Secure your servers OP command!
- Native Minecraft Version:
- 1.16
- Tested Minecraft Versions:
- 1.8
- 1.9
- 1.10
- 1.11
- 1.12
- 1.13
- 1.14
- 1.15
- 1.16
- Source Code:
- https://github.com/JavaSE77/SecureOP
/*
The current version works in 1.3+, and the previous version was written for older versions. You can download either from the version history*/
Source code is on GitHub!
https://github.com/JavaSE77/SecureOP
How it works;
In normal spigot all you have to do to OP someone is type /OP (playername) and that’s it, the player has operator status and can do whatever they want. What does this plugin do to help stop that? Well it makes it so that when you attempt to OP someone you are prompted with a password, /OP (player name) (password) . The password can be changed in the config. file, also you can set it in the config. file to ban players who use the wrong password, and you can even set it to kick players that don’t have permission but still try to use the command.
Why do you need this?
One day I was on my server and one of the staff members asked to be oped to help me fix something, so I OPed him and we were working on it and I had to go, he said he would finish it and so I said ok and thanked him for his help. The next morning when I got on he had OPed one of his friends and they were having a lucky block battle with my lucky blocks plugin... Let's just say his friend wasn't honest and took some items from creative while he was at it (64x diamond blocks... RIP economy). If I would have installed this plugin sooner, it wouldn't have been a problem because he wouldn't have been able to OP him and he could have finished fixing the glitch we found.
You can kick players who you the /op command without permission/ correct password: (configurable)
![]()
When you type /op, you now get this message:![]()
When you op someone, it will send a message to the chat: (configurable)
![]()
Works for deop too!
![]()
*Update*
This plugin now uses SHA-256 encryption to store passwords. Before you set the password using the setOpPassword command, your server will have no OP password. Please set this password!
The latest update added a custom 4J log filter to prevent the logging of any command that could contain the plain text version of your password.
If you forget your password, you can reset it by deleting the password.txt file in the SecureOP plugin folder.
Commands and permissions:
/OP (player) (password) – permission, SecureOp.op
/DEOP (player) (password) – permission, SecureOp.deop
/SetOpPassword (current password) (New password) - Permission, SecureOP.setPassword
Code (Text):Configuration
#OP password is now stored in the password.txt file.
#Kick people without permission to use /op?
KickWithoutPerms: true
#Ban people who use incorrect passwords?
BanOnBadPassword: true
#This command will run whenever someone uses the wrong password (Set to '' to disable)
BadCommand: 'adminchat Someone is using /op!'
#Broadcast a message when a player is OPed?
BroadcastOP: true
#Allow offline players to be opped?
OPofflinePlayers: true
DEOPofflinePlayers: true
#Block /bukkit:op? (blocks all commands that include :op) WARNING! SETTING THIS TO FALSE CREATES A SERVER SECURITY PROBLEM
BlockBukkit: true
#Message online admins when a player tries to uses command /op? (Permission Secureop.receive )
MessageAdmins: true
#
#Messages. Use %player% for the target player, and %sender% for the command sender. %command% for /op or /deop
#
OpMsg: '&bPlayer &5%player% &bhas been OPed by &5%sender%'
DeopMsg: '&bPlayer &5%player% &bhas been deOPed by &5%sender%'
BadPassword: '&4Authentication failed.'
AdminMessageNoPerm: '&4Player %sender% tried to use /%command%!'
AdminMessageBadPass: '&4Admin %sender% tried to %command% %player%'
ErrorNoPerms: '&cError, you cannot use that command because it can damage the server!'
BanMessage: '&4YOU ARE NOT ALLOWED TO TRY AND GUESS THE PASSWORD OF THE COMMAND /op'
KickMessage: '&4You do not have permission to change the operator status of other players'
#This will intercept commands before they hit the command processor.
#Should prevent other command spy plugins from seeing this command
interceptOPcmd: true
Code (Text):Permissions
permissions:
SecureOP.op:
default: op
SecureOP.deop:
default: op
Secureop.receive:
default: op
SecureOP.setPassword:
default: op

Secure OP 1.16.5
Password protect your server's op command!
-
TonKungZababa and ANDREI923 like this.
Recent Updates
- Added SHA-256 encryption May 20, 2021
- Bug fixes May 2, 2020
- Added support for /deop May 1, 2020
Recent Reviews
-
PavlosSk
- 5/5,
The best plugin 5 stars everyone i say download it and check it out its working perfect
-
xiaozhangup
- 5/5,
This plug-in enhances the security of my server. Thank you very much. Can I move him to the www.mcbbs.net forum in China? I'll mark the original author.
-
Turboline
- 5/5,
A very good plugin. I only miss one thing ...
Would it also be possible to prevent the "/ deop" command?
I think that would be a good addition to the plugin.-
Author's Response
Great idea! I added it to the latest version. Thank you for the review.
-
TheMoMojanster
- 5/5,
it is amazing, and its also great for password protecting a servers op command too, though I think thats not the main goal of it, im pretty sure the main goal is to ban the owner on accident, which is cooler than the other one
-
Author's Response
Haha. Glad you are enjoying it. Thanks for the review!
-
dinoboss2001
- 5/5,
si que se fue un largo tiempo xdddddddddddddddddddddddddddddd un saludo grax por la update era hora xddd
-
tofonek
- 3/5,
its good plugin but add please to config tempban and how many long and add config text: Error! please use the command like this: /op (player) (password)
-
Redst0ned
- 4/5,
Would be better with /deop support and possibly the ability to change password with an in game command
-
Djmadzik
- 5/5,
thx a lot for create this plugin, it resolve a lot a problem for my server,
continue your good work, i hope see your next plugin how it will be awsome ^^ -
-
Author's Response
Thank you for the review, I was assuming most servers blocked that command by default. However, I can add that to a future update.
-
-
texxxxxx
- 5/5,
To begin the plugin works fine. It does what it supposed to which is great. Whenever I op someone doing /op Texxxxxx password, it says "Error! Please use the command like this: /op (player) (password). Then when I do /deop (tab), it shows the player that I just tried to op being op. In other words, when I correctly op someone, the error message shows anyway.
-
Author's Response
I will look into this, thank you for the review.