I'm getting closer to releasing my game, what exploits should I look out for?

So I’m fairly new to the Anti-Exploit verse side of Roblox. When I make games I usually just make them private. For this case it’s different, there’s a few things I need to know about exploiters since they are a very common thing on Roblox.

  1. What exploits are there?
  2. How can I fix the exploits?
  3. What should I look out for when I’m coding specific things? e.g tools, remotes

Make sure you don’t do important things on the client. Eg: Don’t award them points on the client because they could easily change the amount of points. You should be careful when using free models and make sure to look out for backdoors.

1 Like

Maybe you can hire some scripters who try to find different exploits. You can fix the exploits found. Another thing you can do is release the game in beta testing and try to find the glitches and exploits on social media.

I saw this video by The Dev King on how to prevent exploits in your game and to give some brief summary points this is what he said.

  • Check for new exploits on sites that give scripts and patch those scripts
  • Have scripts to detect if there is suspicious activity going on (ex: have a max earning limit for coins every 10 minutes to prevent people from just giving themselves a lot of money)
  • I recommend just watching the whole video - How to Prevent Exploits in Roblox Studio - YouTube

Also, some of my advice is to implement a vote kick system so if someone has hacks people in the server can kick them and if you want to have a discord server you can make a channel for reporting players who are hacking with proof.

That last part may not work as well, hope this helped.

Also, some of my advice is to implement a vote kick system

This can be misemployed tremendously.

In order to prevent something to be exploited, hey let’s just implement something that can be exploited. Lovely logic.

I’d see how it would work first and if it isn’t being used correctly then you can always take it out, phantom forces have a vote kick system and it’s fine. If you want it to be used fine you can make it so they can only initiate a vote kick once a week so that they value their one shot. You can make it into 2 weeks if you like but that is just my idea.

If you want it to be used fine you can make it so they can only initiate a vote kick once a week so that they value their one shot

This could circumvented with absolute ease.

I can just imagine a user insisting to other players that ‘X’ user is exploiting (in actual fact he/she is not) and to prompt a vote to eject ‘X’ user from the server, asserting themselves cannot as they’ve maxed out.

Think before you make these posts.

Usually, people don’t fall for stuff like that but if it poses such a challenge then you don’t have to add it. I’m just giving my advice along with some resources, if anyone doesn’t like my advice they don’t have to take it.


The best thing to do would be to run all the most important scripts on the server side with many checks if there is a remote event or function, also if you put an anti cheat remember to run as many checks as possible on the server side.

Unfortunately on the server side you will not be able to control many types of hacks, and you will need to use a local script.
However remember that all the codes present in the client can be seen by the cheaters, consequently a client-side anti-cheat could be bypassed, however it could allow to block “inexperienced” hackers.

Possibly kicks players from the server side, as the kick function can be blocked on the client.

Sorry for my English.

To secure your game as much as possible do the following:

  • When you can, try to avoid using local scripts or module scripts.
  • Avoid using remote events for important scripts as they can be abused
  • Avoid using free models but if you do use gameguard to remove backdoors and viruses

I don’t suggest making anti-exploits as most are a waste of time, but making a basic anti-exploit won’t hurt. If you do end up making any sort of anti-exploit make sure to secure it on the server.

1 Like


This is an important one. Sanity checks stop exploiters that aren’t doing movement exploits (which you can easily stop with server-sided anti-exploits). Say you have an equip remote event a sanity check would be checking to see if the player owns that item from the server, if they do, let them equip it, if they do not, don’t.