client's control instead of a stranger's server.

bespoke PHP · legacy box · 3rd-party form Payload · Cloudflare Workers / D1 / R2
Re-platformed 1:1
Under the hood

From a patchwork to a single edge stack.

Before — what we retired
  • WordPress + page-builder plugins
  • Abandoned, vulnerable add-ons
  • Bespoke legacy PHP apps
  • A single DigitalOcean box
  • Order form on a stranger's domain
  • SMTP email, silently blocked
After — one toolchain
  • Next.js 15 + Payload CMS 3
  • Cloudflare Workers at the edge
  • D1 database + R2 media storage
  • Gmail HTTP API for reliable mail
  • Turnstile + WAF, security by default
  • One Cloudflare account · four sites
The craft layer

The problems that don't show up in a brief.

A rebuild is judged by the things that go wrong quietly. A few that did — and how they were caught.

The ghost webhook

Launch isn't just DNS and code.

Months after cutover, the payment processor was still firing webhooks at a dead legacy domain. The customer sees one brand; the back-end still remembers old endpoints. Launch is also every third-party dashboard nobody documented.

The word “booking”

Read every layer, edge to origin.

A page kept returning 403 on staging. The app was fine — the firewall was challenging the literal word “booking”in the URL. The bug wasn't in the code; it was in the layer above it.

The blocked mailroom

When the host fights you, route around it.

The new server simply couldn't send email — the host silently blocks outbound SMTP. So mail moved off SMTP entirely, onto an authenticated HTTP API. Same outcome for the user; a completely different path under the hood.

The green build that lied

“It works” is never the gate.

The build passed and the page returned 200 — and still crashed at runtime. A passing pipeline proves the pipeline passed, nothing more. Every promotion is verified in a live browser before it reaches anyone.

Results

What the client got back.

0
Active compromises remaining. The backdoor, the spam network, and the re-hack cycle — gone.
48,650
Injected spam URLs retired as clean 410 Gone, with proper redirects for the real pages.
263
Real talents migrated — old passwords intact, audio preserved, fake reviews discarded.
4 → 1
Separate sites and codebases consolidated onto one stack and one account.
~6 wks
From first commit to a live, secured estate — flagship platform first, then siblings in days.
100%
Of production promotions verified in a real browser, never on a self-report.
The timeline

Build the platform once. Then properties cost days.

thearabicvoice.com21 May → 29 Jun · 501 commits
the platform
arabicvoices.net4 Jun → 1 Jul · 153 commits
marketplace
elhakawaty.com6 → 12 Jun · 13 commits
~1 week
arabicivr.com6 → 7 Jun · 6 commits
2 days
21 Mayearly June1 July

The flagship took five weeks because it was the platform — every pattern, every security control, every CMS collection built once. Once it existed, a whole new property could stand up in days on the same rails.

What this proves

From a fragmented legacy estate to a shipped platform.

This project reflects the kind of work I now do independently: helping businesses move from fragmented, outdated digital systems to shipped products that combine strategy, UX/UI design, development, CMS, and launch execution.

Strategy

Contain-then-rebuild call; one-stack consolidation over per-site fixes.

Architecture

The unified edge stack and the data model behind the marketplace.

Security

Designed in from commit one — gated launches, hardened access, spam neutralised.

Verification

Independent browser checks on every promotion; no change trusted on report.

Planning a rebuild that has to land cleanly?

Whether it's untangling legacy systems or an AI transformation, I help teams ship the change without breaking what's underneath.

m.motassem@gmail.com →