Running an offline-mode (or cracked) server allows players who haven't purchased Minecraft to join, but it comes with a major security risk. We have seen a significant increase in servers being griefed due to improper security.
This guide will explain why a whitelist isn't enough and show you the correct way to protect your server.
This guide assumes you have already enabled offline mode on your server. If you have not, please follow our guide first: How to Enable Offline Mode for Minecraft.
The Problem: Why Whitelists Are Not Enough
A common mistake is believing a whitelist provides complete protection. This is simply not true.
In an offline-mode server, the game does not verify a player's identity with Mojang's servers. This means any player can log in using any username they want. An attacker can simply try to log in using your in-game name. If your username is on the operator (OP) list, the attacker will instantly gain full OP permissions and have complete control to grief your server, ban players, and destroy your world.
The Solution: Authentication Plugins & Mods
The only effective way to secure an offline-mode server is to force every player to register an account and log in with a password when they join.
This is done using a server-side plugin or mod. These tools ensure that even if someone knows your username, they cannot gain access to your character without your unique password.
🚀 Launch Your Unlimited RAM Game Server — Just $9.99/mo!How to Add Authentication
Install the correct tool for your server type. You only need to install one of these options! If a specific plugin or mod is not working, we recommend first reaching out to its developers for support or finding a well-regarded alternative for your exact server version.
1. For Plugin Servers (Spigot, Paper, Purpur)
For any Bukkit-based server, the best and most popular option is AuthMeReloaded.
- Plugin: AuthMeReloaded
- Download: SpigotMC Link
- How it works: Players will be required to type /register [password] [password] on their first join and /login [password] every time they connect after that.
2. For Modded Servers (Fabric & Quilt)
For Fabric and Quilt servers, we recommend EasyAuth.
- Mod: EasyAuth
- Download: Modrinth Link
- How it works: This is a simple, server-side mod that adds the exact same /register and /login functionality to protect your identity.
3. For Modded Servers (NeoForge)
For servers running the NeoForge modloader, AuthShield is a dedicated solution.
- Mod: AuthShield
- Download: Modrinth Link
- Alternative Mod: Basic Login (CurseForge Link)
- How it works: These mods are built specifically for NeoForge to provide a secure login system that stops spoofing.
4. For Modded Servers (Forge)
For servers running on the classic Forge modloader, a great option is ServerAuth.
- Mod: ServerAuth
- Download: Modrinth Link
- How it works: This server-side mod adds the necessary authentication commands to keep your Forge server locked down from unauthorized logins.
By implementing one of these tools, you can enjoy playing with all of your friends while keeping your world completely safe from impersonators. If you need a hand getting one of these plugins or mods installed correctly, no worries! Just open a support ticket and our team will be happy to help you out.