There are no simple fixes without access to the codebase. You are throwing bags onto your mule until its legs break.
Let's recap:
The webserver and the database server are pre-written bullshit(I know you are looking to hire someone to write a secure Nginx webserver but I doubt anyone is going to sign an NDA for a small gaming community)
The forum is pre-written software that ONLY guarantees security if ran without any add-ons, which you run plenty of(this again can only be fixed with ACP, SFTP and SSH access)
Sourcebans has had SQLis dating back to its beginning with literally pre-written scripts to exploit them(this can only be fixed with SSH and SFTP access and is a MAJOR operation)
Forum permissions are quite the chaos(the general structure is really bad and you could fix that on your own if you wanted to)
I am not even going to start with the community issues as that would be an essay on its own. You should really start tackling some of those points and offload more work onto your staff. As a site owner you should have the time to actively develop and let your "underlings" do the dirty work.
This is your issue, Kevin. You are pretty good with networking but have little idea of programming, development, community management and websec. Stacking boxes on top of that is just going to make fixing the issues much much harder in the end.
Either you are going to hire a dev from your community or ask around the web if someone is up for the challenge and is willing to sign that silly NDA you want.
Just my 2cents and you really don't have to care what I have to say, I just find it worrying that top priority problems are pushed aside and then the changelogs contain vague wording such as
Which really just means you found something cool on google and added it without questioning it twice. The more you work on the current base, the more cluttered things will get. Structuring permissions and usergroups would be a great start already since you are saving yourself a lot of time you can use to find a good dev for instance.
Edit: I am not posting this publicly to shame or attack you. I am posting this publicly because I think a lot of people are not even aware of any of this because they see "updated backend stuff" and assume something major really happened. There is no shame in not being versed in code but owning a site, that's why you will find that large communities, such as Steamrep, have one or two technical admins who do all the development.