4 Essential Steps to Keep Your Discord Server Secure
Loft
0x4a10
February 26th, 2023

Photo by Franck on Unsplash.

So you’ve started an NFT project? While Discord isn’t specifically built for Web3 and NFTs, it has become the leading tool for Web3 community management.

While the first bot you might be tempted to install is Rumble, you should have a security plan in place, which includes some basic steps that protect your community from the most common types of attacks.

Good news is you don’t have to break the bank on a custom developer bot. You can deploy a few existing bots to make your server much more secure.

1️⃣ Start with a Cold Server Admin

Before you start building anything, you need a cold server admin. What does that mean? Much like you use cold wallets for your most valuable NFTs, you should have a cold server owner account that isn’t used for anything other than managing the highest level server permissions, or recovering from a hack.

This isn’t the account you should be using daily, or even using for most of your server setup and work. Instead, use it to delegate permissions to your cold admins, or rescue your server in the event of a hack.

In a perfect world, when setting up and using your Cold Admin, use a clean device that is only used for server management.

Role Hierarchy

When setting up your server, it’s easiest to think of the hierarchy of roles before getting to far into building. While it isn’t the most fun part of the process, it is necessary.

Here’s how I like to order my Discord roles:

  • Server Owner (Cold Login)

    • Discord Admins (Cold Login)

      • Security Bots Requiring Admin Permissions (Wick, Good Knight, Sledgehammer etc.)

        • Senior Moderators

          • Moderators

            • Holders

              • Verified Role

                • Other random bots

                  • Vanity Roles

2️⃣Install Server Verification Bot

First bot on your list should be a verification bot. These bots check that an account is a human and not a bot. Some sophisticated bots can figure out to work around these verification bots, but this is only your first line of defense.

There are several types of verification bots available, but there are some general rules you’ll want to follow:

Don’t Do This:

  • Don’t use a simple react role to protect your server. Using a bot like MEE6 (I love MEE6, but not for this) with a simple reaction to receive a role is too easy for bots.

  • Don’t use a bot that requires users to leave Discord. Too many scam bots do this and it can lead to people leaving your server.

Do This:

  • Find a bot that requires a selection of photos, or emojis or entering a captcha on your server to verify.

  • My favorite is Sledgehammer, but Pandez Guard Tools, Wick and plenty of others do this too.

3️⃣Install Good Knight

Good Knight does a lot, but the thing I like about it is that it required moderators to create a unique password and 2FA code (different from Discord credentials) that they must enter before before gaining certain permissions.

When a moderator requests permissions using the permission wizard, they receive a temporary role from Good Knight that allows them to complete the action that requires a particular moderator permission (like mentioning everyone in an announcement).

Good Knight also covers:

  • Anti-link protection requiring links to be whitelisted or they will be auto deleted.

  • Anti-webhook protection including a webhook manager.

  • Moderation commands allow you to remove Kick/Ban permissions from moderators who can then use Good Knight to take action. This helps protect server from getting nuked (though an anti-nuke bot is also recommended).

  • Server panic mode allows the server to be locked down by moderators until the server owner can regain control of the server.

It can be annoying sometimes, especially when a founders links are getting deleted, but it’s worth the extra step for security.

4️⃣Install Wick

There’s some overlap between Wick & Good Knight, but I find they both compliment each other well. Wick was one of the first Anti-Nuke Discord bots, and while Good Knight should help protect your server, I like the piece of mind of having Wick cover anything that might be missed.

Wick also covers:

  • Discord logging: This is an underrated feature. Wick allows you to create log channels and monitor changes in Discord. You can use it to monitor Member Kick/Prune/Ban or Adding/Modifying roles.

  • Anti Nuke: I already mentioned this, but this protects your server from having a hacked mod kick/ban members or roles lower in the hierarchy. Wick watches for unusual activity and will remove potentially hacked mods if there is unusual behavior.

  • Auto Mod features: can be used to help protect server from spam.

  • Verification/Join Raids: I use Sledgehammer for this, but Wick can handle as well.

Conclusion

While there are plenty of other bots out there, these 3 will go a long way in protecting your server from the most common scams.

Need help with your Discord sever? Feel free to DM me on Twitter @Loft_NFTs.

Subscribe to Loft
Receive the latest updates directly to your inbox.
Mint this entry as an NFT to add it to your collection.
Verification
This entry has been permanently stored onchain and signed by its creator.
Arweave Transaction
eV8xNv4Vez8C_b1…m9w7uzDDaxBN8pY
Author Address
0x4a10f023d745c87…D4D9f3216850BDb
Content Digest
qG4UvL9YCy2hboZ…dj6uQjTH8d088Rw
More from Loft
View All

Skeleton

Skeleton

Skeleton