Enhancing Discord Security with Cold Admin Accounts: A Step-by-Step Guide

Discord has become a hub for communities, but like any online platform, it can be vulnerable to security threats. To safeguard your server and protect sensitive information, it's good practice to set up a Cold Admin Account. This Account is crucial for server owners and administrators, as it provides an extra layer of defense against phishing attempts and unauthorized access. In this comprehensive guide, we'll explain what a Cold Admin is, how to set one up and how you can use one. 

What is a Cold Admin Discord Account?

A Cold Admin Discord Account is a server owner Account that is stored on a separate ‘cold’ device, and that never engages in conversations, direct messaging or link clicking. This Account will be highly resistant to any type of  phishing attacks greatly increasing your Discord servers security.

Whilst it’s good practice for all Discord admins to have a Cold Admin Account in addition to two-factor authentication (2FA), it’s critical for any server owner.

How to create a Cold Admin Account

Setting up a Cold Admin Account involves several steps to ensure maximum security. Here's a comprehensive guide on how to create and maintain one:

1. Identify Trusted Team Members: Start by determining who will be the Server Owner and any additional administrators who require elevated permissions. Keep in mind that while Admins have most privileges such as viewing all channels and adding and removing roles from regular users, only Server Owners can remove Admins, which means Server Owners are extra vulnerable to attacks.

2. Procure Old or Unused Devices: Each selected team member needs to find an old or new smartphone or laptop. If the device has been used before, they should be fully wiped clean and factory reset to ensure there is no malware. If you’re securing a large community or a very high-value one, it’s worth buying new devices for increased peace of mind. 

3. Create a New email Account: On the clean device, create a new email Account. Avoid using a VPN during this process. Make sure to note down the username and password on a piece of paper (not on a device) for future reference.

4. Create a New Discord Account: Use the new email Account to create a brand new Discord Account. Write down the Discord username, password, and birthdate on the same piece of paper and store it somewhere safe offline (p.s, it might be worth creating a duplicate and leaving it in another secure location in case the first gets lots of damage).

5. Modify User Settings: In the Discord User Settings, make the following adjustments:

a. Set a unique Profile Picture and About Me description in "Profiles."

b. Turn off direct messages from server members in "Privacy & Safety."

c. Turn off all toggles under "Friend Requests."

d. Add mobile app-based Two-Factor Authentication (Authy, Google Auth) under "My Account." Do not share the QR code that pops up. Optionally, write down some backup codes on paper. Ensure SMS backup authentication is turned OFF.

e. If setting up the cold Server Owner Account, link and verify a phone number that is not used for any other Discord Account.

6. Prove You're Not a Bot: This step is crucial in preventing your Account from being terminated. Make a new empty Discord server, post a couple of messages in it, and join a couple of public servers from the server browser in the sidebar. Send some messages in those servers. Log in and out of the cold Discord Account over the next couple of days to give it some life and 'normal' activity before joining the actual project's server and receiving any permissions.

How to use your new Cold Admin Account

Now that you've set up your Cold Admin Account, it's time to understand how to use it effectively to enhance the security of your Discord server.

Managing Bots and Server Settings: Use your Cold Admin Account to add bots, access bot dashboards, or modify server settings. By doing so, you reduce the chances of unauthorized changes to your server's configuration.

Dealing with Compromises: In the unfortunate event of a server compromise or attack, your Cold Admin Account will be your first line of defense. By logging into this Account, you can neutralize the threat and prevent further damage.


By following these steps and maintaining your Cold Admin Account, you can significantly improve the security of your Discord server. Remember that security is an ongoing process, so periodically review and update your Account settings and practices to stay ahead of potential threats.

In a digital age where cyber threats are ever-evolving, taking proactive steps to secure your online community is paramount. Utilizing a Cold Admin Account is a critical component of this effort, offering an extra layer of defense that can make a substantial difference in maintaining the safety and integrity of your Discord server. Don't wait until an incident occurs – take action today to protect your community and its members.

(This Cold Admin Account process was originally documented by a Discord security expert https://twitter.com/Jon_HQ)


Are you running a community-driven company? Mava’s AI-enabled customer support platform enables you to support your community across all your favorite community channels. Learn more