I initially engaged this developer with a fixed contract and repeatedly ensured that he thoroughly understood all clauses in the contract, the project scope, and the agreed-upon price. I even suggested a code scan to assess the code's condition, but he insisted there was no need.
As work progressed on the website, it became apparent that he may have underestimated the adjustments and corrections required, leading to a decline in attention to detail. Subsequently, he began requesting additional charges for functionalities explicitly mentioned in the project scope.
The situation escalated when he asked for the total amount of the fixed project and proposed a shift to an hourly rate. Due to breaches of contract clauses and escalating issues, I terminated the contract with him on Upwork and sought a full refund.
In response, he fabricated lies, claiming project delays were due to numerous out-of-scope changes I requested. However, I was able to substantiate that these claims were false. Faced with impending arbitration and the prospect of sharing arbitration fees, he reluctantly accepted the Upwork mediator's recommendation.
However, he later sent a sarcastic message, which initially puzzled me. Upon further investigation, I discovered that he still had access to my Shopify theme code, despite permissions being revoked. This raised concerns about potential damage to my website.
After consulting with cybersecurity professionals, it was revealed that the developer, having no user access, likely left a backdoor in the theme's code, posing a serious security risk. I hold him accountable for his actions, given the evident malicious intent demonstrated by the message he left and the potential threat to the security of my code.
While I wish to provide screenshots as evidence, the described incidents should suffice to illustrate the developer's true color.