Detect and fight the exploitation of various flaws/bugs in Minecraft!

Main Features Permissions Commands Configuration Jenkins


NoCheatPlus attempts to prevent cheat clients from exploiting weaknesses of Minecraft or its protocol, making your server more safe. Checks cover a wide range of issues including flying and speeding, fighting hacks, fast block breaking and nukers, inventory hacks, chat spam and other types of malicious behaviour. For a more complete list have a look at the Features Page.

NoCheatPlus puts emphasis on configurability and allows you to customize actions that are carried out when a player fails a check (e.g. silent cancelling, executing commands, just logging). Bypass permissions allow to control what check to apply for which players, all checks can be deactivated in the configuration, also having the option for world-specific configuration files. Many checks allow more detailed configuration to adjust sensitivity.

Certainly NoCheatPlus is not a magical bullet, it uses a lot of heuristics and even guessing, so you will encounter false positives here and there and also not catch every single violation. Example video of how NoCheatPlus blocks cheats (outdated plugin version).

NoCheatPlus was introduced by NeatMonster, building on the code base of NoCheat by Evenprime.

The following plugins might be useful to have a look at.

CompatNoCheatPlus (cncp)

Make plugins like mcMMO, Citizens, MagicSpells or MachinaCraft more compatbile with NoCheatPlus. Not all existing plugins are covered (yet), but you can leave a note or ticket request for cncp.


Orebfuscator fights all sorts of X-ray-hacks by altering the map information that is sent to the players, such that they have to mine blocks to actually reveal what is behind. Virtually a "must have".

Downloads and History of Changes

  • Download officially approved versions on the Files page at BukkitDev.
  • Development builds have been moved over to the Jenkins at EcoCityCraft.
  • Do not download from any other source, do not use jars other people send you.
  • Changes by build number can be examined in the Jenkins changes list.
  • All commits can be seen in the GitHub commit history.
  • Plugin statistics are no longer reported to


Documentation Resources

Contact us

  • Quick questions can be asked on this page,
    or on IRC (Server: | Default-Port: 6667 | SSL-Port: 6697 | Channel: #nocheat | Web client: WebIRC)
  • For real issues or feature requests please create a new ticket or add to an existing ticket.
  • To send information that is not to be seen by all, you can also reach us by PM to @asofold and @MyPictures. Please do not contact the user 'NoCheatPlus', it is for administrative purposes only and will likely not be answered in time. Keep to BukkitDev and GitHub for support, do not trust users on other forums or websites, also not if their nick names are the same as NCP staff on BukkitDev.

Please always state the output of the "ncp version" command to let us know versions in use (users of cncp also the "cncp" command).

You must login to post a comment. Don't have an account? Register to get one!

  • Avatar of asofold asofold May 24, 2014 at 20:30 UTC - 0 likes

    @MCTylerPVP: Go

    Problem here:

    I don't know if things changed, but if the author does not provide a way for us to see that it's not a melee attack, we can't do much. We certainly will cooperate and can give advise on what to add to make compatibility possible, but we can't keep contacting all plugin developers on our own - best ask the developer to get in touch and link this post.

    @rfsantos1996: Go

    OPs have all bypass permissions of NCP by default, unless your permission plugin somehow alters that. Are they actual OPs?

    @Phiwa: Go

    Thanks for showing by :) - i can only guess, partly already stated below:

    • I could use more information about alerts/log messages or if nothing is there but NCP seems to set-back people, whatever happens in particular. Maybe LordKainzo can add to that.
    • If Player.isInsideVehicle() returns true, and/or enter/exit events are there i would expect NCP to respect that, however there are additions in NCP that might alter things slightly (see below). Not sure if something changed in Minecraft, but usually NCP should respect vehicles somehow.
    • (!) We added location consistency checking:
      • config: checks.moving.enforcelocation
        Aiming at first-move-after-join teleport/vclip exploits, this will teleport the player to the set-back location, if the players location does not (roughly) match the last moves end-point (or the location from join). This could be kicking in, if NCP does not get the player is in a Vehicle - please do note that there was a deficient beta release, so it should be re-tested with build 700. Deactivating this will mean NCP can't detect that first-move exploit anymore.
      • config: checks.moving.vehicles.enforcelocation
        Similar to moving this is a probably folly attempt to do something about cheat clients sending "random" moves while in vehicles - it teleports the player to the vehicle - despite the possibility of it not working out at all, this might conflict hard, if events fire and other plugins end the vehicle/dragon ride. This might be easiest to disable without any effects on "real checking", because the vehicle-teleport exploits should be checked independently of this.

    So it boils down to "it needs testing" - would be great if we had someone/two/three who could do such tests with debug settings activated (checks.moving.debug + TestNCP installed, maybe EventMirror both from NCPTools).

    @EDWIN3150: Go

    I assume you tried to protect something like "wg region" ? The problem is that NCP can't do that for sub-commands (yet). See Ticket 694.


    Latest release (1.7.2-1.7.10, approved) NoCheatPlus 3.11.1-RC-sMD5NET-b743
    (Development builds: Jenkins)

  • Avatar of EDWIN3150 EDWIN3150 May 24, 2014 at 17:48 UTC - 0 likes

    When I try to hide Bukkit's, WorldGuard's and WorldEdit's Commands under UnknownCommand I get this error:

    [12:46:39] [Server thread/ERROR]: [NoCheatPlus] Encountered a problem during post-enable: NullPointerException [12:46:39] [Server thread/ERROR]: java.lang.NullPointerException at fr.neatmonster.nocheatplus.permissions.PermissionUtil.protectCommands( at fr.neatmonster.nocheatplus.NoCheatPlus.setupCommandProtection( at fr.neatmonster.nocheatplus.NoCheatPlus$4$ at fr.neatmonster.nocheatplus.NoCheatPlus.postEnable( at fr.neatmonster.nocheatplus.NoCheatPlus.access$000( at fr.neatmonster.nocheatplus.NoCheatPlus$ at at org.bukkit.craftbukkit.v1_7_R2.scheduler.CraftScheduler.mainThreadHeartbeat( at net.minecraft.server.v1_7_R2.MinecraftServer.v( at net.minecraft.server.v1_7_R2.DedicatedServer.v( at net.minecraft.server.v1_7_R2.MinecraftServer.u( at at

    [12:46:39] [Server thread/INFO]: [NoCheatPlus] Post-enable finished.

    Last edited May 25, 2014 by EDWIN3150: Forgot some words.


  • Avatar of Phiwa Phiwa May 24, 2014 at 13:23 UTC - 0 likes

    @asofold: Go @LordKainzo: Go

    Hey asofold,

    I'm the dev of DragonTravel, but due to a lack of time I only provide necessary updates at the moment.
    Did you change anything concerning the API in one of the last versions?
    The only thing I added quite a while ago which deals with NCP can be found here.
    Anything missing? :)

    EDIT: Those methods a run before mounting a player/after dismounting a player.

    Last edited May 24, 2014 by Phiwa

  • Avatar of rfsantos1996 rfsantos1996 May 24, 2014 at 12:00 UTC - 0 likes

    On my private server, I want to make OPs instant break blocks, but how can I disable NoCheatPlus from not letting him do it (just when his instant break is on, so I don't want to allow OPs to use hacks forever, just allow them instant break blocks when they are supposed to)

    Minecraft Dota | RPGLeveling Plugin | Intresting plugins | GitHub | Bukkit is a great service

  • Avatar of MCTylerPVP MCTylerPVP May 24, 2014 at 11:33 UTC - 0 likes

    Can you add swornguns to the plugin compatibility list? It keeps on setting off the speeed/projectile flag for every user...Thx.

    MC Client WebPage

  • Avatar of asofold asofold May 24, 2014 at 08:53 UTC - 0 likes

    @Shevchikden: Go

    I would assume so, though one would have to examine/test the compatibility of such an action, because with some vehicles players do send moving events. I would first check what to do with just Bukkit API (or "read only" obc/nms use), though, because we use to try to do without third party APIs, but currently i think we can't really do without packet level checking, because CraftBukkit does not put through enough events (a mistake in my opinion).

    @LordKainzo: Go

    Do you have any specific alerts/logs with it? I can't tell without more information, but you could test if it changes with setting moving.enforcelocation to false (this gives more way to current vclip-after-join hacks but might be related). I could not find how exactly they do mounting/flying at first glimpse, but i will have a look another time.

    @DolphineerDev: Go / Thanks :).

  • Avatar of DolphineerDev DolphineerDev May 24, 2014 at 01:54 UTC - 0 likes

    @KingKonrad: Go

    Well first you have to be running a bukkit server, and I assume you don't have a public one yet if you are asking this, but inside of your server folder with your desired version of bukkit if you have run the server before, you should see in that folder a folder named 'plugins' take the NoCheatPlus.jar you downloaded from here and drop it in your 'plugins' folder and run the server.

  • Avatar of KingKonrad KingKonrad May 23, 2014 at 23:59 UTC - 0 likes

    Emmm This is gonna sound weird but... how do you install it?

  • Avatar of LordKainzo LordKainzo May 23, 2014 at 23:53 UTC - 0 likes

    Using latest nocheatplus and DragonTravel - im seeing players get kicked for flying - is there a fix for this?1

  • Avatar of Shevchikden Shevchikden May 23, 2014 at 19:23 UTC - 0 likes

    @asofold: Go If player is inside vehicle you can just cancel PacketPlayInPosition because vanilla client does not use it.

    Java — write once, debug everywhere.


Date created
Apr 02, 2012
Last update
Sep 21, 2014
Development stage
GNU General Public License version 3 (GPLv3)
Curse link
Recent files