wp-admin 403 Forbidden

First: stay calm and have a coffee. Then read this: https://www.ads-software.com/support/article/faq-my-site-was-hacked/

My recommendation would be to delete the website completely and import a backup. Then update all plugins in it to the latest version. If there are no more updates, check if you really need the plugin in question.

A hack can also happen away from plugins. E.g. by too simple passwords of admin users or at the hosting. Therefore, in any case, change all passwords that you and others involved in your project use.

@threadi First: Thank you for this calming reply.

Thanks for the link, I will read the whole topic.

My recommendation would be to delete the website completely and import a backup

Honestly I don’t have a full backup of my website, though I have a backup to my wp-content folder locally using FileZilla, but I don’t have a backup to my wp-admin folder or anything else. The problem that the Host provider didn’t solve the backup problem, and as you can see this thing happened.
Also to mention the site is somehow has a large space just the wp-content is (about 9.11 GB) and has (95017 files) and (8768 folders).

A hack can also happen away from plugins. E.g. by too simple passwords of admin users or at the hosting

The passwords are really complex ones, but do you think some of the admins are exploited and their passwords are compromised??

Oh!! I almost forgot to mention, there were a lot of scam/spam posts (Bitcoin, dummy content, ….), well I deleted those before.

Thanks again, and please could you provide me with material, links, docs, or any sort of help. Really really appreciate your help.

If posts were written, then there was some authorized access. Of course, any users you have are compromised, so you must change their passwords.

You can also use plugins like https://www.wordfence.com/ to scan and clean your project. However, there is a residual risk that the gap through which the attack came is still open afterwards if you continue to use the existing system.

By the way, I hope that your website is not currently online with these spam entries. Because by doing so, you also endanger any visitor who calls up your website.

You can also use plugins like https://www.wordfence.com/ to scan and clean your project

I told you, now I can’t access the dashboard, or even the login page.

Just if you can answer me, can I do a fresh install of WP with just the wp-content folder in hand? and if so, what else do I need (let’s the wp-config)??

The database contains all the content of your website. In the folder wp-content are “only” the files, plugins and themes you uploaded. These are 2 different things. So if you want to keep the content, you would theoretically have to keep using the database. However, the database contains the code of your attackers, as well as the access data of the users, while wp-content probably also contains the plugin through which the attack happened.