Skip to main content
← All Guides
Permissions · 5 min read

How to Hide Commands from Players on a Minecraft Server

Learn how to hide commands from players on a Minecraft server using Paper's command-block settings, plugin permissions, command whitelist plugins, and tab-complete restrictions.

By default, Minecraft exposes a long list of commands to every player through tab completion. Players can see /op, /stop, /ban, and dozens of plugin commands they have no permission to use. While they cannot execute privileged commands without permission, the visibility is messy, confusing, and makes your server look unpolished. This guide explains how to hide commands on a Minecraft server using multiple approaches that work together.

Why hiding commands matters

  • Security through obscurity (partially), knowing the exact command names gives would-be exploiters a head start. Hiding them raises the bar slightly.
  • Cleaner tab completion, players should only see commands they can actually use. A tab list of 200 commands is overwhelming.
  • Professional appearance, polished servers do not leak their internal tooling to regular players.

Method 1, Paper's built-in command hiding

Paper 1.21+ includes a setting that automatically hides commands a player does not have permission for. In config/paper-global.yml:

commands:
  suggest-player-names-when-null-tab-completions: true
  fix-target-selector-tag-completion: true

And in spigot.yml:

commands:
  tab-complete: 0

Setting tab-complete to 0 means a player must type at least 0 characters before seeing completions, effectively, Paper filters completions based on permissions. If the player does not have the permission for a command, it does not appear in tab.

This is the simplest way to hide commands on a Minecraft server and handles the majority of cases. However, it relies on plugins correctly registering their permission nodes, some poorly coded plugins register commands without permissions, which means they still show up.

Method 2, Plugin-level permission configuration

Most well-maintained plugins only show their commands to players who have the relevant permission. If a command still appears when it should not, check the plugin's plugin.yml or documentation for a permission node that controls visibility.

In LuckPerms, you can negate command permissions explicitly:

/lp group default permission set bukkit.command.stop false
/lp group default permission set bukkit.command.op false
/lp group default permission set bukkit.command.plugins false

Common commands to hide from regular players:

  • bukkit.command.plugins, hides /plugins (also /pl)
  • bukkit.command.version, hides /version (also /ver, /about)
  • bukkit.command.help, hides /help (or restricts it to show only relevant commands)
  • bukkit.command.tps, hides /tps
  • bukkit.command.timings, hides /timings
  • minecraft.command.op, hides /op and /deop

Method 3, Blocking unknown commands

When a player types a command they do not have access to, Minecraft shows "Unknown command." But by default it may also show the command suggestion. In spigot.yml:

messages:
  unknown-command: "&cUnknown command."

This gives a clean, generic error message instead of leaking command names. You can also handle this in EssentialsX's config.yml:

unknown-command-message: "&cUnknown command. Type /help for available commands."

Method 4, Command whitelist plugins

For maximum control, use a plugin like CommandWhitelist or BlockCommands. These let you define an explicit list of commands each group can see and execute. Everything else is hidden and blocked.

Configuration example (CommandWhitelist):

default:
 , /spawn
 , /home
 , /sethome
 , /tpa
 , /msg
 , /r
 , /help
 , /rules

Players in the "default" group can only see and use these commands. Everything else returns the unknown-command message. This is the most aggressive approach to hide commands on a Minecraft server, but it requires maintaining the whitelist whenever you add new features.

Method 5, Alias commands to hide the originals

If you want to rename or redirect commands, use the commands.yml file in your server root:

aliases:
  rules:
   , "essentials:rules"
  server-info:
   , "essentials:info"

This creates aliases that players use while the original command names stay hidden. Combined with permission-based hiding, the original commands become invisible.

Hiding the /plugins command specifically

The /plugins command is the most commonly targeted because it reveals every plugin on your server. Beyond negating bukkit.command.plugins, some servers add an extra layer by registering a custom /plugins command that returns a fake or empty response. However, the permission approach is sufficient for most setups.

Testing your setup

  1. Create a test account or use an alt with no permissions.
  2. Join the server and press Tab in the chat window. Only commands the player has permission for should appear.
  3. Try typing /pl, /ver, /op, /stop. Each should return the unknown-command message.
  4. Try a valid command like /spawn. It should work normally.

Combining Paper's built-in filtering with explicit permission negation in LuckPerms covers 95% of cases. Add a command whitelist plugin only if you need absolute control over which commands are visible. For setting up the permission groups referenced in this guide, see How to Set Up Permissions.

Need reliable hosting for your build server? Astroworld Hosting runs NVMe SSDs with full Pterodactyl panel access and 24/7 support. See features , plans from €6.39/mo.

Related Tools & Resources

🔧

Minecraft Tools

Calculators, generators & server tools

🧱

Item Database

Browse all Minecraft items, stats & recipes

⚒️

Crafting Recipes

Visual crafting guides for every recipe