SecureLogin v2.0.4

SecureLogin – Lightweight Login System (1.16.5 → 1.21.11)​

A fast, lightweight, and easy-to-use authentication plugin for your Minecraft server.
Dependencies: ProtocolLib

SimpleLogin provides secure login & registration without performance impact.
It also supports Premium AutoLogin without requiring any additional addons, making setup extremely simple.

​

---

​

Key Features​

​

• AutoLogin for Premium Accounts
  Automatically logs in legitimate (paid) Minecraft accounts with no extra plugins required.​
• Premium Account Checker
  Detects whether a player is using a premium (online-mode) account.​
• Custom Announcements
  Display configurable login messages, title messages, and fade animations.​
• Player Restrictions Before Login
  Optional effects and limitations such as:​
  • Blindness​
  • Movement blocking​
  • Inventory hiding​
• Anti-Bot Protection
  Built-in system to reduce bot attacks and suspicious connections.​
• Login Sessions
  Trusted devices/players can skip re-typing passwords for a configurable duration.​
• Lightweight & Efficient
  Optimized to run smoothly on all supported versions.​

Click to expand...

You can checkout the config file of this plugin below by clicking the spoiler button.

Spoiler: click to show config file code

JSON:

#
# =========================================
# SecureLogin v2.0 Configuration File
# Minecraft Login + Premium Auto-Login
# File-based Storage (Pure JSON)
# =========================================

# ===== GENERAL SETTINGS =====
general:
  # Enable premium auto-registration and auto-login
  enableAutoRegisterPremium: true
 
  # Hash algorithm (bcrypt recommended, do not change)
  hashAlgorithm: bcrypt

# ===== PLAYER RESTRICTIONS =====
restrictions:
  # Hide player inventory until logged in
  hideInventory: true
 
  # Freeze player movement until logged in
  freezeUntilLogin: true

# ===== PASSWORD SECURITY SETTINGS =====
password:
  # Minimum password length
  minLength: 6
 
  # Maximum password length
  maxLength: 32
 
  # Require at least one number (0-9)
  requireNumbers: false
 
  # Require at least one uppercase letter (A-Z)
  requireUppercase: false
 
  # Require at least one lowercase letter (a-z)
  requireLowercase: false
 
  # Require at least one special character (!@#$%^&*()_+-)
  requireSpecial: false
 
  # Disallow password similar to username
  disallowSimilarToUsername: true
 
  # Maximum consecutive repeated characters (0 to disable)
  maxConsecutiveRepeats: 3
 
  # Password history count (prevent reusing recent passwords)
  historyCount: 3

# ===== SECURITY SETTINGS =====
security:
  # Password security settings
  password:
    min-length: 6
    max-length: 32
    require-uppercase: false
    require-numbers: false
    require-special: false
    history-count: 3
 
  # Session management
  session:
    # Session timeout in SECONDS (auto-login if rejoining within this time)
    # Default: 3600 = 1 hour
    timeout-seconds: 3600
 
    # Enable session-based auto-login
    enabled: true
 
    # Validate IP address for sessions (player must login from same IP)
    validate-ip: true
 
  # Two-Factor Authentication
  2fa:
    # Enable 2FA system
    enabled: true
 
    # 2FA code length (usually 6 digits)
    code-length: 6
 
    # 2FA code expiry time in SECONDS
    # Default: 300 = 5 minutes
    code-expiry-seconds: 300

# ===== PREMIUM (MOJANG) AUTHENTICATION =====
premium:
  # Enable premium Mojang account auto-login
  enabled: true
 
  # Auto-login premium players (no password required)
  auto-login: true
 
  # SECURITY: Kick players who try to impersonate premium accounts
  # When enabled, cracked players using premium usernames will be kicked
  # When disabled, they will be treated as non-premium and required to register/login
  # NOTE: Existing registered premium accounts are ALWAYS protected regardless of this setting.
  #       This setting only affects NEW premium usernames not yet registered on this server.
  #       Setting to false is less secure - use with caution.
  kick-impersonators: true
 
  # Rate limiting for Mojang API calls
  rate-limit:
    # Requests per minute allowed
    requests-per-minute: 30
 
    # Burst size (maximum concurrent requests)
    burst-size: 5

# ===== LOGIN SETTINGS =====
login:
  # Maximum login attempts before temporary lockout
  max-attempts: 3
 
  # Lockout duration in MINUTES after exceeding max attempts
  lockout-duration-minutes: 5
 
  # Login timeout in SECONDS (kick player if not logged in after this time)
  # Default: 60 = 1 minute
  # 0 = disable timeout
  timeout-seconds: 60
 
  # Kick player if timeout expires
  kick-on-timeout: true
 
  # Teleport player to spawn location after login
  spawn-teleport: true
 
  # Hide inventory until logged in
  hide-inventory: true
 
  # Freeze player movement until logged in
  freeze-until-login: true
 
  # Show large title announcement when player joins
  show-title-on-join: true
 
  # Title announcement settings (in TICKS: 20 ticks = 1 second)
  title-fade-in: 10
  title-stay: 70
  title-fade-out: 10
 
  # Spawn location coordinates
  spawn-location:
    world: world
    x: 0
    y: 64
    z: 0

# ===== WEBHOOK NOTIFICATIONS =====
# Send login notifications to a Discord webhook
webhook:
  # Enable webhook notifications
  enabled: false
 
  # Discord webhook URL (get this from Discord channel settings -> Integrations -> Webhooks)
  url: ""
 
  # Show player IP address in webhook (hidden by spoiler tag)
  # Set to false for privacy
  show-ip: false

# ===== ANTI-BOT PROTECTION =====
antiBot:
  # Enable anti-bot features
  enabled: true
 
  # Kick unregistered players after timeout
  kickUnregistered: true

# ===== DATABASE SETTINGS =====
database:
  # Database type (sqlite for file-based storage)
  type: sqlite
 
  # SQLite database file name
  filename: securelogin.db
 
  # Connection pool settings
  pool:
    maximum-pool-size: 10
    minimum-idle: 2
    connection-timeout: 30000
    idle-timeout: 600000
    max-lifetime: 1800000

# ===== MESSAGES =====
# Color codes: &a=green, &c=red, &e=yellow, &6=gold, &b=aqua, &f=white, &8=dark-gray
# Format codes: &l=bold, &o=italic, &n=underline, &m=strikethrough, &r=reset
messages:
  prefix: "&8[&bSecureLogin&8] &r"
 
  # ===== SUCCESS MESSAGES =====
  register-success: "&aRegistered successfully! Please login with /login <password>"
  login-success: "&aLogged in successfully!"
  logout-success: "&aSuccessfully logged out!"
  premium-login: "&aPremium account detected! Auto-logged in!"
  session-restored: "&aWelcome back! Session restored."
  password-updated: "&aPassword updated successfully!"
  changepass-success: "&aPassword changed successfully!"
  unregister-success: "&aAccount deleted successfully!"
  config-reloaded: "&aConfiguration reloaded successfully!"
 
  # ===== REGISTRATION/LOGIN PROMPTS =====
  login-required: "&cPlease login using: &e/login <password>"
  register-required: "&cPlease register using: &e/register <password>"
  already-registered: "&cYou are already registered! Use /login <password>"
  already-logged-in: "&cYou are already logged in!"
  not-registered: "&cYou must register first!"
  not-logged-in: "&cYou are not logged in!"
  must-be-logged-in: "&cYou must be logged in to use this command!"
 
  # ===== ERROR MESSAGES =====
  login-failed: "&cIncorrect password. Attempts remaining: %attempts%"
  account-locked: "&cYour account is temporarily locked! Try again in %time% seconds"
  session-expired: "&cYour session has expired. Please login again."
  invalid-password: "&cPassword does not meet requirements!"
  new-password-different: "&cNew password must be different from old password!"
  password-reused: "&cCannot reuse recent passwords!"
  incorrect-old-password: "&cIncorrect old password!"
  premium-no-password: "&cPremium accounts do not use passwords!"
 
  # ===== PASSWORD VALIDATION MESSAGES =====
  password-too-short: "&cPassword too short! Minimum %min% characters"
  password-too-long: "&cPassword too long! Maximum %max% characters"
  password-require-numbers: "&cPassword must contain at least one number"
  password-require-uppercase: "&cPassword must contain at least one uppercase letter"
  password-require-lowercase: "&cPassword must contain at least one lowercase letter"
  password-require-special: "&cPassword must contain at least one special character"
  password-similar-username: "&cPassword cannot be similar to your username"
  password-too-many-repeats: "&cPassword contains too many repeated characters"
  invalid-characters: "&cPassword contains invalid characters"
 
  # ===== 2FA MESSAGES =====
  2fa-code: "&eYour 2FA code is: &b%code%"
  2fa-prompt: "&eUse: &f/login <password> <code>"
  2fa-code-invalid: "&cInvalid or expired 2FA code!"
  2fa-disabled: "&c2FA is disabled on this server!"
  2fa-enabled-message: "&aTwo-Factor Authentication is enabled on this server."
 
  # ===== TITLE ANNOUNCEMENT MESSAGES =====
  login-title: "&6&lLogin Required"
  login-subtitle: "&eUse &f/login <password>"
  register-title: "&6&lRegister Required"
  register-subtitle: "&eUse &f/register <password>"
 
  # ===== ADMIN MESSAGES =====
  admin-player-not-found: "&cPlayer not found or not online"
  admin-player-logged-in: "&aPlayer %player% has been logged in"
  admin-player-logged-out: "&aPlayer %player% has been logged out"
  admin-login-status: "&ePlayer %player% - Logged in: %status%"
  admin-premium-status: "&ePlayer %player% - Premium: %status%"
 
  # ===== IP PROTECTION MESSAGES =====
  ip-mismatch: "&cYou can only login from your registered IP address!"
 
  # ===== SECURITY MESSAGES =====
  impersonation-blocked: "&cAccess denied! This username belongs to a premium account."
  impersonation-registered: "&cThis premium account is already registered. Use the official launcher."
 
  # ===== OTHER MESSAGES =====
  login-timeout: "&cLogin timeout! Please reconnect."

Click to expand...