Staging and version control are not very suitable. area of ​​work on almost the entire core of the CMS and modules + new weighty developments.

1. Suitable / not suitable, and if you do all this without staging and version control, I advise you to sell the site while there is an opportunity with all the giblets and look for yourself in another area. The version control system is the only thing that will later allow you to understand at least in hindsight who is not clean at hand and take revenge with bad reviews in the profile.
   
2. Don't look for cheap freelancers without a reputation and a profile that makes sense to cherish.
   
3. Keep the repository in github and try to have the developer code from his main account. Akk should be with activity, history, otherwise what kind of developer is this? In general, it is true in that saying: "You, priest, would not be chasing for cheapness."
   
4. It is dangerous to let cheap non-name freelancers without history into the core. Give their code for review to the guys who are more serious, with a reputation. A review is also work, but it will cost less than coding all these features. For that, an experienced person will look with his own eye. Then you can ask him how he overlooked the malicious commit.
   
5. Bring everything you can to open source, but contribute to the root project yourself or through trusted people. Here you have free hands (if the features are useful), or extra eyes to check for lice.
   
6. There is not enough money for cool serious developers with a reputation, delegate them at least the preparation of a detailed TOR and, as I wrote above, a review.
   
7. Remember that sometimes the best is the enemy of the good. Know how to build an MVP. According to Pareto, 80% of the profit will bring you 20% of the features. Make them well, and the rest, perhaps, will disappear as unnecessary in fact.
   
8. As the saying goes, "it's time for you, and it's time for you, to conclude contracts with the fan factory." Correctly colleague noticed in the next answer. You are not an underground crypto-exchange, you are probably coding there. It is possible to conclude contracts with developers in white. Another reason for him not to spoil by illuminating the details and signing up.
   

Renat, be polite, before you say, count to 42.
Do not throw a kid in a purely criminal concept. Solve all problems by negotiation.
Freelancers, in general, don’t care about you, you are the customer and pay for the banquet, harming you and setting yourself up for so-so entertainment. Well, I have a lot of passwords. What should I drop the base? I'd rather take a second round from you when the students screw up with you, the more I will know what's going on with you.
I have a long-term project, we completed it 4 times, about 17 teams worked on it. We already know each other by name.

Do it yourself. Instead of freelancers.

There are only two exits. Either do everything yourself, or find one person who will do everything himself.

at a minimum, you must have an agreement with each freelancer and similar clauses in this agreement. (just related to all sorts of shells, backdoors, viruses, etc., you can also add about the losses that happened because of all this). well, all of them must work in the version control system in order to find out exactly whose code and when it was added.
and then if suddenly, someday you find a similar thing - to the court.

Judging by the description, staging and version control in the Gita is ideal.
It’s just that the percentage hit in the Git was made specifically for this

Allow coding in separate blocks and limit validation to only the list of functions you need.
PS: There is a lot of information: if you are interested, I can drop the article on my blog.