This is indeed half true.
If exploiter knows, there’s a part, which checks for noclip from the server side, the exploiter can easily not replicate their actual transform and just move through it, and then turn it back on after they exit such checking part.
Important to mention, that if exploiter wont replicate transform data, for other players, it will look like standing on one point.
There is never 100% protection against exploiters.
On the client side, it will still run because it is server sided.
It’s not a good solution, exploiters can remove remote events so they won’t fire, or make them stop firing at all.
Remote event? 
I use none I dont even have a local script everything is done on the server
If I gave them a remote to mess with I’m sure they would try.
Well, this isnt a Remote Protected this is an Anti Cheat
As the suggestions said, instead of kicking with No-Clip and Speed I teleport them back!
This is false.
In terms of skill based cheats such as aimbot and skill based cheats, yes these can always get bypassed since they rely on software installed on yoru machine that makes sure you dont edit memory or your aiming does not looks weird
In terms of stuff like movement that is false, Server authoritative movement exists and its a model that patches movement cheats as it calculates the physics on the server. (No it doesnt delays as it uses a client simulation thats synched to the server to make movement feel responsive without having to wait back for the server’s result)
Its actually already made on roblox, check out chickynoid
Yep but that is a character replacement while this is an Anti Cheat
Because the concept of an anti cheat is not needed, why would you want to install a software that makes sure someone is not giving himself cash, instead of programming the code to make it so they cant give themselve’s cash, the same argument goes to everything
Simple as that
Anti cheats are not needed, final point.
Well, its not about giving money to yourself (which I dont know why you thought I added in the anti cheat because it absolutely serves 0 purpose) its about detecting exploits like fly, noclip speed and more to then punish the exploiter. Of course this will be temporary as they can hop on a new account but you can still remove all their progress.
to be fair you can collect a significant amount of data from their client such as: screen size, graphics level, mouse sensitivity etc and with that compare it to anyone who joins on a new account
You just don’t fire the remote event. The exploiter will just come back the next time after they are banned and not fire it again.
Yep, and all that can be spoofed by just giving false info!
How can they come back when I have them listed in ban data now and will remove them on login.
Bring in a new player name I’ll ban that one too if the same thing is done.
They would make a new account.
And that one would, if they tried the hack again, get banned also.
Well they could bypass the ban somehow 
Also this can be easily bypassed by not firing the remote
I’m not saying this is perfect. Really haven’t looked too deep into this yet. Nor do I really care to. It is interesting but without the permission level not going to get too far white hating anything. We are not the programmers that can fix this totally with no real access to program continuity.