8 April 2026

How to Set a Whitelist & Password on Your Hytale Server

This guide covers two ways to restrict access to your Hytale server: whitelisting specific players and setting a server password. You can use either, or both together for maximum security.

Important: Manual edits to config.json, whitelist.json, permissions.json, or bans.json while the server is running may be silently overwritten on shutdown. Stop the server first, edit, then start it again.

Whitelist vs password: which to use?

Method Best for How it works
Whitelist Private servers, known player groups Only approved players can join
Password Semi-private servers, communities Anyone with the password can join
Both Maximum security Players must be whitelisted and know the password

Whitelisting is the more robust of the two — a leaked password lets anyone join, whereas a leaked whitelist entry just tells you who to remove. If the server is just for you and a few friends, a whitelist is almost always the right answer.

LOW.MS customers (hosted servers)

Set a server password (panel)

  1. Stop the server.
  2. In your panel, open Configuration Files and edit config.json, or use the Server Password field in Service Settings if it's exposed.
  3. Set the password value, save, then start the server.

Enable and manage the whitelist (console)

  1. Open Web Console in your panel.
  2. Enable the whitelist. Depending on your server build you may need whitelist on or whitelist enable — run /help in the console if you're not sure which your build accepts.
  3. Add players:
whitelist add <username>

If you'd rather edit whitelist.json directly, open Configuration Files and edit the file while the server is stopped. Start it again afterwards.

Self-hosted (Windows + Linux + macOS)

Prerequisites

  • Java 25 installed.
  • Hytale server files — either copied from your launcher install or downloaded via the official Hytale Downloader CLI.

Where the server files are

If you copied from your launcher install, the official server manual lists these locations:

  • Windows: %appdata%\Hytale\install\release\package\game\latest
  • Linux: $XDG_DATA_HOME/Hytale/install/release/package/game/latest
  • macOS: ~/Library/Application Support/Hytale/install/release/package/game/latest

Copy the Server folder and Assets.zip into whatever folder you want to run your server from.

Starting the server (example)

From inside your server folder:

java -jar HytaleServer.jar --assets Assets.zip

Set a server password (self-hosted)

Hytale stores core server settings in config.json in the server root, including the password field.

  1. Stop your server.
  2. Open config.json in your server directory.
  3. Set the password field to the value you want. The exact key name and casing can drift between Early Access builds, so check what your file already contains and edit whatever's there rather than adding a new field. A typical shape looks something like:
{
  "Password": "your-secure-password"
}

If your file uses a different key, follow it — the server will only read the shape it's built to expect.

  1. Save the file and start the server.

To remove the password: set the value to an empty string and restart.

Enable and manage the whitelist (self-hosted)

You can manage the whitelist from the server console (the recommended approach).

Enable / disable

Which syntax the server accepts has shifted between Early Access builds, so rather than guess, run /help in the console and look for the whitelist command on your version. You're likely to see one of:

whitelist on
whitelist enable

Either will disable with the opposite (off / disable).

Add / remove players

whitelist add <username>
whitelist remove <username>

Checking the current state

whitelist list

Editing whitelist.json directly (optional)

The official server manual lists whitelist.json in the server folder alongside config.json, permissions.json, and bans.json.

If you edit it manually:

  • Stop the server first.
  • Keep the JSON valid (commas and brackets matter).
  • Expect the server to overwrite the file based on in-game or console changes once it's running, so edits made while the server is live can disappear.

Troubleshooting

Password doesn't work

  • Make sure you edited config.json (not some other file) and used whichever password field your build expects.
  • Restart the server after changes — the password is read on startup.
  • Try a simple ASCII password temporarily to rule out weird characters or whitespace.

Whitelist commands don't work

  • Run /help in the console to confirm the exact command name and syntax for your build.
  • Confirm you're running commands in the server console (or in-game as an operator/admin).
  • If you edited whitelist.json manually, restart the server and re-check the file for JSON syntax errors.

My manual file edits keep reverting

That's expected if you edit while the server is running — config files are read on startup and may be written back when in-game actions occur. Always stop the server before editing.

K

Written by

Kurkin

LOW.MS Team

Find a mistake or want to contribute? Contact us
Join our Discord to chat with our staff and community!
Join Discord