LoginSecurity Icon



LoginSecurity is a lightweight password authorization plugin. You can optionally set a password each time you enter the server, adding a double layer of security to your account. The password is stored inside the configuration file, nobody else except the server owner can access or modify it.

How does it work?

Install the pluign to your /plugins/ directory, then start your server.
Type /register <password>, your account is now locked with a password.
For each time you login, make sure to use /login <password>.


  • Register your account optional or required (change in config)
  • 5 useful commands to manage your password
  • Saving supported in SQLite and MySQL
  • Encryption available in: MD5, SHA, SHA-1, SHA-256, SHA-512 and PHPBB3
  • Custom encoder: UTF-8 and UTF-16
  • Customizeable login session
  • Customizeable login timeout
  • Custom min and max length for passwords
  • Messager API for client mods
  • User friendly experiance
  • Converter for xAuth (detects if xAuth is installed)
  • Easy to use
  • Blocks anything from happening before logged in (commands, movement ,etc.)
  • Supports blindness effect for login
  • Prevents being kicked by orther players loging in with your name

Session login allows the user to log in right after they logged out and not have to type in their password again. (1 minute time limit of being logged out, stores IP during that time to keep everything safe)


/lac - Admin command, rmpass and reload

/register <password> - Set your password

/rmpass - Removes your password temporary removed in 2.1

/login <password> - Login with your password

/changepass <old> <new> - change your password

/logout - Logout


  • ls.admin - allows admin command


Thanks to ServerMiner for making this informative tutorial
Orther tutorials: German (by MineCraftler4Live)

To do

  • MD5 support
  • Add an IP lock
  • Add a login session
  • Fix /changepass
  • Add a language.yml for language support
  • add login timeout
  • add ip checker
  • Suggestions?

Known Bugs

  • Players can mount/dismount and ride on vehicles while not logged in


By default, LoginSecurity will check for updates from bukkitdev every 3 hours.
This feature can be disabled by setting "update-checker" to "false"
Anyone with the permission node ls.admin will be notified of updates, and it also able to download them via /lac update.
Which again can be disabled by disabling the update-checker

This plugin utilises Hidendra's plugin metrics system, which means that the following information is collected and sent to mcstats.org:

  • A unique identifier
  • The server's version of Java
  • Whether the server is in offline or online mode
  • The plugin's version
  • The server's version
  • The OS version/name and architecture
  • The core count for the CPU
  • The number of players online The Metrics version Opting out of this service can be done by editing plugins/Plugin Metrics/config.yml and changing opt-out to true.


If you want to support me working on this project, please donate.
It helps me alot to keep my projects up.
Donate at the top right corner

LoginSecurity build server

You must login to post a comment. Don't have an account? Register to get one!

  • Avatar of lenis0012 lenis0012 Jun 26, 2016 at 03:31 UTC - 0 likes

    @mormaii2: Go

    I don't know whats going on there.
    I will check it out tomorrow :)

    Update is coming as soon as i fixed an apparent mysql error
    EDIT: Build server is back

    Last edited Jun 26, 2016 by lenis0012

    Follow me on twitter for updates: @lenis0012

  • Avatar of mormaii2 mormaii2 Jun 26, 2016 at 02:51 UTC - 0 likes

    @lenis0012: Go

    I'm trying to get the latest dev build but the site isn't loading. When are you releasing a new version ?

  • Avatar of lenis0012 lenis0012 Jun 25, 2016 at 02:21 UTC - 0 likes

    @xxOrpheus: Go

    thanks :)

    There are a bunch of changes in the latest dev build:

    • Fixed login error (possibly related to location setting)
    • Added admin remove password command
    • Fixed MySQL error on startup (error has no significant impact)

    If you encouter any of these issues be sure to download the latest dev build, a new version is coming soon after i've done some more testing

  • Avatar of xxOrpheus xxOrpheus Jun 24, 2016 at 05:15 UTC - 0 likes

    <<reply 2828736>>

    Many folks are saying they've lost inventories etc, but I haven't experienced this once since the last build that claimed to fix it. Everything is operating perfectly so far! I'll let you know if anything bad happens :)

  • Avatar of lenis0012 lenis0012 Jun 24, 2016 at 01:18 UTC - 0 likes

    @xxOrpheus: Go

    Alright it sounds reasonable.

    Other then that, have you encountered any issues?

  • Avatar of xxOrpheus xxOrpheus Jun 23, 2016 at 20:33 UTC - 0 likes

    Please fix the inventory issue for items added before you use /login

    It can easily be fixed if you simply bind the inventory from before /login to after. I'm sure this will be safe, and will prevent (my players in particular lol) players from losing items that they earned by voting (while offline.)

    If you don't think this is a viable option I suppose I could do it myself on my own build :)

  • Avatar of lenis0012 lenis0012 Jun 23, 2016 at 14:01 UTC - 0 likes

    @Blackyvk: Go

    LoginSecurity performs seperate checks on UUID.
    It also saves what type of uuid is being used.

    Either way, using AutoIn you can support both online and offline mode players, at is is officially supported by LoginSecurity and bypasses the account generation in general.

    For offline mode servers it uses a uuid based of their lower case name, for online mode servers it uses their online uuid.

    @FrostDX: Go

    Did you use MySQL or SQLite?
    I tested conversion and it seemed to work fine.
    If this issue occurs you can downgrade to 2.0.14 by renaming the backup file if you are using sqlite

  • Avatar of FrostDX FrostDX Jun 23, 2016 at 04:10 UTC - 0 likes

    So i updates my LoginSecurity to the newest version a couple of days ago, and after the updates installed, all of the Login data got resetted! Some of my members are having account thief issue, and the thing that made it even worse is that there is no command to reset their password back or unregister their accounts!

  • Avatar of Blackyvk Blackyvk Jun 23, 2016 at 02:14 UTC - 0 likes

    @lenis0012: Go

    if the server is set to offline mode all uuids will be generaed using the offline uuid not mojang uuid.

    Just wondering, if delete all uuid data it will fill that with new data when a player logs in?

  • Avatar of hutt132 hutt132 Jun 23, 2016 at 02:09 UTC - 0 likes

    Spigot 1.10 LoginSecurity 2.2.1 - Optional password

    When users first register a password, it gives this error: http://pastebin.com/S41YPfr2

    They then have to log off, log back in, and then register a second time for it to work.


Date created
Jul 07, 2012
Last update
Jun 21, 2016
Development stage
  • enUS
GNU General Public License version 3 (GPLv3)
Curse link
Recent files