Find us on social media

Client area
AuthMeSecurityOffline ModeLogin4 min read

Install AuthMe for offline-mode servers

Set up AuthMe to require registration and login on servers with online-mode=false.

Why AuthMe?

When your server runs in offline mode (online-mode=false), anyone can connect with any username. AuthMe forces players to register a password and log in each session, preventing impersonation.

Step 1: Install AuthMe

  1. Download AuthMe Reloaded from SpigotMC or GitHub
  2. Upload the .jar to plugins/ via panel.baires.host
  3. Restart the server

Step 2: Configure AuthMe

Edit plugins/AuthMe/config.yml:

yaml
DataSource:
  backend: SQLITE
  # Use MYSQL for larger servers

settings:
  sessions:
    enabled: true
    timeout: 60
  registration:
    enabled: true
    force: true
    forceKickMessage: "You must register: /register <password> <password>"
  security:
    minPasswordLength: 6
    passwordHash: BCRYPT
    maxLoginAttempts: 5
    tempbanLength: 10

# Restrict actions before login
restrictions:
  allowMovement: false
  allowCommands:
    - /login
    - /register
    - /l
    - /reg
  allowChat: false

Step 3: Restart and test

  1. Restart the server
  2. Connect with a test account
  3. You should see the registration prompt
  4. Register: /register MyPassword123 MyPassword123
  5. Disconnect and reconnect
  6. Login: /login MyPassword123

Player commands

CommandDescription
/register <pass> <pass>Register a new account
/login <pass>Log in to your account
/changepassword <old> <new>Change password
/unregister <pass>Delete your account

Admin commands

CommandDescription
/authme reloadReload configuration
/authme unregister <player>Force unregister a player
/authme forcelogin <player>Force login a player
/authme purge <days>Remove inactive accounts

Security best practices

  • Use BCRYPT for password hashing (most secure option)
  • Set maxLoginAttempts to prevent brute force
  • Enable sessions so players don't re-login on quick reconnects
  • Restrict all movement and commands before authentication
  • Consider adding a CAPTCHA plugin for bot protection

Tips

  • AuthMe works with LuckPerms — permissions apply after login
  • For large servers (100+ players), switch to MySQL backend
  • Use /authme purge 90 periodically to clean inactive accounts
  • If a player forgets their password, admins can use /authme unregister
Was this guide helpful?
← Back to Minecraft