Detect and fight the exploitation of various flaws/bugs in Minecraft!

Features Permissions Commands Configuration Jenkins


NoCheatPlus attempts to prevent cheat clients from exploiting weaknesses of Minecraft or its protocol, making your server more safe. Checks cover a wide range of issues including flying and speeding, fighting hacks, fast block breaking and nukers, inventory hacks, chat spam and other types of malicious behaviour. For a more complete list have a look at the Features Page.

NoCheatPlus puts emphasis on configurability and allows you to customize actions that are carried out when a player fails a check (e.g. silent cancelling, executing commands, just logging). Bypass permissions allow to control what check to apply for which players, all checks can be deactivated in the configuration, also having the option for world-specific configuration files. Many checks allow more detailed configuration to adjust sensitivity.

Certainly NoCheatPlus is not a magical bullet, it uses a lot of heuristics and even guessing, so you will encounter false positives here and there and also not catch every single violation. Example video of how NoCheatPlus blocks cheats (outdated plugin version).

NoCheatPlus was introduced by NeatMonster, building on the code base of NoCheat by Evenprime.

The following plugins might be useful to have a look at.


Allows NoCheatPlus to activate packet-level checks, covering a range of exploits that can't be monitored using ordinary means. Since roughly Minecraft 1.7.10, the fight.speed check can't work as expected anymore, due to changes in CraftBukkit. With ProtocolLib this can be repaired.

CompatNoCheatPlus (cncp)

Make plugins like mcMMO, Citizens, MagicSpells or MachinaCraft more compatbile with NoCheatPlus. Not all existing plugins are covered (yet), but you can leave a note or create an issue/ticket request for cncp.


Orebfuscator fights all sorts of X-ray-hacks by altering the map information that is sent to the players, such that they have to mine blocks to actually reveal what is behind. Virtually a "must have". (Latest versions of Spigot contain features of Orebfuscator.)

Downloads and History of Changes


Documentation Resources

Contact us

  • Quick questions can be asked on this page,
    or on IRC (Server: | Default-Port: 6667 | SSL-Port: 6697 | Channel: #nocheat | Web client: WebIRC)
  • For real issues or feature requests please create a new issue/ticket or add to an existing issue/ticket.
  • To send information that is not to be seen by all, you can also reach us by PM to @asofold and @MyPictures. @IceAP (IRC: ICE) will also help or redirect the conversation. Please do not contact the user 'NoCheatPlus', it is for administrative purposes only and will likely not be answered in time. Keep to BukkitDev and GitHub for support, do not trust users on other forums or websites, also not if their nick names are the same as NCP staff on BukkitDev.

Please always state the output of the "ncp version" command to let us know versions in use (users of cncp also the "cncp" command).

You must login to post a comment. Don't have an account? Register to get one!

  • Avatar of asofold asofold Dec 19, 2012 at 09:43 UTC - 0 likes

    @Shadix64: Go

    What CraftBukkit version does your server run on ?

    How did you exempt here?

    Exemptions are meant for runtime rather but should remain if people log out and back in again, otherwise it is a bug.

    For permanent exemption permissions should be used (demands a permission plugin).

    Get the latest version of NCP for CraaftBukkit 1.4.5 here:

    You should start with using matching versions of CB+NCP (latest for ncp)...

    Last edited Dec 19, 2012 by asofold


    Latest beta release (1.8.x, this site) 3.13.0-BETA-sMD5NET-b878
    (Development builds, 1.8.x: Jenkins)

  • Avatar of Shadix64 Shadix64 Dec 19, 2012 at 04:44 UTC - 0 likes

    Having some severe issues with it detecting cheating that isn't happening. It's saying my sister is survivalflying, or creativeflying, all the time. She can't move, jump, look around or anything. She is the one and only person on the server that has it this badly. I exempt her from the plugin, but when she logs back on, bam, she can't play. Is there a way to add her permanently to the exempt list, or is there something wrong with the plugin? Thanks.

    I also tested Nodus against this plugin, the anti-xray does nothing. Other than that the plugin seems to work well.

    Last edited Dec 19, 2012 by Shadix64
  • Avatar of asofold asofold Dec 18, 2012 at 22:23 UTC - 0 likes

    @AeroNetwork: Go

    Build 284 changes a config setting to disable the "managedlisteners" feature by default (it only takes effect if you generate a new config or just the entry). The "managedlisteners" feature was once added for testing purposes and allows for better compatibility stuff for later on, but it seems to have issues with the latest dev builds, so i decide to disable it by default and later bring it back once really needed and once we have time to test it enough.

    @AeroNetwork: Go

    A bug in Minecraft?

  • Avatar of AeroNetwork AeroNetwork Dec 18, 2012 at 20:15 UTC - 0 likes

    Apparently there is a bug where the player doesn't get damaged unless they move. So someone is standing you hit them and they need to move to feel the damage.

    AeroNetwork Minecraft 1.4.6
    Website :
  • Avatar of AeroNetwork AeroNetwork Dec 18, 2012 at 20:12 UTC - 0 likes
  • Avatar of MyPictures MyPictures Dec 18, 2012 at 19:58 UTC - 0 likes

    @asofold: Go

    You do not hope alone on that...


  • Avatar of asofold asofold Dec 18, 2012 at 19:51 UTC - 0 likes

    @MyPictures: Go

    I hope nothing stupid happened with changing to the new structure then, because i can't remember having changed it to what it was, when it was taken out...

  • Avatar of MyPictures MyPictures Dec 18, 2012 at 19:18 UTC - 0 likes

    @asofold: Go

    Yes the Combined_BedLeave check in 274 works fine (as long as you use CB 2511 or lower).

    Last edited Dec 18, 2012 by MyPictures
  • Avatar of asofold asofold Dec 18, 2012 at 19:16 UTC - 0 likes

    @joehot200: Go

    Versions? Currently we can not possibly judge it without versions, too much changes due to CB2512.

    I regard ClickAimBot as similar to forcefield, against simple aiming there hardly can be done much for quick prevention. Statistical analysis of pretty general nature might take them down best (possibly with adaptive learning technique, "teach the plugin!"), but that is pretty heavy stuff in some ways. Other methods such as miss-rate analysis (more medium term) will give us only a short advantage, until the clients update to sometimes miss on certain kinds of moves, similar to force-fileds for which they are now using adaptive methods only turning around bit by bit to avoid getting caught for instance. Of course i will try to track down unlikely good fighting behavior better, but it will stay difficult, because fighting is just too simple for a hack client and even imitating "normal" fighting is not even that difficult while still giving a clear advantage. That's why i added that combined.improbable check to start combining methods, but it can't compare to analysis of behavior of general nature, yet it is much simpler to implement and promises to help a good bit, so i will extend/refine that a bit.

    For flying there may be some bypasses or part-bypasses like gliding techniques, most were pretty much taken out recently, but of course they keep adapting, at least a 3-block slow jump/fly thing is known to us. Just some versions (beta) have too many new bugs taking some checks out, updated soon.

    @killer21998: Go

    I seriously doubt they can alter permissions. Usually such "force-op-hacks" etc. are just tricks to let people install the clients to test and give away their passwords.

    @MyPictures: Go

    Is 274 unaffected? After all i forgot :p

  • Avatar of MyPictures MyPictures Dec 18, 2012 at 19:10 UTC - 0 likes

    @joehot200: Go

    That was bedfly joe. Already aware of that :) and fix should come soon. However 274 and lower is not affected by this.

    @killer21998: Go

    No hackers cant change permissions on your server (they are 100% server sided). So if your permissions are free from security holes then everything will be fine with that.


Date created
Apr 02, 2012
Last update
Jan 31, 2016
Development stage
GNU General Public License version 3 (GPLv3)
Curse link
Reverse relationships
Recent files



Optional dependency