PasswordProtect - Protect your server with a password

Version v1.1.5


This CraftBukkit plugin aims to offer a simple server password which is the same for all users.


Without logging in the user is jailed in a pre defined cuboid and ported back once he leaves the jail area.
You can define jail areas for each world and configure which actions like block breaking, chatting or flying should be disabled.
There is an additional ability to allow certain commands or to auto-kick or auto-ban a user after X failed attempts.

This plugin is a rebirth of PasswordProtect Additionally I migrated some features of mPasswordProtector into PasswordProtect (auto kick and ban).


  • Cancel different interaction events like
    • Pickup items
    • Drop items
    • Break blocks
    • Hit mobs or players
    • Chat
    • Triggering of mobs
    • Interaction with items
    • Using a portal
    • Drops on death
    • Flying
  • Auto kick and auto ban (even the IP) after configurable amount of tries
  • Blindness and slowness for the player if wanted
  • Jail area - the player is teleported back if he leaves the area
  • Per world jail area!
  • Safe encryption of password, choose between SHA, SHA-256, SHA-512, MD5 & more
  • Custom commands are allowed to execute (like /rules)
  • Bypass command via permission
  • Broadcast a message on kick/ban
  • Teleport the player back to the previous location (location on logout)
  • Localization to edit the messages
  • Permissions & Commands for an easy administration

Third party features, all of them can be disabled
Please take a look at the detailed information about Metrics below!

  • Metrics for usage statistics


# For help please refer to
# Which encryption should be used? Example: MD5 or SHA-256
encryption: SHA-512
# Are ops forced, to enter the password, too?
OpsRequirePassword: true
# Should the password be stored in clean (plain) text?
cleanPassword: false
password: ''
passwordClean: ''
# What events should be prevented?
  Movement: true
  Interaction: true
  InteractionMobs: true
  ItemPickup: true
  ItemDrop: true
  Portal: true
  BlockPlace: true
  BlockBreak: true
  # Players won't be triggered by mobs anymore
  Triggering: true
  Attacks: true
  Damage: true
  Chat: true
# After how many attempts should a player be kicked or banned
  kick: 3
  ban: 5
  banIP: true
# Broadcast messages when a player is kicked or banned?
  kick: true
  ban: true
# Make the players slow and add darkness effects?
darkness: true
slowness: true
# These commands are available, even without logging in
- help
- rules
- motd
# Teleport back to the location they left?
teleportBack: true
# Show the message that a password is required
loginMessage: true

Commands & Permissions

Only the bukkit permissions are supported! I highly recommend that you use a plugin for permissions like bPermissions
If the config value permission is set to false, all people can use the commands!
If no permission system is found, all commands are for OPs only! Of course the console can use the commands, too!

Node: passwordprotect.nopassword
Description: Bypass the login password

Node: passwordprotect.getpassword
Description: Allows you to get the password

/setpassword <password>
Node: passwordprotect.setpassword
Description: Allows you to set the password

/setjaillocation <radius>
Aliases: /setjail, /setjailarea, /setpasswordjail
Node: passwordprotect.setjailarea
Description: Allows you to set the jail area

/login <password>
Node: No permission node
Description: Used to login.

Of course you can use passwordprotect.*
But passwordprotect.nopassword is excluded!

Downloads/Source Code/Dev Builds

Development builds of this project can be acquired at the provided continuous integration server. These builds have not been approved by the BukkitDev staff. Use them at your own risk. (Latest dev builds/bleeding edge builds) - - Dev builds from Jenkins (Source code hosted on Github) - - Source Code

Future Plans (a.k.a. ToDo):

  • Nothing - I'm open for suggestions!

Make sure to take a look at the always up to date ToDo!

Known Bugs

  • If the server is /reload -ed, all active players can play without the password. "Fixed" in 1.1


Version 1.1.5

  • Fix issue on startup

Version 1.1.4

  • Compile against latest Bukkit 1.6.2
  • Updated Metrics to R7
  • Cleanup

Long changelog


@DisabledHamster for his original plugin! :)
@muHum for mPasswordProtector


Feel free to use this banner!! :)

Statistics (from MCStats)


I'm very happy about any donation.
Support me & buy me some beer, this makes me happy and keeps me interested in this plugin.
Donation chain: -> I receive some money -> Buy coffee -> Work longer -> Faster Updates -> Your benefit!

There is a button on top of this page (right to the different tabs)

I'm accepting bitcoins, too! :)
Address: 1NnrRgdy7CfiYN63vKHiypSi3MSctCP55C


This plugin is released under the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International (CC BY-NC-SA 4.0) license!

Information about the data usage collection Metrics

Disabling Metrics
The file ../plugins/Plugin Metrics/config.yml contains an option to opt-out

The following data is read from the server in some way or another

  • File Contents of plugins/Plugin Metrics/config.yml (created if not existent)
  • Players currently online (not max player count)
  • Server version string (the same version string you see in /version)
  • Plugin version of the metrics-supported plugin
  • Mineshafter status - it does not properly propagate Metrics requests however it is a very simple check and does not read the filesystem

The following data is sent to and can be seen under

  • Metrics revision of the implementing class
  • Server's GUID
  • Players currently online (not max player count)
  • Server version string (the same version string you see in /version)
  • Plugin version of the metrics-supported plugin

You must login to post a comment. Don't have an account? Register to get one!

  • Avatar of xGh0sTkiLLeRx xGh0sTkiLLeRx Jul 28, 2014 at 22:24 UTC - 0 likes

    A little bird whispered that an update is coming.

    • UUID support
    • Updated to BanList
    • CleanUp
    • new README
    • Updated to CB 1.7.10

    Want to have a dropbox acc with 500MB more space? Contact me!

    Need a dev? Drop me a PM!

    Server | Twitter | Github

    Donations are very appreciated!

  • Avatar of PlutoniuMaster PlutoniuMaster Jan 25, 2014 at 15:41 UTC - 0 likes

    @JJceo: Go

    With PProtect you can have it so that ops need a password, and others don't, if that's what you want.

  • Avatar of JJceo JJceo Jan 03, 2014 at 09:15 UTC - 0 likes

    I would love to see this have a permission that makes the group with the permission require the password and then you can just opt out the others. (so I can use it for OP and admin ranks only)

    I want to use this on my server so much but I can't make it work for what I want. And this seems to be the only login protection plugin I have found.

  • Avatar of xGh0sTkiLLeRx xGh0sTkiLLeRx Oct 24, 2013 at 10:55 UTC - 0 likes

    @pomtom44: Go

    I believe not.
    No new features are currently planned due to a lack of time.

  • Avatar of pomtom44 pomtom44 Oct 21, 2013 at 01:39 UTC - 1 like

    Is there a way to reverse the permission nopassword.

    So rather than everyone has a password apart from those with the permission. Only those with the permission need the password.

  • Avatar of xGh0sTkiLLeRx xGh0sTkiLLeRx Sep 23, 2013 at 01:41 UTC - 0 likes

    @sir_brando: Go

    Is the server crashed or something like that? Could only imagine an issue while reading/writing password from the config.yml

    @CoolKill3r: Go

    Every player needs to input the password, execpt for the ones with permissions

  • Avatar of CoolKill3r CoolKill3r Sep 13, 2013 at 18:13 UTC - 0 likes

    i had a question. recently on bukkit there was an authantic or whatever its called error so people could login on the server under the players name. Does this mean they also have to input the password? i only gave my staff the password.

    Last edited Sep 13, 2013 by CoolKill3r

    Click to visit the TheGoldenCrafter 5.0 website

    Searching for a non-raidable faction server? We love seeying new people.

  • Avatar of sir_brando sir_brando Sep 08, 2013 at 22:40 UTC - 0 likes

    Had a problem, where the password wasn't working for some of my players. And yes they were typing it correctly. We had had that password for some time now. after a restart it was fixed. except one of my players will still having a problem, and he was typing the password correctly. I set the password again to the same password, and it was fixed. I'm thinking it's a bug. though i didn't get any errors or anything so I have nothing else I can report. Might look into it.

  • Avatar of erik1988 erik1988 Sep 08, 2013 at 15:21 UTC - 0 likes

    Is it possible to make it so it only ask for password when the ip changes? So that it stores the IP in a file and if its the same it will not ask for the password.

  • Avatar of xGh0sTkiLLeRx xGh0sTkiLLeRx Sep 01, 2013 at 17:01 UTC - 0 likes

    @jmask: Go

    For security reasons I hash the password with AES-256 in case that the config.yml may be in the wrong hands or whatever. You can turn this feature off, too.


Date created
May 11, 2012
Last update
Aug 14, 2013
Development stage
  • enUS
Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International Public License (CC BY-NC-SA 4.0)
Curse link
Recent files
  • R: v1.1.5 for CB 1.6.2-R0.1 Aug 14, 2013
  • R: v1.1.4 for CB 1.6.2-R0.1 Aug 07, 2013
  • R: v1.1.3 for CB 1.5.2-R1.0 Aug 20, 2012
  • R: v1.1.2 for CB 1.3.1-R1.0 Aug 07, 2012
  • R: v1.1.1 for CB 1.2.5-R4.0 Jun 23, 2012