MINECRAFT HOSTING 
HYTALE HOSTING How to Secure an Offline-Mode (Cracked) Minecraft Server
Running an offline-mode (or "cracked") server allows players who haven't purchased Minecraft to join, but it comes with a major security risk. We have seen a significant increase in servers being griefed due to improper security.
This guide will explain why a whitelist isn't enough and show you the correct way to protect your server.
The Problem: Whitelists Are Not Enough
A common mistake is believing a whitelist provides complete protection. This is not true.
In an offline-mode server, the game does not verify a player's identity with Mojang's servers. This means any player can log in using any username they want.
An attacker can simply try to log in using your in-game name. If your username is on the operator (OP) list, the attacker will instantly gain full OP permissions and have complete control to grief your server, ban players, and destroy your world.
The Solution: Authentication Plugins & Mods
The only effective way to secure an offline-mode server is to force every player to register an account and log in with a password when they join.
This is done using a server-side plugin or mod. These tools ensure that even if someone knows your username, they cannot gain access without your unique password.
Prerequisite
This guide assumes you have already enabled offline mode on your server. If you have not, please follow our guide first:
How to Add Authentication
Install the correct tool for your server type. You only need to install one of these.
If a specific plugin or mod is not working, we recommend first reaching out to its developers for support (e.g., via their Spigot or Modrinth page) or finding a well-regarded alternative for your server version.
1. For Plugin Servers (Spigot, Paper, Purpur)
For any Bukkit-based server, the best and most popular option is AuthMeReloaded.
- Plugin: AuthMeReloaded
- Download: https://www.spigotmc.org/resources/authmereloaded.6269
- How it works: Players will be required to use /register
on their first join and /login every time they connect after that.
2. For Modded Servers (Fabric & Quilt)
For Fabric and Quilt servers, we recommend EasyAuth.
- Mod: EasyAuth
- Download: https://modrinth.com/mod/easyauth
- How it works: This is a simple, server-side mod that adds the same /register and /login functionality.
3. For Modded Servers (NeoForge)
For servers running the NeoForge modloader, AuthShield is a dedicated solution.
- Mod: AuthShield
- Download: https://modrinth.com/mod/authshield
- Mod: Basic Login
- Download: https://www.curseforge.com/minecraft/mc-mods/basic-login
- How it works: This mod is built specifically for NeoForge and provides a secure login system to protect player accounts.
4. For Modded Servers (Forge)
For servers running on the Forge modloader (especially versions 1.18.2-1.20.1), a great option is ServerAuth.
- Mod: ServerAuth
- Download: https://modrinth.com/mod/serverauth
- How it works: This server-side mod adds the necessary authentication commands to keep your Forge server secure.
Final Warning
Protecting your server is crucial. If you choose to run in offline mode, installing an authentication plugin or mod is not optional. A whitelist alone will not stop a determined griefer from impersonating you or your staff.