30% OFF First Invoice

Code at Checkout: TRICKYTRIALS

About Scam Plugins

Posted: Jun 15, 2022 in Minecraft

mc head By Noah


Viruses and malware, a tale as old as time. You visit a sketchy website and suddenly your computer has a million popups. Unfortunately this is just as prevalent in the Minecraft hosting space, with many plugins providing unintended side effects. It can be tough to tell which plugins are dangerous and which ones just suck. When scammers steal information or try to gain access to your server files, it never hurts to be too careful. Today we will cover how to spot malicious plugins and what steps you can take to prevent them from becoming an issue.

How to Spot Malicious Plugins

Scam plugins can be found all over the internet, but they can be easy to spot if you know what to look for. Here are the most common signs that a plugin might be a scam:


Browsing for plugins isn’t too different from shopping on Amazon. The best way to find out if a product is worth getting, is to check the reviews. If a plugin has particularly low ratings there is a good chance that it doesn’t work or might be harmful to your server. If it shares a name with something very popular like EssentialsX or WorldEdit, but there isn’t a single review or comment on the page, it would be better to skip over it for something else.


Every plugin developer's favorite comment.

People, like my ex, love to talk. This is particularly true on the internet. If a plugin doesn’t work or if it is a scam, someone is going to say something about it. Check through the comments on a plugin’s page to see what other users have to say about it. If you see a bunch of comments stating that the plugin is malicious, it is a good idea to be suspicious of it. If you see the very common “can you please update to ” then the plugin is likely safe but is just waiting for an update.


The best developers end up with a large following.

Almost every reputable website will give each plugin developer their own profile page that can be viewed by the public. Some of these plugin authors will only have one plugin while others, like InventiveTalent, will have hundreds. A telltale sign that the developer is actually a scammer is to check how many plugins they have uploaded, when they were uploaded, and how many reviews the plugins have.

If you see a developer that has uploaded several plugins within a very short time period and none of them have been reviewed, there is a good chance the files are actually malicious. Simple plugins are easy to create, but making even a large number of them can take a lot of time. Dropping a dozen within a day or two means the plugins are either very poor quality, or they are just malware waiting to be downloaded.


Checking a website’s history is a good way to find out whether or not it is reputable. The safest and most popular websites for downloading plugins are owned by larger companies such as Amazon and Meta. These sites also tend to focus specifically on plugins or gaming mods. If you come across a site for plugins that is also trying to sell you a Disney+ subscription we recommend avoiding it and scratching your Clone Wars itch elsewhere.

Where to Get Safe Plugins

These sites have been around since mods and plugins first appeared on the scene. They all have built-in safety measures to prevent viruses and fake files from being uploaded. They also have dedicated moderators and admins that work very hard to remove fraudulent content and protect their users from Nigerian princes and hot singles in your area.


One of the most popular plugin websites ever made

The most popular library of plugins on the internet, the official SpigotMC website was created by the developers of Spigot and is currently owned by Meta. Whether you like Meta or not, this website is the best place to find plugins for your server. It is regularly updated to improve security and the staff places a heavy focus on helping the community with all of their plugin related concerns.

Bukkit.org and CurseForge

The Overwolf family of websites are a great place to find plugins

Before the rise of SpigotMC, the Bukkit website was the best place to find plugins. Many plugins such as WorldEdit are still found exclusively on the Bukkit website. Bukkit and CurseForge are part of the Overwolf family of websites which is owned by Amazon. The sites have a very large community and dedicated teams of administrators to maintain the safety of their users.

What to do if You Find a Malicious Plugin

Reporting the Plugin to the Website

If you happen to find a malicious plugin, the best thing you can do is report it to the website you got it from. The Spigot, Bukkit, and CurseForge websites all have methods to report files that may be harmful to your server or pc. Once the report is made the staff find a nice room to interrogate and/or review the file before deciding whether or not to remove it entirely from the site.

How to report a bad plugin.

Contacting Your Host

The best options to get in touch with your host

Our insomniac developers and hyperactive support staff actively search for scam plugins to protect our clients. If you find a malicious plugin, contacting us to let us know will help us prevent other users from accidentally installing them. Once the Apex team is alerted to a malicious plugin, we review the plugin files then remove it from the list on our panel to keep anyone else from trying to use it.


Downloading a plugin can be just as risky as downloading any other file off the internet, but it is possible to protect your PC and your players from any harmful agents. Follow the tips above and use common sense to protect your information and your server from griefers and scammers. If you aren’t sure about a plugin or need help undoing the damage one has done, you are always welcome to contact us through LiveChat, tickets, Discord, crystal ball, or bat signal for help.

Start Your Minecraft Server

Get started with your own minecraft server in 5 min and start trying out these great features.