M
MRR Story
Case StudyMay 2026

This Indie Hacker Reached $6,772 MRR With Just $20/Day Meta Ads

GnKDJjVagAEGxNz.jpg

TL;DR: Discover how Laravel developer Lorik Morina built a ~$7K MRR SaaS portfolio in just 21 weeks by launching an AI e-commerce mobile app and a B2B website security tool. Using a strategic 50/50 mix of paid Meta ads and organic growth, he successfully turned a "scratch your own itch" approach into a highly profitable indie business. This case study breaks down his exact tech stack, long-tail SEO strategies, and the practical lessons learned from scaling multiple products.

Hello! Who are you and what business did you start?

Hi! I’m Lorik Morina. I am a software developer with over 20 years of experience, mostly focusing on Laravel. I am from Kosovo, where I co-own a software studio called BllekHoll. For a long time, I built internal tools and did client work. But recently, I decided to build for myself.

Today, I run a portfolio of profitable software products that solve real business problems. By my 21st week of building in public, my portfolio hit $6,772 in Monthly Recurring Revenue (MRR).

My revenue engine is a mix of two things:

  1. AI Mobile Apps (Consumer/E-commerce): Products like RotateProduct, which uses AI to turn a single static photo into a professional 3D rotating product video. It solves a massive pain point for e-commerce sellers on Shopify who need better videos to increase their sales.

  2. B2B Security Tools (SecureVibing): SecureVibing is a website security scanner tailored for the indie hacker community. Because so many founders are rushing to build apps using AI (what we call "vibe-coding"), they are leaving huge security holes open. SecureVibing scans for exposed API keys, Supabase misconfigurations, and public databases.

My target audience is broad, but it boils down to e-commerce merchants who want to sell more, and SaaS founders who want to secure their fast-moving projects without spending thousands of dollars on enterprise security.

What is your background, and how did you come up with these ideas?

I studied computer engineering, but before I dove into SaaS, I actually ran a small local physical business. This gave me a superpower: I learned exactly what real business owners struggle with.

For the AI video app, the idea came from my own pain. When you sell physical products, static images kill your conversion rates. People want to see the product from every angle. But hiring a 3D studio or a video crew is too expensive. I realized that if I could upload one photo and get a 3D rotating video back using AI, I would pay for it instantly.

That became my golden rule for idea validation: "If I am ready to pay for this, then probably there are more people like me." For SecureVibing, the idea came from being a developer in the indie hacker community. Today, everyone uses AI tools like Cursor or Copilot to ship apps in a weekend. But they make terrifying mistakes. I was looking at indie apps on X (Twitter) and finding exposed API keys or open databases everywhere. I even helped fix vulnerabilities for other founders.

I decided to take my 20 years of coding experience and build a scanner SecureVibing that does these checks automatically. I scratch my own itch, and then I sell the back-scratcher.

Take us through the process of building the products. What is your tech stack and startup costs?

My building process is all about being pragmatic. I don't chase shiny new coding languages. I build with what I know works, which allows me to ship very fast.

The Tech Stack:

  • Web Backends: I rely heavily on Laravel. It is stable, secure, and I know it inside out.

  • Mobile Apps: I focus heavily on the iOS App Store. For subscriptions inside the app, I use RevenueCat, which makes handling weekly, monthly, and yearly billing very easy.

  • AI Integration: For the consumer apps, I use AI APIs that handle the heavy lifting (like image-to-mod generation or 3D rotation).

  • Security Scanning: SecureVibing uses custom crawling logic, pattern matching to find secret keys, header analysis, and deep database configuration testing (like SupabaseCheck).

Startup Costs:
Because I am a developer, my startup costs were basically zero. I only paid for domain names, basic server hosting, and Apple Developer account fees. The real cost was my time. But because I kept the tech stack simple, I was able to launch the first version of the mobile app in late 2025/early 2026 without raising any outside money.

How did you validate the idea and get your first customers after launching?

x-post_1.5x_postspark_2026-05-21_02-11-25.pngA lot of indie developers will tell you to avoid "super saturated markets." I did the exact opposite. I entered a saturated market intentionally because competition proves there is demand. You just need a slightly better angle, like using AI to make it faster.

I launched the app and honestly, on Day 1, I had 33 downloads and zero MRR. I didn't wait for a magical viral moment. Instead, I used a multi-channel approach to get those first paying users:

1. Hacker News Launch: I posted my project on Hacker News. Within two weeks, I had about 30+ signups and crossed my first $100 in MRR. For someone with no massive social media following, this was a huge win.

2. Paid Ads from Day One: Here is where I am different from most indie hackers. I didn't wait to build a massive audience. From my local business experience, I learned that nothing beats paid advertising when done right. I set up Meta (Facebook/Instagram) ads spending just $20 a day. This bought me immediate traffic to test if people actually wanted the product.

3. Direct Landing Pages & App Store Optimization (ASO): I made sure my website had smart Apple meta tags so that mobile visitors were pushed directly to download the app.

You hit $6.7K MRR in just 21 weeks. What is the core mechanism driving your growth today?

Screenshot_326.jpgBy Week 21, the business hit $6,772 MRR (App: $6,512 + Web: $260), growing between 9% and 16% week-over-week. The secret to this growth is a perfectly balanced 50/50 split between Organic and Paid acquisition.

Here is the exact breakdown of my growth channels today:

1. Scalable Paid Ads (Meta):
I kept my ads running. When you spend $20/day and it brings back more than $20 in subscription value, you have a money-printing machine. The trick is to watch your ROI (Return on Investment) closely. I don't burn thousands of dollars; I spend efficiently.

2. The Referral Program (Word of Mouth):
I launched a referral program that rewards both the person referring the app and the new user. E-commerce store owners talk to each other. When one store owner finds a tool that increases their sales, they tell their friends. The referral program adds a massive, free boost to my growth.

3. The Shopify App Store Effect:
Listing the product as an app on the Shopify App Store was a game-changer. Shopify merchants are always searching for tools to help them sell more. By ranking high there, I get users with high purchase intent for free.

4. Building in Public on X (Twitter):
I post my progress, my revenue numbers, and my mistakes on X (@lorikmor). Transparency builds massive trust. I only have around 2,000 followers, but because I am honest, my posts get thousands of views. Fellow indie hackers share my stuff, and it acts as free marketing.

5. Cross-Pollination (The Portfolio Effect):
This is a huge secret. When I find a security bug in a famous indie app and use SecureVibing to help them fix it, they talk about it. That builds my credibility as a serious engineer. When people trust me as a security expert, they are much more willing to download and pay for my AI apps. My apps fund my security tools, and my security tools build trust for my apps.

Let's talk about SEO. How important is organic search for your web products?

x-post_1.5x_postspark_2026-05-21_02-15-52.pngx-post_1.5x_postspark_2026-05-21_02-15-12.pngSEO is incredibly important, especially for B2B tools like SecureVibing and the web version of my AI tools. But my strategy is different from what most "gurus" teach.

Here is my secret for SEO: Long-tail SEO compounds. Thousands of small keywords beat chasing huge keywords.

Instead of trying to rank for a massive, impossible keyword like "website security," I create content and tools around highly specific problems. For example, ranking for "How to fix Supabase RLS update policy error" or "AI 3D rotating product video for Shopify." These long-tail keywords have lower search volume, but the people searching for them are desperate for a solution. They convert into paying customers at a much higher rate. Over time, ranking for hundreds of these small keywords builds a massive, unstoppable flow of traffic.

What is your revenue model and pricing strategy?

I like to give people options based on how they use the product.

For the AI E-commerce App:

  • SaaS Tiers: We offer monthly subscriptions at $19/mo, $39/mo, and $99/mo depending on how many videos you need to generate. We also offer weekly, yearly, and lifetime deals inside the iOS app via RevenueCat.

  • Usage-Based (Shopify): On the Shopify App store, it is free to install, but merchants pay $3 per successfully generated video. This removes the risk for them; they only pay when they get exactly what they want.

For SecureVibing (Security):

  • One-Time High-Ticket: I offer complete, manual security audits for ~$499. This is pure value for a startup that wants peace of mind.

  • Subscriptions: Founders can subscribe for periodic, automated deep scans that send email reports to make sure their new code didn't break their security.

What were the biggest mistakes or challenges you faced along the way?

Growth is never a straight line up. I have made plenty of mistakes.

1. "I Messed Up the Ads"
During Week 21, I experienced one of my slowest weeks of growth (only 9.3% WoW). Why? I openly admitted on X that I messed up my Meta ads at the beginning of the week. When 50% of your growth relies on paid acquisition, breaking your ads means your revenue growth instantly slows down. But because I track my data, I spotted it quickly, fixed it, and growth went back to normal.

2. Taking My Eye Off Marketing
There was a period where I paused my marketing efforts to focus purely on building. My MRR dipped by 3%. It taught me a valuable lesson: your business needs constant oxygen. Thankfully, the product has strong retention, so it was a passive resilience, but it proved I can't ignore acquisition.

3. Handling Outages
When you rely on third-party AI APIs, sometimes things break. I had an outage recently, but I jumped on it and fixed it within 1 hour. Fast customer service saves cancellations.

Through SecureVibing, what are the biggest technical mistakes you see other founders making today?

The indie hacker scene is amazing right now, but AI coding assistants are making people lazy with security. The biggest mistake is confusing Client-Side UI with Server-Side Security.

Founders use AI to build beautiful paywalls that hide features if a user isn't subscribed. But they forget to block the actual API endpoint on the backend. A smart user can open their browser's DevTools, bypass the UI, and use the app for free. If the app uses expensive AI APIs, the founder is literally paying out of pocket for a hacker to use their tool.

Secondly, database rules. Tools like Supabase are great, but many founders misconfigure their Row Level Security (RLS). They leave their user tables open, meaning a free user could technically edit their database row and change their status to "Premium." SecureVibing was built specifically to scan for these exact "vibe-coding" mistakes.

What are your top secrets and strategies for other indie hackers who want to reach $7k+ MRR?

Screenshot_327.jpgIf you want to build a real business, here is the playbook I follow:

1. Marketing > Building.
As a developer, I love writing code. But marketing is much harder and much more important. Don't spend 6 months building in a cave. Launch fast, and spend your energy figuring out how to sell it. If you have a budget, don't be afraid to test small paid ads ($10 to $20 a day) to get immediate feedback.

2. Build what you would pay for.
Don't guess what the market wants. Solve a problem that you personally have experienced in a real business. If it saves you time or makes you money, other people will pull out their credit cards for it too.

3. Be transparent, but don't over-share.
Building in public is a cheat code for organic growth. Share your MRR, your mistakes, and your lessons. It builds goodwill. But you don't need to doxx your exact ad creatives or your deepest secrets. Share enough to provide value and build trust.

4. Build a portfolio, avoid shiny objects.
Having multiple small products is a great way to stabilize your income. My consumer apps bring in high volume, and my B2B security tools bring in high-value stability. But don't bounce from idea to idea every week. Stick to a product, iterate based on real data, fix your ads, and grind it out. It took me 5 solid months of focus to reach $7k MRR. It’s not an overnight success; it’s just consistent, data-driven execution.

Follow Lorik's continued journey to $10K MRR on X: [@lorikmor]

$7k/mo

Lorik Morina

Founder · SecureVibing

Kosovo
2025started
solofounder
NicheE-commerce AI Tools & B2B SaaS Security.
Visit SecureVibing@lorikmor

Frequently Asked Questions

Unlike founders who rely solely on viral social media launches, Lorik used a strategic 50/50 split of paid Meta ads (starting at just $20/day) and organic channels like Hacker News, the Shopify App Store, and a built-in referral program to predictably scale to $7,000+ MRR.
RotateProduct is an AI app built by Lorik specifically to solve this problem for e-commerce brands. It uses AI to turn a single static photo into a professional 3D rotating video, removing the need for expensive 3D modeling or professional studio equipment.
The most common "vibe-coding" mistake is confusing client-side UI with server-side security. Startup founders often hide premium features in the frontend but forget to secure the backend API endpoints, leading to severe API key leaks and unauthorized server costs.
Tools like SecureVibing.com are specifically built for indie hackers to automatically scan their web apps and SaaS projects. It systematically checks for exposed API keys, public databases, and missing Row Level Security (RLS) constraints.
Yes. Lorik's case study proves that if your product solves a direct business pain point (like increasing e-commerce conversions), small, highly targeted Meta ad budgets ($20/day) can yield a positive ROI and fund your early user acquisition before SEO kicks in.
Instead of competing for broad terms, target highly specific, high-intent problems. For example, instead of trying to rank for "website security," target "how to fix Supabase RLS update policy error." These long-tail keywords compound over time and convert much better because the searcher has high purchase intent.

More Case Studies

$17K/mo
founder story

This No-Code Sports App Hit $45K in 2 Months

Christian Rac shares:

  • ✓ What the product is & how they built it
  • ✓ How they got their very first paying customer
$6,000/mo
founder story

How a 21-Year-Old Built a $6K/Mo SaaS After Getting Banned From Reddit 6 Times

Arthur Yuzbashev shares:

  • ✓ What the product is & how they built it
  • ✓ How they got their very first paying customer
$2K/mo
founder story

How a Solo Founder Built $5.3K MRR With AI Tools and Reddit SEO

Neel Seth shares:

  • ✓ What the product is & how they built it
  • ✓ How they got their very first paying customer
3K/mo
founder story

From $10/Day to $3K/Mo: His Simple Subscription Switch

Ivan Terekhin (Vanka) shares:

  • ✓ What the product is & how they built it
  • ✓ How they got their very first paying customer