Server Security Basics

Essential security practices to protect your game server on Witchly.host from unauthorized access and abuse.

Server Management (10 articles)
On This Page

Keeping Your Server Secure

Running a game server means managing access for players, staff, and tools. Following these security basics helps protect your server from unauthorized access, griefing, and abuse.

Strong RCON Passwords

RCON (Remote Console) allows remote administration of your game server. If your server uses RCON, use a strong, unique password:

  • At least 16 characters combining letters, numbers, and symbols
  • Never reuse passwords from other services
  • Change the RCON password immediately if you suspect it has been compromised
  • For Minecraft, set this in server.properties under rcon.password
  • For Rust, configure it in your server startup parameters

If you do not need RCON, disable it entirely. This eliminates the attack surface completely.

Using Whitelists

A whitelist restricts your server to only approved players. This is the most effective way to prevent unauthorized access:

Minecraft:

  • Enable the whitelist in server.properties: white-list=true
  • Add players with /whitelist add PlayerName from the console
  • Players not on the whitelist cannot join

Rust:

  • Use a whitelist plugin from uMod/Oxide
  • Configure allowed Steam IDs in the plugin configuration

Palworld:

  • Set a server password in your server settings to restrict access

Whitelists are especially important for private servers, testing environments, or servers with valuable builds and progress.

Configuring Subuser Permissions

When sharing server access with friends or staff through the panel’s subuser system, follow the principle of least privilege:

  • Moderators — Give console access and the ability to start/stop the server, but not file management or database access
  • Builders — Give SFTP access for uploading builds, but not console or administrative features
  • Developers — May need broader access for plugin development, but should not have backup deletion or subuser management permissions

Review subuser permissions regularly and remove access for anyone who no longer needs it. You can manage subusers from the Users tab in your server’s panel.

Keeping Server Software Updated

Outdated server software is one of the most common security risks:

  • Update your game server to the latest stable version regularly. Security patches are frequently included in updates.
  • Update plugins and mods — Outdated plugins can contain vulnerabilities that attackers exploit. Check for updates at least monthly.
  • Remove unused plugins — Every installed plugin is a potential attack surface. If you are not using it, remove it.
  • Monitor security advisories — Follow the official channels for your server software (Paper, Forge, Fabric, etc.) for security announcements.

Additional Best Practices

  • Back up regularly — Before and after updates, and on an automated schedule. See our backup guide.
  • Monitor your console — Watch for unusual activity, failed login attempts, or unexpected commands.
  • Use anti-cheat plugins — For public servers, anti-cheat software helps prevent exploits and unfair play.
  • Secure your panel account — Use a strong, unique password for your Witchly.host panel account. Never share your login credentials.

If you notice suspicious activity on your server or believe your account has been compromised, contact our support team immediately through Discord.

Previous

Managing Server Backups

Next

Schedules and Auto-Restarts

All Docs Need help? Ask on Discord