[Isias]

So, he gets your Rcon PW by brute forcing? Then you must have used quiet a week password, use a password that contains at least 7 to 14 digits, containing numbers, letters and !")§$ etc., while this word should not be found in any dictonary. Of course he can add himself as an admin in Mani afterwards once he gained the Rcon PW or is able to upload or download files, like the server.cfg or any .txt file, from the server. But if he's stil able to upload files via FTP to the server, he can add himself as an admin in any plugin he wants to.