This guide covers two methods to restrict access to your Hytale server: whitelisting specific players and setting a server password. You can use either method, or both together for maximum security.
Important: Manual edits while the server is running may be overwritten.
Whitelist vs password: which to use?
| Method | Best for | How it works |
|---|---|---|
| Whitelist | Private servers, known player groups | Only approved players can join |
| Password | Semi-private servers, communities | Anyone with the password can join |
| Both | Maximum security | Players must be whitelisted and know the password |
LOW.MS customers (hosted servers)
Set a server password (panel)
- Stop the server.
- In your panel, find either:
- Server Password field in the config editor
- the
config.jsonfile in the file manager.
- Set the password, save, then start the server.
Enable and manage the whitelist (console)
- Open the server console in your panel.
- Enable whitelist (one of these works depending on server build/host tooling):
whitelist on
or
whitelist enable
- Add players:
whitelist add <username>
If your panel exposes whitelist.json, you can also view/edit it while the server is stopped.
Self-hosted (Windows + Linux)
Prerequisites
- Java 25 installed.
- Hytale server files (either copied from your launcher install or downloaded via the official Hytale Downloader CLI).
Where the server files are
If you copied from your launcher install, the official server manual lists these locations:
- Windows:
%appdata%\Hytale\install\release\package\game\latest - Linux:
$XDG_DATA_HOME/Hytale/install/release/package/game/latest - macOS:
~/Application Support/Hytale/install/release/package/game/latest
Copy the Server folder and Assets.zip to the folder you want to run your server from.
Starting the server (example)
From inside your server folder:
java -jar HytaleServer.jar --assets PathToAssets.zip
Set a server password (self-hosted)
Hytale uses config.json for core server settings, including the password.
- Stop your server.
- Open
config.jsonin your server directory. - Set
Passwordto the value you want:
{
"Password": "your-secure-password"
}
- Save the file and start the server.
To remove the password: set "Password": "" (empty string) and restart.
Enable and manage the whitelist (self-hosted)
You can manage the whitelist from the server console (recommended).
Enable / disable
Depending on the server build and host tooling, you may see either syntax:
whitelist on
or
whitelist enable
To disable:
whitelist off
or
whitelist disable
Add / remove players
whitelist add <username>
whitelist remove <username>
Useful commands
whitelist list
whitelist status
whitelist clear
Editing whitelist.json directly (optional)
The official server manual lists whitelist.json in the server folder alongside config.json.
If you edit it manually:
- Stop the server first.
- Keep the JSON valid (commas/brackets matter).
- Expect the server to overwrite these files based on in-game/console changes once running.
Troubleshooting
Password doesn’t work
- Make sure you edited
config.json(notserver.json) and used thePasswordfield name. - Restart the server after changes.
- Try a simple password temporarily to rule out weird characters/whitespace.
Whitelist commands don’t work
- Try both syntaxes:
whitelist on/offandwhitelist enable/disable. - Confirm you’re running commands in the server console (or in-game as an admin/operator).
- If you edited
whitelist.jsonmanually, restart the server and re-check the file for JSON errors.
My manual file edits keep reverting
That’s expected if you edit while the server is running — config files are read on startup and may be written back when in-game actions occur.