▶️ ЗАБЕРИ СВОИ 8 ПОДАРКОВ 🎁 ПРИ СОЗДАНИИ СВОЕГО МАЙНКРАФТ СЕРВЕРА
Login+

Login+

Best new gen auth plugin to your servers !

Оцените первым
116
1

🔐 Login+

Register once, stay protected forever. Login+ is a modern authentication plugin for offline-mode servers — passwords, sessions, free 2FA and full account protection in one jar for Spigot/Paper 1.8.8 → 1.21+.

Written in Kotlin, runs fully server side, so every client and every client version is supported. No mods, no datapacks, no paid services — drop the jar in, restart, done.

🛡️ Your players' passwords are protected with Argon2id — winner of the Password Hashing Competition and OWASP's #1 recommendation. Its memory-hard design makes large-scale GPU brute-force attacks impractical. Passwords are never stored as readable text — not even the server owner can recover them.


✨ Features

  • 🔑 Argon2id password hashing — the strongest password protection available today, with OWASP-baseline defaults you can raise in the config
  • ⏱️ Sessions — reconnect within 15 minutes (configurable) from the same IP and skip the login. Survives server restarts
  • 📱 Free 2FA — three flavours:
    • Google Authenticator (TOTP) — works 100% offline, the QR code is rendered on an in-game map item for easy scanning
    • Discord — your own bot DMs the login code
    • Telegram — your own bot sends the login code
  • 🚨 Security alerts — players with Discord/Telegram linked get warned about new-IP logins, brute-force attempts and password changes — even while offline
  • 🙈 Console password shield/login and /register are intercepted so passwords never appear in the console or log files
  • 🧱 Full freeze before login — no moving, chatting, commands, damage, inventory or item pickup; optional blindness and spawn teleport that hides base coordinates from stream snipers
  • 🤖 Anti-bot & brute-force protection — per-player attempt limits, per-IP lockouts, join-flood lockdown, username regex filter, per-IP account limits
  • 🎭 Anti-impersonation — kicks NoTcH if the account was registered as Notch, blocks duplicate names, optional UUID checks
  • 💎 Premium mode/premium lets verified Mojang accounts skip the password (only when the connection can actually be verified — Login+ never pretends)
  • 📧 E-mail recovery — forgot the password? A one-time code is mailed via your own SMTP mailbox. 2FA still applies after recovery
  • 🌍 Country filter — whitelist or blacklist joins by country
  • 🌐 Proxy ready — works behind Velocity, BungeeCord and Waterfall; with shared MySQL, sessions carry across backend servers (no re-login when switching). Login+ checks your forwarding setup on startup and prints hints
  • 🔊 Sound feedback — level-up chime on success, buzzer on wrong password (cross-version safe)
  • 🗄️ SQLite out of the box, MySQL for networks — with automatic scheduled backups
  • 🌏 Fully translatable — clean English and Russian message files included

⚙️ Commands & Permissions

CommandPermissionShort Description
/register <pass> <pass>loginplus.player.registerCreate an account
/login <pass> (alias /l)loginplus.player.loginLog in
/logoutloginplus.player.logoutLog out and lock the account
/changepassword <old> <new>loginplus.player.changepasswordChange password
/unregister <pass>loginplus.player.unregisterDelete own account
/2fa setup <totp|discord|telegram>loginplus.player.2faEnable two-factor auth
/2fa <code>loginplus.player.2faEnter the code during login
/email set <address>loginplus.player.emailBind a recovery e-mail
/email recoveryloginplus.player.emailRecover a forgotten password
/premium / /freemiumloginplus.player.premiumToggle Mojang auto-login
/loginplus <reload|forcelogin|unregister|info>loginplus.adminAdmin commands

All player permissions default to true; admin commands default to OP.


🚀 Quick Start

  1. Drop the jar into /plugins and restart the server.
  2. Players run /register <password> <password>, then /login <password> next time.
  3. (Optional) Enable free 2FA, e-mail recovery and more in config.yml — every option is documented right in the file.

Setting up the 2FA bots (both 100% free)

  • Telegram: message @BotFather → /newbot → copy the token into config.yml. Players run /2fa setup telegram.
  • Discord: discord.com/developers/applications → New ApplicationBot → copy the token into config.yml. Players run /2fa setup discord <their user ID>.
  • Google Authenticator: nothing to set up — players just run /2fa setup totp and scan the QR map. Works offline.

🌐 Running behind Velocity / BungeeCord / Waterfall

Login+ runs on your backend (Spigot/Paper) servers and fully supports proxy networks:

  1. Enable IP forwarding on both sides (proxy and backend).
  2. For multi-server networks set storage.type: MYSQL and point every backend at the same database — players switching servers stay logged in seamlessly.
  3. Firewall the backend ports so players can only connect through the proxy.

Login+ verifies the forwarding configuration on startup and prints console hints if something looks wrong.


💡 Some Advice

  • Login+ is built for offline-mode servers — for example, the backend servers behind a Velocity, BungeeCord or Waterfall proxy, where Minecraft's own account verification is turned off and a login plugin is what keeps every account secure. Pure online-mode (premium) servers are already verified by Mojang, so they don't need a login plugin.
  • Avoid /reload; restart the server instead.
  • Honest security note: /premium only activates when Mojang really verified the connection (online-mode server or online-mode proxy with modern forwarding). On a plain offline-mode server there is nothing to verify, so it politely refuses instead of pretending to be secure.

Часто задаваемые вопросы

Совместимость

Minecraft: Java Edition

26.1.x1.21.x1.20.x1.19.x1.18.x1.17.x1.16.x1.15.x1.14.x1.13.x1.12.x1.11.x1.10.x1.9.x1.8.x

Платформы

Поддерживаемые окружения

Сервер

Ссылки


Создатели

Детали

Лицензия:
Опубликован:3 недели назад
Обновлён:3 недели назад
Главная