Action Required: Workspace.RejectCharacterDeletions


Hi Developers,

We are excited to announce a new replication security feature for your experiences: Workspace.RejectCharacterDeletions. Enabling this feature will prevent client-side deletion of descendants in a player’s character from being replicated up to the server.

Opting Into Workspace.RejectCharacterDeletions

This solves an entire class of exploits related to the character, but has the potential to break existing scripts that rely on this behavior.

For this reason, we are releasing this as a “3-stage rollout” setting with the following options:

  • Disabled - Keep the current behavior
  • Enabled - Character deletions will no longer replicate from client to server
  • Default - Currently, this means the same as Disabled, but will switch to mean Enabled as we continue to roll this feature out

You should change this setting to Enabled as soon as possible and make any necessary script changes. This will prevent unexpected changes in behavior in the future when Default is changed.

Please let us know if you run into issues with this feature. We will actively work to make this feature compatible with as many experiences as possible.

Thank you.


This topic was automatically opened after 10 minutes.


This has been a huge security hole that almost nobody knew about. Excited for the default to change - so that nobody even has to know about it!


That’s not loud enough, I can’t hear you!


Seriously, give us a list of developers to praise for this feature, please. I need to know who to beg for more anticheat features thank profusely.


When a player doesn’t have a character, they can delete instances under their Player object such as PlayerGui. Will this change also cause instance deletions under the Player object to not replicate while the player doesn’t have a character?


Yes, this setting will also prevent that behavior.


Yay, I will no longer have to sanity check if a player has a Humanoid or not!

In contrast, it appears that in a similar update, physics for dead players was recently ‘patched’ (players are now forced to server network-ownership on-death) damaging any client-side code which attemps to move players on-death. While this is likely unrelated to this roll-out, it is still deeply damaging to my experience as unlike this update, there is no opt-out for the physics anti-cheat change.


Finally. I’ve been working around this in the past but now I won’t have to! I approve this update.


Are there any examples of scripts/use cases that would rely on this behavior?


Just wanted to say - I really appreciate you guys working on this and want to say thank you for putting the effort into working on these changes, especially with how much anti-cheat work I had to put into weird behaviours around character replication in Islands.

Glad this’ll be less of an issue in future with these changes. :grin:


We’ve seen some experiences which delete the LocalPlayer’s Head or Neck to force character death on the server. Instead, you’d want to use a RemoteEvent to accomplish this.


Insecure humanoid replications have been the bane of my existence for a while as a platformer dev. This is a very welcome change, I can remove all sorts of jank code now surrounding interactions with player avatars!




Thank you to all the developers who worked on this update! :clap:

1 Like

This update is an absolute god-send! Gone are the days that I manually have to check for instances being removed by the client in my anti-exploit! Removal of instances would cause an invisibility glitch with the custom character rig in my game, with the anti-exploit, it fixed this issue but now the anti-exploit measure isn’t needed! Great updates so far!

This is AWESOME, i saw it getting added in the docs a while back and i couldn’t wait for it to get released, thank you so much for this!!

My god, the updates recently have been on top.

Thank you to the entire engineering team @ Roblox, you all are amazing!

Looking forward to even more amazing updates from you all.

Thank goodness. This solves a long-running security issue across many of our games.


This patches out so many exploits, this is huge. Top tier update, Roblox.

(fyi this patches out god exploits)


:pray:WALLAHI I LOVE THIS CHANGE SO MUCH this is genuinely the best thing ever, thank you for gracing this earth with such divine information. I cant begin to explain how good this is. Thank you!!!


1 Like

How will this affect games that depend on this behavior but aren’t maintained anymore? Will this remain Disabled for legacy projects so they aren’t broken?