OPProtection
Advanced OP & Command Security for Minecraft Servers
Protect your server from unauthorized OP access, command abuse, UUID/IP spoofing, and emergency takeover situations.
Overview
OPProtection is a Minecraft security plugin designed to protect servers from unauthorized operator access and dangerous command abuse.
Many server attacks happen when someone gains OP permission, spoofs identity, or executes sensitive commands such as
/op,
/stop,
/reload, or
/plugins.
OPProtection adds multiple verification and protection layers to make sure only trusted administrators can use operator privileges.
Preview
Key Features
- OP Verification System
Requires players to verify before using OP privileges.
- Password Verification
Players must enter a configured OP password before OP access becomes usable.
- Discord 2FA Support
Optional Discord-based verification for extra security.
- Dangerous Command Protection
Blocks unauthorized access to sensitive commands such as /op, /deop, /stop, /reload, /plugins, and more.
- Tab-Complete Command Hiding
Prevents protected commands from appearing in tab completion.
- GeoIP Protection
Block suspicious access by country and reduce VPN/bot login attempts.
- Anti-IP & UUID Spoof Detection
Detects suspicious identity spoofing attempts.
- Block .server plugins Meteor
Block access to Meteor
- Automatic Safety Actions
Automatically remove OP or require re-verification after logout.
- Paper & Folia Support
Designed for modern Minecraft server software.
First Setup: Create Your OP Password
When OPProtection is loaded for the first time, you must create an OP verification password from the console.
Run this command in the server console:
Code (Text):
/oppass createpass <password>
Example:
Code (Text):
/oppass createpass MyStrongPassword123
For security reasons, the password will not be stored as plain text in the config.
Instead, OPProtection stores it as a hashed value.
If you forget your OP password, reset it from the console:
Code (Text):
/oppass resetpass
After resetting, create a new password again:
Code (Text):
/oppass createpass <new_password>
How OP Verification Works
When a player receives OP permission, they cannot immediately use OP powers.
They must verify first:
Code (Text):
/oppass <password>
After that, the console or an authorized admin can confirm verification:
Code (Text):
/oppass confirm <player>
If Discord 2FA is enabled, the player must verify using a temporary code sent through Discord.
Protected Command Examples
OPProtection can block or restrict commands such as:
- /op
- /deop
- /stop
- /reload
- /plugins
- /version
- /about
Unauthorized players attempting to use protected commands will be denied instantly.
Configuration Example
Code (YAML):
ip-forwarding
: false
op-verification-reset-time
: 20
op-whitelist
:
- YourName
op-password
:
"HASHED_PASSWORD_HERE"
pass-timeout
: 50
tab-complete-block:
enabled
: true
debug
: false
blocked-commands
:
-
"ver"
-
"version"
-
"about"
-
"bukkit:ver"
-
"bukkit:version"
-
"bukkit:about"
-
"minecraft:ver"
-
"minecraft:version"
-
"minecraft:about"
-
"icanhasbukkit"
Commands
| /oppass <password> |
Verify OP access using the configured password |
Player |
| /oppass createpass <password> |
Create the OP verification password for the first time |
Console |
| /oppass resetpass |
Reset the stored OP password hash |
Console |
| /oppass confirm <player> |
Confirm a player's OP verification |
Console/Admin |
| /oppass resetip <player> |
Reset stored IP data for a player |
Console/Admin |
| /opreload |
Reload the plugin configuration |
Console/Admin |
Compatibility
- PaperMC
- Folia
- Modern Minecraft server versions
Dependency
Recommended For
- Survival servers
- SMP servers
- Faction servers
- Network servers
- Private servers with multiple staff members
- Servers that need extra OP protection
Support
Need help, found a bug, or want to suggest a feature?
Please report bugs through Discord or GitHub Issues.
OPProtection helps keep your server safe before damage happens.