The problem
A nonprofit's website was hacked six days before their television feature.
Art Healing Hearts helps people heal through artistic expression. Shelters, convalescent homes, youth centers. The founder, Lu Monteleone, is an old friend. She brings an incredible amount of joy and warmth to the work she does.
The existing website had been online for years. Wordpress, plugins, the usual stack. Less than a week before a live TV feature in Las Vegas, the site was attacked. Hacked, defaced, completely unusable. The TV spot was going to drive a wave of traffic directly to the website. If the site was down, the donations wouldn't come.
One week to design, build, and launch a secure donation site from scratch.
No time for a full redesign cycle. No time for multiple rounds of review. The TV feature was happening on a fixed date, and the site needed to be accepting donations before that camera started rolling.
The old site was gone. Whatever came next had to be built fast, work perfectly, and stay secure. No plugins to exploit. No vulnerable dependencies. A clean slate.
What I did
A single-page design stripped down to what mattered: mission and donate.
White background with a warm purple-pink-orange gradient accent. Bright, hopeful, welcoming. Real photos of people creating art, not stock photography. The site needed to capture Lu's personality and the emotional impact of the work. Every element was either communicating the mission or guiding toward the donation form.
Single-page layout optimized for the TV audience. Someone sees the feature on TV, opens the site on their phone, and has a clear path to donate in under 30 seconds. No navigation, no sidebar, no distractions. The page scrolled through the mission, the impact areas, and the stories, then landed on a bold, colorful donation button.
Next.js on Vercel. Stripe for payments. Zero attack surface.
The old site was hacked through vulnerable plugins. The new site had zero plugins. No database to inject. No admin panel to brute force. Static generation with a Stripe integration. The site was a fixed set of pages served from a CDN. There was nothing to hack.
Scroll-depth tracking showed the flow was working. 30% of visitors reached the donation form. 5% completed a donation. For a single-page site built in a week, those numbers told us the structure was right.
The design was mine. The site has since moved on.
This project was built for a specific moment. The TV feature launched, the donations came in, and the site did its job. For personal reasons, the website is no longer mine to maintain. But the design, the architecture, and the work I did that week belong to this portfolio.
The result
10 donations on launch day. Zero vulnerabilities ever.
The TV spot aired. The site stayed up. 10 people donated on launch day. 5% of everyone who landed on the site completed a donation. The attack surface was zero. Nothing to hack, nothing to exploit.
Loading was instant. Stripe handled payments securely. The site worked on every device because the single-page format was designed for mobile-first traffic from a TV call-to-action.
It was one week of work for a friend who needed help, and the site delivered exactly what it needed to deliver at the exact moment it mattered most.
