GuidesSupportGame PanelGet a Server
Minecraft

How to Set Up BungeeGuard on Your Minecraft BungeeCord Network

Install BungeeGuard on your BungeeCord proxy and backend Minecraft Java servers to prevent unauthorized direct backend connections and UUID spoofing.

BungeeGuard prevents players from bypassing your BungeeCord proxy and connecting directly to your backend servers. Without it, anyone who discovers a backend's IP can connect with online-mode=false and impersonate any player — including admins.

Why BungeeGuard Is Essential

BungeeCord requires backends to run with online-mode=false so the proxy can handle authentication. The trade-off is that backends will accept any username from any client. BungeeGuard adds a shared secret token that backends verify on every connection — only connections coming through the proxy carry the token, so direct connections are rejected.

Install BungeeGuard

Download BungeeGuard

Get the latest from BungeeGuard on GitHub.

Install on the proxy

In the XGamingServer Panel, click Files on your BungeeCord proxy. Upload BungeeGuard.jar to plugins/.

Install on every backend

Upload the same BungeeGuard.jar to plugins/ on every backend server in your network.

Restart the proxy

Restart your BungeeCord proxy from Console. This generates the secret token in plugins/BungeeGuard/config.yml on the proxy.

Copy the secret token

On the proxy, open plugins/BungeeGuard/config.yml in Files:

token: "your-generated-secret-token-here"

Copy this token.

Configure each backend

On each backend, edit plugins/BungeeGuard/config.yml and paste the token under allowed-tokens:

allowed-tokens:
  - "your-generated-secret-token-here"

Restart all backends

Restart each backend server. Players who try to connect directly (not through the proxy) will be kicked.

Verify It Works

Try connecting directly to a backend server's IP and port. You should see:

BungeeGuard - No valid token was provided!

If you can still connect directly, check that:

  • The token matches exactly between the proxy and every backend
  • BungeeGuard is installed on all servers (proxy + every backend)
  • All servers were restarted after configuration

Why This Matters

Without BungeeGuard, your network is vulnerable to UUID spoofing — a player connecting directly can claim to be anyone, including OPs and admins. This is a critical security plugin for any BungeeCord setup.

Alternative: Velocity Modern Forwarding

Velocity has built-in modern forwarding security with a shared secret — no separate plugin needed. If you're starting a new network, consider Velocity instead of BungeeCord + BungeeGuard.

How is this guide?

40% Off — Limited TimeGet your Minecraft server todayInstant setup, DDoS protection, and 24/7 support included.
Get a Server

How to Install Biomes O' Plenty on Your Minecraft Server

Learn how to install and configure Biomes O' Plenty for 50+ new biomes in your world.

How to Install and Configure ClearLagg on Your Minecraft Server

Install ClearLagg to auto-clear ground items and entities on your Minecraft Java server, reducing entity lag and improving TPS.

On this page

Why BungeeGuard Is Essential
Install BungeeGuard
Download BungeeGuard
Install on the proxy
Install on every backend
Restart the proxy
Copy the secret token
Configure each backend
Restart all backends
Verify It Works
Why This Matters
Alternative: Velocity Modern Forwarding
Related Guides