LoginSecurity Icon



LoginSecurity is a lightweight password authorization plugin. You can optionally set a password each time you enter the server, adding a double layer of security to your account. The password is stored inside the configuration file, nobody else except the server owner can access or modify it.

How does it work?

Install the pluign to your /plugins/ directory, then start your server.
Type /register <password>, your account is now locked with a password.
For each time you login, make sure to use /login <password>.


  • Register your account optional or required (change in config)
  • 5 useful commands to manage your password
  • Saving supported in SQLite and MySQL
  • Encryption available in: MD5, SHA, SHA-1, SHA-256, SHA-512 and PHPBB3
  • Custom encoder: UTF-8 and UTF-16
  • Customizeable login session
  • Customizeable login timeout
  • Custom min and max length for passwords
  • Messager API for client mods
  • User friendly experiance
  • Converter for xAuth (detects if xAuth is installed)
  • Easy to use
  • Blocks anything from happening before logged in (commands, movement ,etc.)
  • Supports blindness effect for login
  • Prevents being kicked by orther players loging in with your name

Session login allows the user to log in right after they logged out and not have to type in their password again. (1 minute time limit of being logged out, stores IP during that time to keep everything safe)


/lac - Admin command, rmpass and reload

/register <password> - Set your password

/rmpass - Removes your password

/login <password> - Login with your password

/changepass <old> <new> - change your password

/logout - Logout


  • ls.admin - allows admin command


This tutorial is outdated, alot of things have changed after v2.0
Orther tutorials: German (by MineCraftler4Live)

To do

  • MD5 support
  • Add an IP lock
  • Add a login session
  • Fix /changepass
  • Add a language.yml for language support
  • add login timeout
  • add ip checker
  • Suggestions?

Known Bugs

  • Players can mount/dismount and ride on vehicles while not logged in


This plugin is connecting to mojang services to conver old data to new UUID data. It sends a request for every single player stored in your database, wich only hapends if you upgrade from 2.0.8 or lower to 2.0.9 or higher. This plugin utilises Hidendra's plugin metrics system, which means that the following information is collected and sent to mcstats.org:

  • A unique identifier
  • The server's version of Java
  • Whether the server is in offline or online mode
  • The plugin's version
  • The server's version
  • The OS version/name and architecture
  • The core count for the CPU
  • The number of players online
  • The Metrics version Opting out of this service can be done by editing plugins/Plugin Metrics/config.yml and changing opt-out to true.


If you want to support me working on this project, please donate.
It helps me alot to keep my projects up.
Donate at the top right corner

LoginSecurity build server Hit couter

You must login to post a comment. Don't have an account? Register to get one!

  • Avatar of raton023 raton023 Jul 22, 2014 at 00:01 UTC - 0 likes

    @EddieFriday: Go i got the same problem and fix it remove the plugin v 2 0 9 and put the v 2 0 8 and dont create any table on the sql just create the user pass and database the plugin must create the tables ... put the sql inf in config file and start bukkit 1.7.9 it will conect and create all the tables username pass ... the restart bukkit and it will work @EddieFriday: Go

  • Avatar of raton023 raton023 Jul 21, 2014 at 23:37 UTC - 0 likes

    @live4redline: Go

    in mi conf works try to test it without other plugins just this plugin and bukkit and see if that happens try other versions of bukkit just to see whatstheproblem

  • Avatar of raton023 raton023 Jul 21, 2014 at 23:32 UTC - 0 likes

    why the encription sha1 is not encriptin as sha1 it set another code on the sql database i cant access that password from another client like a web forum i put on my php forum this code

    $sql = "SELECT username FROM users WHERE username = '" . mysql_real_escape_string($_POST['username']) . "' AND password = '" . sha1($_POST['password']) . "'"; and dosent work i think is becouse the encription is not only sha1 cause when i sha1 my password it gives me another code and not the one stores on sql database it works with the username but not the password

    Last edited Jul 21, 2014 by raton023
  • Avatar of live4redline live4redline Jul 21, 2014 at 05:23 UTC - 0 likes

    Love the plugin, installed it on our server cloud.

    The "Session login" doesn't seem to be working though. Moving from one server to another or leaving and logging back in always asks for a login even if its in the 60 seconds or the 600 seconds I set it too. Any ideas...?

  • Avatar of rangewonk rangewonk Jul 14, 2014 at 14:07 UTC - 0 likes

    Could you please make customization messages. For example when it says Invalid password Make it so we can change it to what we want such as 'Invalid password, if you forgot your password please contact us here : site'



  • Avatar of lenis0012 lenis0012 Jul 13, 2014 at 13:25 UTC - 0 likes

    LoginSecurity 1.0.10 will be released when we reach 15,000 downloads on v1.0.9 I do this because i want all version to be tested very well before i move on

    lenis0012.com (Comming soon)

  • Avatar of lenis0012 lenis0012 Jul 13, 2014 at 13:24 UTC - 1 like

    @Dyenx999: Go

    You may want to update your LoginSecurity =)

    @FabioZumbi12: Go

    At the moment the onyl web-encryption we support is PHPBB3 But i will look in to this

  • Avatar of Toxicterror1991 Toxicterror1991 Jul 10, 2014 at 14:55 UTC - 1 like

    Minor Bug
    Drinkin milk removes the blindness effect

    - sorry, may is fixed already... using the old 1.6.4 version

    Last edited Jul 10, 2014 by Toxicterror1991
  • Avatar of FabioZumbi12 FabioZumbi12 Jul 08, 2014 at 22:23 UTC - 0 likes

    Howw lenis, you are the owner of this plugin too - Man, i trying to use my server database to authenticate players on my joomla site. Your plugin have support to hash joomla 3.3.1 security?

    Thank You!

    Area Z12 Brasil

  • Avatar of thenubcake thenubcake Jul 08, 2014 at 05:36 UTC - 0 likes

    @Dyenx999: Go

    I tried replicating that problem, but it didn't work. Seems fine for me.


Date created
Jul 07, 2012
Last update
May 02, 2014
Development stage
  • enUS
GNU General Public License version 3 (GPLv3)
Curse link
Recent files