๐Ÿ’ป Minecraft (Java)
Protect your server

How to protect your Minecraft server

โš ๏ธ

Most vulnerabilities appear when the server has the online-mode parameter set to false. However, this does not mean that a server with online-mode set to true is completely secure. We always recommend having additional security measures in place. In this guide, we explain how to protect your server from common attacks.

Use a plugin to register players

Remember that to use plugins, you must use versions such as Paper, Vanilla, or versions for mods that do not support plugins. Contact support if you need assistance.

On the most popular public servers that allow non-premium/cracked players, when you join the server, you are asked to register with the command /register <your password> if you are joining for the first time and to log in with /login <your password> when the nickname is already registered. Plugins such as nLogin or LoginSecurity allow you to protect players' accounts by registering their nickname with a password. Each time you join the server, you must enter the password you registered with in order to use that nickname on the server. This prevents other players from using your account on that server if they do not know the password for that account.

Premium/Official servers such as Hypixel or CubeCraft do not ask for a password, as it is assumed that you are logging in with a paid account and that paid account has to be logged into the launcher before it can be used. This is not the case with non-premium/cracked accounts, as they are not official accounts registered with Minecraft. Anyone can use the nickname on unofficial launchers, but you will not be able to log in to official or premium servers such as those mentioned above.

At VexyHost, you can install the nLogin plugin with its requirements already set up and ready to go from the game panel menu in Templates. After installing it, you can restart the server and join. You will need to have OP to complete the setup from the chat within the server.

Enable the whitelist

The whitelist is a list that filters which players can join the server; those who are not on the list will not be able to join. This is very useful for avoiding random players or bots that scan Minecraft server ports to send spam.

  • In your server console, activate the whitelist with the command: whitelist on
  • To add players to the list, use the command: whitelist add <nick>
  • To remove a player from the list, use the command: whitelist remove <nick>
  • If for any reason you need to disable the list and allow any player to enter, use the command: whitelist off
  • To see the current players on the list, use the command: whitelist list

Avoid downloading plugins or mods from untrusted sources.

Downloading plugins or mods from untrusted sources can be dangerous, as they may contain malicious code that compromises the security of your server. Always download plugins and mods from official or trusted sites such as SpigotMC, Bukkit, CurseForge, or Modrinth. Check comments and ratings from other users before downloading any files. โš  Always avoid "leaked" or "cracked" plugins, as these are modified versions of paid plugins and may contain malicious code/malware.

Protect your login credentials for your game panel and customer area

Never share your login credentials with anyone (not even your friends), use secure and unique passwords for your panels. Enable two-factor authentication (2FA) on both panels to add an extra layer of security to your account. If you need to give someone else access to your server panel or console, create a sub-user with limited permissions from the game panel.

Keep your plugins up to date

Always keep your plugins and server updated to the latest stable version whenever possible (when a new version is released, plugins may not be compatible for the first few days until they are also updated). Updates often include security patches that fix known vulnerabilities. Regularly check the official pages of the plugins you use to ensure you are using the latest version. Many plugins now include an automatic update option, which makes it easier to keep them up to date. We recommend enabling this option if it is available.

Perform frequent backups

Perform frequent backups of your server, especially before making important changes such as updating plugins or the server. At VexyHost, you can schedule automatic backups in the Schedules section of the game panel or create backups manually in the Backups section. If something goes wrong, you can restore your server to a previous state without losing all your data. We also perform automatic external backups daily, weekly, and monthly of all servers on our panel, which you can request by opening a support ticket.

โœ… That's all! If you have any problems or questions, please contact us via Discord (opens in a new tab) so we can help you.

Non-Premium ServerOptimize the server