Stabilize
Close quick wins, document integrations, confirm backups, remove obsolete public files and broken automation.
Kintsugi Kode Case Study
Legacy e-commerce store on MODX: 3 critical risks closed in one day.
The system worked. Revenue came in. Pages loaded. Nobody knew what was hiding inside.
Read-only discovery first. Production fixes only after review and approval.
The situation
A live online store selling ATV and snowmobile accessories to customers in the US, Canada and Europe. MODX Revolution, 40+ components, running on the same server for years.
No documentation. No staging environment. The original integrations were set up by a developer who was no longer involved.
The owner knew the system worked. But every change felt risky.
System profile
- E-commerce store for ATV/UTV and snowmobile accessories
- MODX Revolution + miniShop2 + 40+ additional components
- Hetzner Cloud server
- Markets: US, Canada and Europe
- Kintsugi Kode - 72-hour Legacy System Audit
What we found
None of these risks were visible from the outside. The store loaded and generated revenue, but the internal system had accumulated hidden technical risk.
Critical
PHP 7.4 in production.
End-of-life since November 2022, with no security patches for more than two years.
End-of-life since November 2022, with no security patches for more than two years.
Critical
Server log archive in a public folder.
A 13MB archive with internal server data was accessible via direct URL.
A 13MB archive with internal server data was accessible via direct URL.
Critical
Three cron jobs calling scripts that did not exist.
Automated tasks fired every 10 minutes and failed silently. A legacy integration had stopped working at an unknown point.
Automated tasks fired every 10 minutes and failed silently. A legacy integration had stopped working at an unknown point.
High
CMS source files exposed publicly.
MODX installation/source files were present in the public directory, revealing system structure.
MODX installation/source files were present in the public directory, revealing system structure.
High
40+ components untouched since 2021.
Payments, cart, search and captcha-related components were years out of date.
Payments, cart, search and captcha-related components were years out of date.
High
Online card payments unavailable.
Buyers discovered payment limitations too late in the purchase flow.
Buyers discovered payment limitations too late in the purchase flow.
What changed the same day
The discovery audit did not modify production. After review and approval, three critical risks were closed the same day:
- The public server log archive was removed.
- Exposed CMS source files were removed.
- Broken cron jobs were documented and disabled.
What the owner received
- Full system map
- Risk register
- Technical debt review
- Quick wins list
- 30/60/90-day modernization plan
What happens next
The remaining risks became a staged modernization roadmap. No blind rewrite. No random fixes. First stabilize, then upgrade, then migrate where it makes sense.
Update through staging
Build a staging environment and update critical components in order: payments, cart, captcha, search and operational modules.
Modernize safely
Upgrade PHP to a supported version, restore card payments and define the longer-term platform roadmap.
Find out what is hiding inside your legacy system.
Kintsugi Kode maps old websites, CRMs and backend systems before something breaks, before migration, before a blind rewrite.