Detect and fight the exploitation of various flaws/bugs in Minecraft!

Features Permissions Commands Configuration Jenkins


NoCheatPlus attempts to prevent cheat clients from exploiting weaknesses of Minecraft or its protocol, making your server more safe. Checks cover a wide range of issues including flying and speeding, fighting hacks, fast block breaking and nukers, inventory hacks, chat spam and other types of malicious behaviour. For a more complete list have a look at the Features Page.

NoCheatPlus puts emphasis on configurability and allows you to customize actions that are carried out when a player fails a check (e.g. silent cancelling, executing commands, just logging). Bypass permissions allow to control what check to apply for which players, all checks can be deactivated in the configuration, also having the option for world-specific configuration files. Many checks allow more detailed configuration to adjust sensitivity.

Certainly NoCheatPlus is not a magical bullet, it uses a lot of heuristics and even guessing, so you will encounter false positives here and there and also not catch every single violation. Example video of how NoCheatPlus blocks cheats (outdated plugin version).

NoCheatPlus was introduced by NeatMonster, building on the code base of NoCheat by Evenprime.

The following plugins might be useful to have a look at.

CompatNoCheatPlus (cncp)

Make plugins like mcMMO, Citizens, MagicSpells or MachinaCraft more compatbile with NoCheatPlus. Not all existing plugins are covered (yet), but you can leave a note or ticket request for cncp.


Orebfuscator fights all sorts of X-ray-hacks by altering the map information that is sent to the players, such that they have to mine blocks to actually reveal what is behind. Virtually a "must have".

Downloads and History of Changes

  • Download officially approved versions on the Files page at BukkitDev.
  • Development builds have been moved over to the Jenkins at EcoCityCraft.
  • Do not download from any other source, do not use jars other people send you.
  • Changes by build number can be examined in the Jenkins changes list.
  • All commits can be seen in the GitHub commit history.
  • Plugin statistics are no longer reported to


Documentation Resources

Contact us

  • Quick questions can be asked on this page,
    or on IRC (Server: | Default-Port: 6667 | SSL-Port: 6697 | Channel: #nocheat | Web client: WebIRC)
  • For real issues or feature requests please create a new ticket or add to an existing ticket.
  • To send information that is not to be seen by all, you can also reach us by PM to @asofold and @MyPictures. Please do not contact the user 'NoCheatPlus', it is for administrative purposes only and will likely not be answered in time. Keep to BukkitDev and GitHub for support, do not trust users on other forums or websites, also not if their nick names are the same as NCP staff on BukkitDev.

Please always state the output of the "ncp version" command to let us know versions in use (users of cncp also the "cncp" command).

You must login to post a comment. Don't have an account? Register to get one!

  • Avatar of asofold asofold Oct 31, 2014 at 18:42 UTC - 1 like

    @MyPictures: Go

    @BrutalNetwork: Go

    Apart from blockinteract.... you also have blockbreak checks of course (frequence, fastbreak, reach, direction). Which checks did you disable or can post/send your config for simplicity?


    Latest beta release (+ 1.8.3, approved) NoCheatPlus 3.12.0-RC-sASO-b813
    (Development builds, 1.8: Jenkins)

  • Avatar of MyPictures MyPictures Oct 31, 2014 at 16:41 UTC - 1 like

    @septini: Go

    I believe that quality stays better if NC+ keeps being free and open, since we get more feedback and reports, because of higher costumer count (those that don't have paypal etc.).
    If you feel our quality is currently lacking somewhere then feel free to report those quality issues or even push pull requests on our Github repository for quick fixing.

    @BrutalNetwork: Go

    Pretty much all interaction checks except speed protect against insane nukers:
    Visible - Prevents hackers from interacting with blocks they don't see
    Reach - Prevents from interacting with blocks out of their reach distance
    Direction - Forces to look at the block a hacker wants to interact with
    Good to know: Why did you disable the interaction checks? Where there some annoying bugs/issues with one of them?
    If yes feel free to open up a ticket and we will look closer at your issue.


  • Avatar of BrutalNetwork BrutalNetwork Oct 31, 2014 at 14:41 UTC - 0 likes

    I stopped a heap of block interactions and i have had reports that nuker still works in our prison mines. Which setting stops this so i can just enable that one?

  • Avatar of septini septini Oct 30, 2014 at 21:24 UTC - 0 likes

    You should, for better quality.

  • Avatar of asofold asofold Oct 30, 2014 at 00:36 UTC - 0 likes

    @kristijan260393: Go

    Realistically i would rather enable donations or payed services if i needed it for survival mode. We still do have some basic cost for keeping hold of some domain and other, so donations or even some payed extras are not 100% off the table. Don't expect the core to become private too easily though...

  • Avatar of asofold asofold Oct 26, 2014 at 18:20 UTC - 0 likes

    @kangarkooo: Go

    Good :), the logs might be lengthy, most interesting might be what happens just before logout and just after login, until/from first teleport(s).

  • Avatar of kangarkooo kangarkooo Oct 26, 2014 at 15:36 UTC - 0 likes

    @asofold: Go

    Thank you. I will do more testing tomorrow on localhost.

  • Avatar of asofold asofold Oct 26, 2014 at 14:11 UTC - 0 likes

    @kangarkooo: Go

    Do you have logs of log-out locations or are the log-in locations logged before AuthME teleports players?

    If you can reproduce it locally or with very few players online, you can add "debug: true" to the moving section of the config of NCP (or even above in the checks section), which could give more hints about what happens, but it'll spam the logs for each and every player, so it's usually not an option for production servers.

  • Avatar of kangarkooo kangarkooo Oct 26, 2014 at 13:07 UTC - 0 likes

    @asofold: Go

    I have exact login loc. set to true, and I have enabled teleporting to spawn in AuthMe. After /login players are teleported back, but I am using sessions (12hours) and in my case player logged in time, so he wasn't teleported by authme.

  • Avatar of asofold asofold Oct 26, 2014 at 11:52 UTC - 0 likes

    @kangarkooo: Go

    Do you have the bukkit.yml set to use exact login locations? Do you have a plugin enforcing login locations related to last logout (not suggesting to have one in general though)?


Date created
Apr 02, 2012
Last update
Mar 21, 2015
Development stage
GNU General Public License version 3 (GPLv3)
Curse link
Recent files