Wordpress 403 on selfhosted dedicated server

[Cartitarul]

Hi on some pages in the admin menu like edit I get this error

The worldpress version is latest with 8.1 php
The thing is that it happend suddenly after a directadmin update recently.
the DA logs are like this

Anyone can help me? I have also installed ModSecurity Comodo WAF 2.24.5

 

[ericosman]

Well, i have to polish off my Romanian hahaha but it looks like php 6.3.0 gets used (?)

 

[Cartitarul]

Well if your talking about the

i`ll translate it for you =)
WP_Scripts:rint_inline_scrip is considered old starting with version 6.3.0

 

[Cartitarul]

But the funny thing is if I deactivate all the plugins by renaming plugins folder the 403 error is still there but these PHP ones are not

 

[ericosman]

What does your htaccess say?
And do you see /wp-admin/edit.php in your ftp? how is the chmod and is the file still original?
There might be a (small) chance your website got infected at a certain point?

Your /wp-login is also trowing errors.

i guess you have debug turned on?

--edit: i see you also run an somewhat older version of elementor, but this should not be the issue

--editedit: i see on themeforest that people are not the most happy with the theme, maybe there is (a part) of your problem

"This theme is dreadful. I cannot discourage you more to not buy it. It conflicts with so many plugins, even the official woocommerce ones."

 

[Cartitarul]

Well the htaccess was on of my first debuging tryes, at first had

<FilesMatch ".*\.(phtml|php|PhP|php5|suspected)$">
Order Allow,Deny
Deny from all
</FilesMatch>
<FilesMatch "^(index.php|wp.php|admin.php|plugin-install.php|cong.php|about.php|install.php|xboom.php|mds.php|saiga.php|wp-admin.php|lv.php|content.php|zxl.php|fm.php|zeal.php|gettest.php|wp-login.php|include.php|dropdown.php|plugins.php)$">
Order Allow,Deny
Allow from all
</FilesMatch>

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . index.php [L]
</IfModule>

Then i tryed with only mod_rewrite.c deleteing the this above still no luck then i removed everything from the file the website stays the same. Right now the file is empty and the web is functional but some files cant be accesed
And to answer the other questions i have the file and file is still original the permissions are

because i set them thinking that was the problem and i dont think that my web got infected.

 

[ericosman]

Beginning of your htaccess doesnt seem to good to me:

Malicious code in .htaccess file – Hacked!

Malicious code in .htaccess file – Hacked! Resolved lpgadmin (@lpgadmin) 1 year, 4 months ago Hi My WordPress site seems to be infected with the AnonymousFox virus.This code is in my .htacces…

wordpress.org

Please install https://www.wordfence.com/
And see what it detects

 

[Cartitarul]

I am gonna try to install it manualy because i cant access some pages from my web

 

[Cartitarul]

Strange, could my DA admin account be compromised ? i have another user with a wordpress with the same htaccess

 

[Cartitarul]

Well this is nice

 

[ericosman]

Strange, could my DA admin account be compromised ? i have another user with a wordpress with the same htaccess

If multiple site's run under the same account then they change the files for "all" domains.
Run a virusscan like https://malware.expert/malware-scanner-and-removal/