Admin user lacks admin permissions after hack and can't reinstate

My site (4.5.3 on Apache/Linux) was hacked, I suspect something like the one described here. As best I can tell I've removed or at least disabled the hack, however admin users aren't able to perform actions like updating WordPress, adding plugins, etc.

So far, I have tried:

  1. Editing the existing admin user's permissions via phpMyAdmin.
  2. Adding a completely new admin user via phpMyAdmin.
  3. Overwriting core WP files with those from a fresh download (of the same version currently installed).
  4. Disabled (and then completely removed) all plugins.

All to no avail. Any thoughts on what I can try next?

Topic hacks hacked admin permissions Wordpress

Category Web

1
answered at

Turns out I wasn't as thorough as I thought in removing vestiges of the hack. Found some more obfuscated PHP in template files, along with some .php files I didn't have permissions for that shouldn't have been there.

Removed all that, and admin functionality is back to normal.

About

Geeks Mental is a community that publishes articles and tutorials about Web, Android, Data Science, new techniques and Linux security.