Supports Minecraft 1.21.x (Java 21+) and 26.x (Java 25+) — one codebase, two jars:
PluginGuard-<version>.jar for 1.21.x servers, PluginGuard-<version>-mc26.jar for 26.x servers
(build with ./gradlew shadowJar -Pmc=21 or -Pmc=26).
Works on Paper, Purpur, Pufferfish, Folia, and other Paper forks.
Spigot/Bukkit will load the plugin but server-brand spoofing is disabled (Paper-only API).
Donate: https://ko-fi.com/darkstarworks
- Hide Mode — choose from several types of "Access Denied" responses
- Plugin Spoofing — return a configurable list of fake plugins
- Optional Bypass Permission
- High-level Bypass Protection
- Command Redirection
- Advanced Protection
- Custom Protection
- Server Metadata Protection
- Optional Server Brand Spoofing — return e.g. "Vanilla" instead of "Paper", in both the server-list ping and the in-game F3 /
minecraft:brandchannel - Optional Aggressive Mode — block everything; see config below
- Probe Logging & Detection — record probe attempts and alert admins when a player crosses a weighted-score threshold
- Honeypot Commands — admin-defined fake commands; a single hit fires an immediate alert
- Folia-compatible
Hide Mode options:
"unknown-command"— shows "Unknown command" (most realistic)"empty"— showsPlugins (0):"fake-list"— shows the configured fake plugins below"permission-denied"— shows a permission error
hide-mode: "unknown-command"Fake plugins to display when hide-mode: "fake-list"
(use vanilla-sounding names to appear legitimate):
fake-plugins:
- "ServerCore"
- "WorldManager"
- "CoreProtect"
- "EveryoneChat"Permission node to bypass all plugin hiding (staff/admin only):
bypass-permission: "pluginguard.bypass"Commands to intercept and hide (supports bukkit: and minecraft: prefixes):
protected-commands:
- "pl"
- "plugins"
- "ver"
- "version"
- "?"
- "help"
- "about"
- "icanhasbukkit"Block all bukkit: and minecraft: prefixed commands (prevents probing):
block-bukkit-commands: trueRedirect bukkit: commands to the spoofed list instead of blocking
(only works if block-bukkit-commands: true):
redirect-bukkit-commands: falseBlock all namespaced commands (/essentials:home, /luckperms:lp, ...) — the
namespace before the colon is the plugin's name, so one namespaced command confirms
a plugin exists even when its bare alias is hidden. Also strips namespaced entries
from tab completion:
block-namespaced-commands: trueRemove plugin commands from tab-completion to prevent /[tab] probing:
hide-tab-completion: trueReturn "Unknown command" even when the player simply lacks permission — prevents probing for plugin existence via permission responses:
block-unknown-commands: trueCommon plugin commands to block (case-insensitive):
common-plugin-commands:
- "essentials"
- "ess"
- "worldedit"
- "we"
- "luckperms"
- "lp"
- "coreprotect"
- "co"
- "vault"
- "multiverse"
- "mv"
- "citizens"
- "npc"
- "clearlag"
- "dynmap"
- "griefprevention"
- "gp"
- "holographicdisplays"
- "hd"block-common-plugin-commands: trueHide server software in the server-list ping/MOTD and the in-game
minecraft:brand channel that the F3 screen and client mods read (Paper/Folia only;
on Spigot this degrades to ping-only):
hide-server-brand: true
fake-server-brand: "vanilla"PluginGuard can record probe attempts and alert online admins when a player shows a pattern of plugin-enumeration behavior. All I/O is dispatched asynchronously so the command hot path stays cheap, and per-player state is cleared on quit.
logging:
# Append every probe attempt to plugins/PluginGuard/probes.log
log-to-file: false
# Also log every individual probe to the server console (noisy)
log-individual-probes: false
detection:
enabled: true
score-threshold: 5
window-seconds: 60
alert-cooldown-seconds: 300
notify-permission: "pluginguard.alerts"Weights per probe category:
| Category | Weight | Examples |
|---|---|---|
| Honeypot | 5 | Anything listed under honeypot-commands (single hit triggers) |
| High | 3 | bukkit:foo, minecraft:foo, /icanhasbukkit |
| Medium | 2 | /pl, /plugins, /ver, /version, /about |
| Low | 1 | /lp, /we, /co, /mv, /dynmap, ... (common plugins) |
/help and /? are deliberately never tracked — too commonly legitimate.
Fake commands no legitimate user would type. A single attempt is enough to fire the detector at the default threshold, so honeypots act as a near-zero-false-positive tripwire. Invent plausible-sounding names an attacker might try:
honeypot-commands:
- "staffchat"
- "adminchat"
- "modchat"
- "opme"Blocks all plugin commands for players without <command>.use permission.
This will hide even beneficial plugin commands for regular players — use only if
you want maximum security and are willing to manually grant per-command permissions.
aggressive-mode: false/pluginguard reload— reload config (requirespluginguard.reload)/pluginguard status— show current protection status
pluginguard.bypass— see the real plugin list and bypass all hiding (default: op)pluginguard.reload— reload PluginGuard configuration (default: op)pluginguard.alerts— receive in-game probe-detector alerts (default: op)