Hacked ?! Error 403 opening wp-admin/update-core.php

Hello,

Please check if all the files and folders have the correct permissions it should be 644 and 755 respectively. Also, disable the plugins and check once if you can login to wp-admin.
Also. can you see any suspicious files in your document root? and check htaccess file as well if there is any deny code present.

Login is not the problem, i can.
But calling wp-admin/update-core.php e.g. is an issue ??
Also i cannot upload plugins via backend etc

thanks for your post.
644 –> files
755 –> folders
are set

#BEGIN WordPress

RewriteEngine On
RewriteRule .* – [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] RewriteBase /
RewriteRule ^index.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

#END WordPress

• This reply was modified 9 months, 2 weeks ago by dakine77.

What about replacing all the WordPress files, plugins and themes with a fresh one ? Then you change all your credentials and install anti-malware plugin.

i made it to upload an anti-malware plugin.. now a second.. there are no issues.
:-/

all other plugins are all deactivated

would like to avoid complete new install

In fact what I fear is that some php files have been modified by the hacker. And this serves as a backdoor for him to enter.

Carefully follow this guide. When you’re done, you may want to implement some (if not all) of the recommended security measures and start backing up your site.

thanks for your feedbacks!
i′ll go through step by step