*Certain details omitted for privacy reasons

Prologue

In early 2020, Acting School One’s (ASO) website was still running on Wix and failing to support their online business needs or communicate effectively. When the pandemic hit and disrupted in-person learning, their inability to adapt digitally became a make or break moment for the business.

Part I: Desperate Times

Rather than attempt to migrate/re-platform the entire website overnight, I proposed a rapid-deploy solution that would allow online tickets to be sold for a critical upcoming fundraiser and outdoor drive-in screening event.

In collaboration with the board of trustees and executive director, we assessed the goals of the non-profit and compared long-term costs of using a platform such as Eventbrite for this purpose. Ultimately, we determined the larger up-front cost for developing this environment in WordPress would be advantageous for the long-term savings of owning the on-prem solution. Additionally, this opened the door for the organization to try out WordPress as a ‘forever home’ for their website.

The events portal was launched on time and within budget for the business-critical fundraiser — and subsequently served as an online ticketing service for the following three years.

Part II: Trojan Horse

In 2023, ASO found themselves in a rather difficult situation. An internal team member had contracted a 3rd party developer (not me) to rebuild the main website on WordPress. From the details relayed to me after the fact, the project had not gone smoothly. The website was left partially finished, not properly launched, and the developer was no longer responding to calls or emails. To top it off, the portion of the new site that had successfully launched was infected with malware — and was displaying rather obscene ads on the site homepage.

At this point in the story, my responsibilities had been limited to the events portal and I was unaware of the ongoing rebuild.

The executive director called me in a near panic, requesting a lifeline.

My favorite non-profit needs my help? I’ll be on the next plane.

Part III: Slight of Hand

First we needed to regain control of the site and DNS so we can assess precisely how deep of a shit creek we’re in. I have a conversation with the executive director and say something to the effect of “give me the logins you have, and if it’s possible I’ll get your site back”. She gives me the green light.

I’ll summarize the next steps:

1. Flip DNS back to the old site to stop the bleeding. Audit user access and change admin password in order to lock out compromised developer.
2. Use a staff member’s credentials to access the new site. Copy site files and database to quarantine on local machine.
3. Manually inspect files and remove suspicious hex encoded strings. Remove unrecognized users. Upload to new (trusted) hosting environment with fresh WP install. Remote scan for malware and remove infected files.
4. Relaunch new site under new hosting environment. Schedule automated remote scanning of files and database. Manually inspect pages.
5. Report results and successful relaunch to client.

Part III: To Be Continued

We worked closely together to catch and remedy a handful of website issues and inadequacies throughout the following months. Since that eventful period, we’ve continued our partnership to grow the brand, further improving and expanding the functionality of the site.