Skip to main content

AuthMe Reloaded

Authentication plugin for offline-mode and cracked Minecraft servers. Adds registration, login protection, session handling and database-backed account storage.

by AuthMe TeamAdmin
Complete Configuration TutorialHosting Setup

Platforms

bukkitspigotpaper

Dependencies

No dependencies required.

What is AuthMe Reloaded?

AuthMe Reloaded adds account security to offline-mode (and cracked) Minecraft servers, where Mojang does not verify identities. Until a player registers and logs in with a password, AuthMe restricts their actions — they cannot move far, chat or run most commands — protecting accounts from impersonation. It hashes passwords, caches sessions so players are not asked every reconnect, stores accounts in a database, and offers anti-bot measures against connection floods. It integrates with permissions so commands before login are limited. On any offline server, it is the baseline defence against account theft.

Who it's for: Offline-mode and cracked servers (often non-premium communities or specific network setups) that must let players secure their usernames with a password. Not needed on standard online-mode servers. It is built and maintained by AuthMe Team and sits in the admin category.

Key features of AuthMe Reloaded

  • Player registration
  • Login protection
  • Session caching
  • Password hashing
  • Database storage
  • Command restrictions before login
  • Anti-bot options
  • Permission integration

How to install AuthMe Reloaded

AuthMe Reloaded runs on Bukkit, Spigot or Paper servers. The AuthMe team maintains it for current Spigot/Paper versions with continued compatibility across a wide range.

  1. 1Stop your server, or have it ready to restart. Always back up your world and plugins folder before adding a new plugin.
  2. 2Download AuthMeReloaded.jar (a build matching your server version) and place it in your server's /plugins folder.
  3. 3AuthMe Reloaded has no required dependencies, so it runs on its own once the jar is in place.
  4. 4Start the server fully. AuthMe Reloaded generates its configuration files on first launch — stop the server, edit them to taste, then start again.
  5. 5Confirm it loaded by checking the console for AuthMe Reloaded on startup, or by running one of its commands in-game.

Note: Drop AuthMe into /plugins and restart; configure the storage (SQLite by default, MySQL for networks) and registration settings in config.yml. It only makes sense on an offline-mode server (online-mode=false) — on an online-mode server Mojang already authenticates players and AuthMe is unnecessary. Restrict pre-login commands so unauthenticated players cannot act.

AuthMe Reloaded commands and permissions

Main commands

/register
Registers a new account with a password the first time a player joins.
/login
Authenticates a returning player with their password before they may play.
/changepassword
Lets a logged-in player change their account password.
/authme unregister
Staff command to remove an account, freeing the username.

Permission nodes

authme.player.*
Player account commands such as login, register and changepassword.
authme.admin.*
Administrative account management.
authme.admin.reload
Allows reloading AuthMe.

AuthMe Reloaded FAQ

Do I need AuthMe on an online-mode server?

No. Online-mode servers authenticate every player against Mojang, so usernames are already protected and AuthMe adds nothing. AuthMe is specifically for offline-mode (online-mode=false) servers, where there is no Mojang verification and players need a password to secure their name.

How do players use AuthMe?

On first join they run /register <password> <password> to create an account, and on every later login they run /login <password> to authenticate. Until they log in, AuthMe restricts their movement, chat and commands so an impersonator cannot do anything with the account.

What stops someone using another player's name before they register?

On an offline server anyone can connect with any username, which is exactly the risk AuthMe addresses: the first person to register a name sets its password, and afterwards only someone with that password can log in and act. Registering early secures a username on a cracked server.

Where are passwords stored?

Passwords are stored hashed (not in plain text) in AuthMe's database — SQLite by default, or MySQL for shared/network storage. Because they are hashed, the stored value cannot be trivially reversed to the original password. Choose a strong hashing algorithm in the config.

Can I stop unregistered players from running commands?

Yes, and you should. AuthMe restricts unauthenticated players and lets you configure exactly which commands (typically only /register and /login) are allowed before login. This prevents someone from exploiting commands or chat while not logged in.

Features

  • Player registration
  • Login protection
  • Session caching
  • Password hashing
  • Database storage
  • Command restrictions before login
  • Anti-bot options
  • Permission integration

Commands

/register/login/changepassword/logout/authme reload/authme accounts/authme unregister

Permissions

authme.player.*authme.admin.*authme.admin.reloadauthme.admin.accountsauthme.admin.unregister

Tags

authloginregistersecurityoffline-mode
All PluginsMore Admin PluginsTutorial