LoginSecurity Icon



LoginSecurity is a lightweight password authorization plugin. You can optionally set a password each time you enter the server, adding a double layer of security to your account. The password is stored inside the configuration file, nobody else except the server owner can access or modify it.

How does it work?

Install the pluign to your /plugins/ directory, then start your server.
Type /register <password>, your account is now locked with a password.
For each time you login, make sure to use /login <password>.


  • Register your account optional or required (change in config)
  • 5 useful commands to manage your password
  • Saving supported in SQLite and MySQL
  • Encryption available in: MD5, SHA, SHA-1, SHA-256, SHA-512 and PHPBB3
  • Custom encoder: UTF-8 and UTF-16
  • Customizeable login session
  • Customizeable login timeout
  • Custom min and max length for passwords
  • Messager API for client mods
  • User friendly experiance
  • Converter for xAuth (detects if xAuth is installed)
  • Easy to use
  • Blocks anything from happening before logged in (commands, movement ,etc.)
  • Supports blindness effect for login
  • Prevents being kicked by orther players loging in with your name

Session login allows the user to log in right after they logged out and not have to type in their password again. (1 minute time limit of being logged out, stores IP during that time to keep everything safe)


/lac - Admin command, rmpass and reload

/register <password> - Set your password

/rmpass - Removes your password

/login <password> - Login with your password

/changepass <old> <new> - change your password

/logout - Logout


  • ls.admin - allows admin command


This tutorial is outdated, alot of things have changed after v2.0
Orther tutorials: German (by MineCraftler4Live)

To do

  • MD5 support
  • Add an IP lock
  • Add a login session
  • Fix /changepass
  • Add a language.yml for language support
  • add login timeout
  • add ip checker
  • Suggestions?

Known Bugs

  • Players can mount/dismount and ride on vehicles while not logged in


This plugin is connecting to mojang services to conver old data to new UUID data. It sends a request for every single player stored in your database, wich only hapends if you upgrade from 2.0.8 or lower to 2.0.9 or higher. This plugin utilises Hidendra's plugin metrics system, which means that the following information is collected and sent to mcstats.org:

  • A unique identifier
  • The server's version of Java
  • Whether the server is in offline or online mode
  • The plugin's version
  • The server's version
  • The OS version/name and architecture
  • The core count for the CPU
  • The number of players online
  • The Metrics version Opting out of this service can be done by editing plugins/Plugin Metrics/config.yml and changing opt-out to true.


If you want to support me working on this project, please donate.
It helps me alot to keep my projects up.
Donate at the top right corner

LoginSecurity build server Hit couter

You must login to post a comment. Don't have an account? Register to get one!

  • Avatar of ElekzaliZ ElekzaliZ Mar 04, 2015 at 18:21 UTC - 0 likes

    Hi all!

    Is it compatible with Spigot 1.8?

  • Avatar of diegobh diegobh Jan 31, 2015 at 18:44 UTC - 0 likes

    Very nice thank you!

    Ive some questions, please help me.

    I would like to make a recovery password from my website and just to learn somethings about this plugin.

    1) How to save the password in DB without encription? I see in config file: encription: BCRYPT, but what i have to put to set it just plaintext? Ive already tryied PLAINTEXT, false, none but was all the same. No differences.

    2) In DB have a unique_user_id coluum: that's a lot of characters. And an encryption coluum too. How could i insert more 2 colums: nick (in-game) and e-mail? So the user will register with: /register pass e-mail Or register from my website. And i will be allowed to make a recover password from e-mail :D

    And i found a bug: sometimes you can open doors without had logged in. And the screen isn't dark (ive set up the blindness to true).

    Thank you very much!

    Last edited Jan 31, 2015 by diegobh
  • Avatar of tylerguth tylerguth Jan 31, 2015 at 00:57 UTC - 0 likes

    i kinda forgot my password on my friend's server and now im screwed pretty much

  • Avatar of Tetdoss Tetdoss Jan 26, 2015 at 12:19 UTC - 0 likes

    Hello Nice and Light plugin which handle UUID :D

    Is it possible to prevent user to register and change password ? Because I force my users to register on my website !

    Moreover there is some bug when you spawn the first time (I am at the top of my spawn), and people with less than 3 characters can login.

    Try my first plugin: Jackpot

  • Avatar of Quaziz Quaziz Jan 11, 2015 at 22:45 UTC - 0 likes

    I would like to see a way to turn of the possibility for a user to do /register ingame. I want all members to first register on the servers website.

  • Avatar of JavituRec JavituRec Jan 11, 2015 at 18:33 UTC - 0 likes

    Is it possible to convert from authme reloaded for this plugin?. I want to switch to this plugin.


  • Avatar of live4redline live4redline Dec 29, 2014 at 01:05 UTC - 1 like

    To fix someones password you have to do "/lac rmpass <PLAYER_NAME>" and once done the player in question has to do "/register <NEW_PASSWORD>" in order to be unlocked.

    Its not a big or glitch but this was kind of confusing to figure out the first time. It would be nice if when you /lac rmpass the player it would automatically ALSO unlock them so the function doesn't seem like it didn't work properly.

  • Avatar of MinecraftShqip MinecraftShqip Dec 17, 2014 at 19:35 UTC - 1 like

    How can i find the password of the player

  • Avatar of raton023 raton023 Dec 06, 2014 at 14:56 UTC - 0 likes

    you need essentials for the echo command wich is a ping command but set it on player chat as it put echo something is cool

    I just hope that we never loose sigh of one thing, that it all started with a mouse.

  • Avatar of raton023 raton023 Dec 05, 2014 at 06:37 UTC - 0 likes

    DaDomoDude just set the config.yml

    password-required: false

    and in the bukkit directory edit the commands.yml make an alias like this


    - LoginSecurity:register $$1


    - echo just staff can register pal

    and they will be able to register with /imamothafukastaff password they must keep that command in private or use a permision system to put permisions on that command

    Last edited Dec 06, 2014 by raton023


Date created
Jul 07, 2012
Last update
Oct 27, 2014
Development stage
  • enUS
GNU General Public License version 3 (GPLv3)
Curse link
Recent files