GateKeeper

Overview

GateKeeper is a modern, security-focused authentication plugin designed specifically for Minecraft servers running in offline-mode.

It focuses on reducing account abuse, brute-force attempts, and common authentication bypasses while remaining lightweight and easy to configure.

Features

• Password-based authentication using BCrypt
• Full player lockdown before authentication
• Per-account rate limiting to reduce brute-force attempts
• Automatic account locking after configurable failed login attempts
• Staff commands:
  /gate lock, /gate unlock, /gate forcereset, /gate info, /gate help
• Persistent storage using SQLite
• Username filtering to block disallowed names
• Authentication teleport system (optional auth spawn and return location)
• Sensible defaults with minimal configuration required

Lightweight and Simple

• No proxies required
• No external servers or services
• No unnecessary dependencies
• Designed for long-term, unattended operation

GateKeeper is intended to be installed once and run reliably with minimal maintenance.

Important Notes

GateKeeper is intended for servers running in offline-mode.

This means:

• Mojang account ownership cannot be verified
• Premium account trust is not automatic
• It should not be used on servers running in online-mode

For full account security, it is recommended to:

• Enable online-mode=true, or
• Use a proxy with online authentication

GateKeeper exists to reduce risk on offline-mode servers, not to replace official authentication.

Compatibility

• Paper
• Purpur
• Pufferfish
• Spigot

Philosophy

Offline-mode servers will never be perfectly secure.
GateKeeper focuses on risk reduction through strong authentication and sensible security defaults.