LoginSecurity Icon



LoginSecurity is a lightweight password authorization plugin. You can optionally set a password each time you enter the server, adding a double layer of security to your account. The password is stored inside the configuration file, nobody else except the server owner can access or modify it.

How does it work?

Install the pluign to your /plugins/ directory, then start your server.
Type /register <password>, your account is now locked with a password.
For each time you login, make sure to use /login <password>.


  • Register your account optional or required (change in config)
  • 5 useful commands to manage your password
  • Saving supported in SQLite and MySQL
  • Encryption available in: MD5, SHA, SHA-1, SHA-256, SHA-512 and PHPBB3
  • Custom encoder: UTF-8 and UTF-16
  • Customizeable login session
  • Customizeable login timeout
  • Custom min and max length for passwords
  • Messager API for client mods
  • User friendly experiance
  • Converter for xAuth (detects if xAuth is installed)
  • Easy to use
  • Blocks anything from happening before logged in (commands, movement ,etc.)
  • Supports blindness effect for login
  • Prevents being kicked by orther players loging in with your name

Session login allows the user to log in right after they logged out and not have to type in their password again. (1 minute time limit of being logged out, stores IP during that time to keep everything safe)


/lac - Admin command, rmpass and reload

/register <password> - Set your password

/rmpass - Removes your password

/login <password> - Login with your password

/changepass <old> <new> - change your password

/logout - Logout


  • ls.admin - allows admin command


This tutorial is outdated, alot of things have changed after v2.0
Orther tutorials: German (by MineCraftler4Live)

To do

  • MD5 support
  • Add an IP lock
  • Add a login session
  • Fix /changepass
  • Add a language.yml for language support
  • add login timeout
  • add ip checker
  • Suggestions?

Known Bugs

  • Players can mount/dismount and ride on vehicles while not logged in


By default, LoginSecurity will check for updates from bukkitdev every 3 hours.
This feature can be disabled by setting "update-checker" to "false"
Anyone with the permission node ls.admin will be notified of updates, and it also able to download them via /lac update.
Which again can be disabled by disabling the update-checker

This plugin utilises Hidendra's plugin metrics system, which means that the following information is collected and sent to mcstats.org:

  • A unique identifier
  • The server's version of Java
  • Whether the server is in offline or online mode
  • The plugin's version
  • The server's version
  • The OS version/name and architecture
  • The core count for the CPU
  • The number of players online The Metrics version Opting out of this service can be done by editing plugins/Plugin Metrics/config.yml and changing opt-out to true.


If you want to support me working on this project, please donate.
It helps me alot to keep my projects up.
Donate at the top right corner

LoginSecurity build server

You must login to post a comment. Don't have an account? Register to get one!

  • Avatar of Bartusiak Bartusiak May 27, 2016 at 22:43 UTC - 0 likes


    Yes this plugin . Players are on cords 0 0 0 and for example in the nether/ the end flying down and dying.

    Your plugin good work only in first world when you have "ON" fake cords.

  • Avatar of lenis0012 lenis0012 May 26, 2016 at 11:46 UTC - 0 likes

    @Thoughtyness: Go

    It's true that hashing is very different from encryption. but thats the technical term behind it. For the average english person "encryption" has the same meaning as "obscuring" "hashing" is a more unkown term the average server owner.

    @Theone102: Go

    I will look into adding this feature. basically, you want a required permission, where anyone with permission X is forced to register.

    @Grellas: Go

    Yeah thats quite problematic. Ill try tot hink of something

    @Blackyvk: Go

    next week

    @mirolm: Go

    thanks for praising me :P LoginSecurity 2.1 is going to have this issue fixed along with some other neat changes. You can check the 2.1 branch on github if you want

    @Bartusiak: Go

    is this an issue caused by my plugin? ill do some testing :)

    @saintblair: Go

    I will add some method to recover a password :)

    Follow me on twitter for updates: @lenis0012

  • Avatar of saintblair saintblair May 26, 2016 at 04:20 UTC - 0 likes

    i have a suggestion for a feature to add,

    add password recovery via registerd email adress simply sends an email to you with your current password if you forgot ur password.


    1.) forget your password ur gonna have hell trying to get back into ur account, after that its easy to keep/change.

    2.) if you login to a different account to get staff help, if one is even on and then if they can and know how/cant and knows how or just cant do it.

    please add for 1.8+

    id absolutely love ur plugin then. =P <3

    Last edited May 26, 2016 by saintblair
  • Avatar of Bartusiak Bartusiak May 19, 2016 at 15:14 UTC - 0 likes

    Hi !

    I have problem with plugin. When people are disconnected in nether/the end and they want to come back to game, they are on cords X:0 Y:0 Z:0 and they are flying down to nothingness and die. What can I do ?

    I have spigot 1.9.4

  • Avatar of mirolm mirolm May 18, 2016 at 11:12 UTC - 0 likes

    @Blackyvk: Go

    I keep a fork of the plugin source for my server where i changed some stuff:

    - removed player names from plugin and changed to uuid's to fix case insensitivity problem. this fixed sessions extending too. - merged translations changes by adiras. - removed metrics and updater to make building easier. - moved invalid nick checks and player online check to prelogin event, so player list on tab key does not get corrupted when player is kicked (happens with skinsrestorer plugin). - removed some deprecated api calls.

    1.9 version of LoginSecurity added log filter, so player passwords are not visible which is really great. Big kudos for this change.

    @lenis0012 i see some of my players try to use /l instead of /login - maybe other plugins have that feature. Is it possible to have this alias of "login", so it is faster to join server.

    Last edited May 18, 2016 by mirolm
  • Avatar of Blackyvk Blackyvk May 17, 2016 at 22:40 UTC - 0 likes

    any eta on 2.1 ? i really want to switch to this plugin, seems more stable than any other but the case insensivity is a real problem.

  • Avatar of syxcrop19 syxcrop19 May 11, 2016 at 12:10 UTC - 0 likes

    how to translate ?

  • Avatar of Grellas Grellas May 11, 2016 at 07:01 UTC - 0 likes

    lenis0012 In 1.9.2 when someone join to my server (mc.deviantsmc.com) and he try to /register or /login he cant because if someone is near to him and he push him the chat is closing automatically so the player try again to press t to open the chat but if someone push him again he cant this happend only to /register and /login command. Do you have any solution?

    Last edited May 11, 2016 by Grellas
  • Avatar of Thoughtyness Thoughtyness Apr 24, 2016 at 23:41 UTC - 0 likes

    Thank you for making this, but at 3:34 you said that that was the encrypted form of the password, but it was the hashed form. Encryption: Kind A is private key. Example: The ceaser cipher. Shifting the letters by three so a=c,b=d,c=e. Kind b is public key. Example: R.S.A. Relies on the difficulty of factoring a number. Encryption can be decrypted by knowing the key, and can be hacked. Hashing can not be decrypted, but can be hacked.

  • Avatar of Theone102 Theone102 Apr 18, 2016 at 23:16 UTC - 0 likes

    Is it possible to make it so that ONLY staff has to login/register? I don't want to make everyone who is default have to login every time if possible. If this plugin doesn't support this, is there one that does?

    Last edited Apr 19, 2016 by Theone102


Date created
Jul 07, 2012
Last update
Mar 23, 2016
Development stage
  • enUS
GNU General Public License version 3 (GPLv3)
Curse link
Recent files