Skip to main content
AdminComplete setup walkthrough

How to Configure CoreProtect on a Minecraft Server

Log block, container, chat, and session activity so staff can inspect and roll back grief without restoring a whole world backup. This guide covers install order, first startup, LuckPerms permissions, config files, use-case presets, integrations, performance checks, common failures, and admin FAQ.

Plugin ReferenceConfigure Hosting

Audience

Survival admins, anti-grief staff, and owners who need evidence before punishments.

Install Jar

CoreProtect.jar.

Tested Stack

Paper or Purpur 1.20.6 to 1.21.x, Java 21, LuckPerms for permissions, and a staging server before production changes.

What CoreProtect Does

CoreProtect should be treated as part of your server architecture, not as a random jar dropped into production. The safe workflow is to define the job the plugin owns, decide which groups can touch it, test the generated files on staging, then move only the reviewed configuration to the live server.

For CoreProtect, the main job is: Log block, container, chat, and session activity so staff can inspect and roll back grief without restoring a whole world backup. That means every setting should support a concrete player workflow or staff workflow. If a setting does not have an owner, a test, and a rollback path, leave it at the generated default until you have a reason to change it.

The most common failure pattern is configuring the plugin as OP, seeing it work, and assuming players are ready. Operators bypass too much. For every section below, create a temporary non-OP account in the target LuckPerms group and test the exact command or interaction that normal players will use.

Keep a small audit note beside the config. Record the plugin version, the file paths changed, the exact permissions granted, the test account used, the commands verified, and the rollback file or database backup to restore. When another plugin depends on CoreProtect, repeat the same test after updates because the failing part may be the bridge, provider, world context, or display plugin rather than CoreProtect itself. Keep the note in your operations runbook.

Installation and First Startup

Back up the server before installing CoreProtect. At minimum, keep a copy of the existing plugins folder, the world data if the plugin touches worlds or claims, and any database used by related plugins. Upload CoreProtect.jar. into the plugins folder, then perform a full restart so Bukkit, Paper, or Purpur loads the plugin cleanly.

On first startup, do not edit every generated file immediately. Let the plugin create its folder, read the startup log, then run a small command or player action to prove the plugin is alive. The first goal is a known-good baseline. After that, make one config change at a time.

First startup checklist

  • Run /co status after first startup.
  • Break and place a test block, then use /co inspect.
  • Confirm the database backend in config.yml before opening to players.
  • Check disk usage growth after a busy hour on staging or a low-traffic window.

LuckPerms Permission Setup

Configure CoreProtect permissions through groups. A clean setup usually has default, trusted, helper, moderator, admin, and owner groups. Default players get only the commands required for normal gameplay. Staff groups get narrow operational permissions. Owner keeps destructive, economy-changing, rollback, purge, import, or wildcard permissions.

Use this pattern for every permission below. Replace the group and permission with the row you are granting. Run the command from console or as an owner, then test with a non-OP player in that group.

/lp group <group> permission set <permission> true
/lp group <group> permission check <permission>
/lp user <player> parent add <group>
coreprotect.inspect

Grant to helper: Lets junior staff inspect block history.

coreprotect.lookup

Grant to moderator: Lets staff search evidence.

coreprotect.rollback

Grant to admin: Rollback can undo legitimate player work if misused.

coreprotect.purge

Grant to owner: Purge permanently removes log evidence.

Command Workflows

Commands are not just a reference list. They are the operational workflows your staff will use under pressure. Write the exact command patterns into your runbook and include which group may run each one. For sensitive commands, test with a preview, a limited radius, a staging world, or a throwaway account before using them live.

/co inspect

Toggle block and container inspection.

/co lookup u:<player> t:1h r:20

Find recent activity by one player near you.

/co rollback u:<player> t:30m r:30 #preview

Preview a rollback before applying it.

/co rollback u:<player> t:30m r:30

Rollback confirmed grief in a small radius.

/co restore u:<player> t:30m r:30

Undo a mistaken rollback.

/co purge t:30d

Delete older log data when retention policy allows it.

/co reload

Reload configuration after safe config edits.

Config File Deep Dive

The config files below are the parts of CoreProtect most likely to matter on a real server. Do not copy a random full config from another network. Generated files change between plugin versions, and old examples can silently disable modern safeguards. Keep the generated comments, change only the setting you understand, then reload or restart using the plugin-specific path.

For every setting, write down the old value, the new value, why it changed, and how to back out. This is slower than editing blindly, but it prevents mystery behavior three weeks later when another admin tries to debug the server.

config.yml

plugins/CoreProtect/config.yml

Controls logging categories, database settings, and operational behavior.

Recommendation: Start with defaults, then change database and retention after measuring growth.

Per-world config

plugins/CoreProtect/<world>.yml

World-specific files override the main config for selected settings.

Recommendation: Use this to reduce logging in resource worlds only after you understand the tradeoff.

rollback-entities

plugins/CoreProtect/<world>.yml

Can be overridden per world to change entity rollback behavior.

Recommendation: Disable entity rollback in worlds where entity logs are noisy and not useful.

blacklist.txt

plugins/CoreProtect/blacklist.txt

Disables logging for specific users, commands, blocks, or special sources.

Recommendation: Blacklist only high-noise sources you are certain you do not need for investigations.

Database backend

plugins/CoreProtect/config.yml

CoreProtect can use local storage or MySQL depending on version and setup.

Recommendation: Use MySQL or MariaDB for larger public servers and include it in backups.

Use-Case Configs

A good CoreProtect setup depends on the type of server. Survival wants stability and player trust. Creative wants build speed and plot safety. Skyblock and economy modes care about item generation and abuse loops. Use these presets as decision checklists, then convert them into exact config changes for your own server.

Grief rollback

Investigate first, preview second, apply rollback last.

  • Inspect blocks in the damaged area.
  • Run a lookup with user, time, radius, and action filters.
  • Use #preview.
  • Apply the rollback.
  • Record the command in the moderation note.

Chest theft investigation

Container logs show who removed or added items.

  • Stand near the container.
  • Run lookup with container action.
  • Cross-check time and player.
  • Restore only if the evidence is clear.

Retention policy

Keep enough log history for appeals without filling disk.

  • Measure database growth.
  • Pick 14, 30, or 60 day retention.
  • Schedule purges outside peak time.
  • Back up before major purges.

Plugin Integrations

Most Minecraft plugin problems happen at the boundary between plugins. CoreProtect may load correctly while the full workflow still fails because a dependency, bridge, economy provider, permission group, display plugin, or world manager is missing. Check integrations during startup and after every plugin update.

WorldGuard

WorldGuard reduces incidents. CoreProtect proves what happened when a gap remains.

LuckPerms

Use separate inspect, lookup, rollback, and purge permissions.

GriefPrevention

Claim systems prevent most grief, while CoreProtect handles edge cases and staff review.

Vault

Vault is not required for CoreProtect operation.

Performance and Maintenance

Performance tuning starts with scope. Do not enable every module, world, render, placeholder, command, or log type just because the plugin supports it. Enable the parts that support your server design, measure the impact, and keep a short maintenance checklist for future updates.

  • Keep lookups specific. Always include time and radius when possible.
  • Use #preview before broad rollbacks.
  • Move large public servers to a real database before logs become massive.
  • Do purges during low traffic and avoid purging evidence before moderation review periods expire.

Common Errors and Fixes

When CoreProtect misbehaves, separate facts from guesses. Capture the command used, player group, world, plugin version, and console output. Then work through the smallest reproducible test instead of changing five settings at once.

Rollback affects too much

  • Radius was omitted.
  • Time range was too broad.
  • Action filters were missing.
  • User filter was wrong.

Fix: Use /co restore with the same parameters, then rerun a narrower preview.

Inspection shows no data

  • CoreProtect was installed before the action.
  • Logging category is enabled.
  • The world has not disabled logging.
  • Database connection is healthy.

Fix: Fix logging settings, reload or restart as needed, and test a new block action.

Database grows too quickly

  • Retention is defined.
  • High-noise worlds are logged.
  • Container and session logs are needed.
  • Purge has been run recently.

Fix: Set a retention policy, move to MySQL if needed, and blacklist only confirmed noise sources.

CoreProtect FAQ

Should I configure CoreProtect on a live production server?

Use a staging copy for the first setup, then move the finished configuration to production during a quiet period. CoreProtect may read files, register commands, or touch player data during startup, so testing on a copy prevents avoidable downtime.

Can I use /reload after changing CoreProtect?

Avoid the global /reload command. Use /co reload when the plugin supports it, or schedule a normal restart when the change affects dependencies, database settings, worlds, generated regions, or plugin jars.

Where should I keep backups before changing CoreProtect?

Back up the plugin data folder, the jar you are replacing, and any database tables used by the plugin. Keep the backup outside the live plugins folder so a later cleanup or plugin scan cannot accidentally load it.

How should I grant permissions for CoreProtect?

Grant permissions to LuckPerms groups, not individual players. Use a small default group, a trusted staff group, and an owner group. Temporary exceptions should use LuckPerms temporary permissions with a clear expiration.

Why does CoreProtect work for operators but not normal players?

Operators bypass many checks, so OP testing is not enough. Test with a non-OP account in the default group and watch the console for missing permission messages or plugin-specific deny output.

How do I know whether CoreProtect loaded correctly?

Check the startup log for the plugin name, run the main info command, confirm the data folder was created, and test one normal player workflow. Do not assume the plugin is ready just because it appears in /plugins.

Should I edit generated config files by hand?

Yes, but keep comments, indentation, and encoding intact. YAML and HOCON are strict enough that one bad indent or missing quote can stop a plugin from loading its configuration.

How often should I review CoreProtect settings?

Review the config after major Minecraft updates, plugin major releases, and changes to your server mode. Survival, skyblock, creative, and proxy networks usually need different defaults.

What is the safest way to update CoreProtect?

Read the changelog, back up the existing jar and data folder, test the new version on staging, then replace the jar during a normal restart. Do not hot swap core plugins that hold data or hook deeply into server internals.

How do I document the final CoreProtect setup?

Write down the plugin version, config files changed, permissions granted, commands staff use, and rollback steps. Store that note beside your server runbook so another admin can recover the setup later.

Official References

Check the upstream documentation before changing version-specific settings. This tutorial avoids full copied configs because plugin defaults and generated comments can change between releases.

CoreProtect commandsCoreProtect configurationCoreProtect permissions
Back to CoreProtectAll Plugins