How to Fix MySQL Error 1524: Plugin Is Not Loaded

Pulse - Elasticsearch Operations Done Right

On this page

Impact Common Causes Troubleshooting and Resolution Steps Additional Information Frequently Asked Questions

ERROR 1524 (HY000): Plugin '<plugin_name>' is not loaded is raised when MySQL tries to authenticate a user whose account specifies an authentication plugin that is not currently installed or active on the server. The error symbol is ER_PLUGIN_IS_NOT_LOADED.

Impact

This error blocks the login attempt entirely — the connection is refused before the user reaches any database. Applications that rely on stored credentials for a specific user will fail to connect, typically surfacing as a generic connection-refused or authentication-failure error in ORMs and drivers. In Rails, Django, or Node.js apps, this commonly appears as an OperationalError or Access denied message that can be misleading, since the plugin issue is the real underlying cause.

The error is most commonly encountered after a MySQL upgrade (particularly upgrading to MySQL 8.0, which changed the default authentication plugin from mysql_native_password to caching_sha2_password), after restoring a mysqldump from a server with different plugins installed, or when a plugin is intentionally disabled and user accounts haven't been updated.

Common Causes

  1. Upgrading to MySQL 8.0 with legacy users: MySQL 8.0 introduced caching_sha2_password as the default plugin. Users created on older versions using mysql_native_password may break if the plugin is disabled, or conversely, new users may reference caching_sha2_password on a server where it has been disabled.

  2. Restoring a dump to a different server configuration: A mysqldump of the mysql.user table (or a full logical backup) carries the plugin column value. If the target server doesn't have that plugin loaded, any user referencing it will trigger error 1524 on login.

  3. Disabled or uninstalled plugin: A DBA may have explicitly uninstalled a plugin via UNINSTALL PLUGIN or removed it from plugin_dir, leaving user accounts that still reference it.

  4. auth_socket / unix_socket plugin not available: On some Linux distributions, the auth_socket (or unix_socket) plugin is used for system-account-based authentication. If the shared library is missing or the plugin wasn't compiled in, any user configured to use it will fail.

  5. Typo or corruption in the plugin column: Manually editing the mysql.user table with a wrong plugin name results in the same error on every login attempt for that user.

Troubleshooting and Resolution Steps

  1. Identify the plugin the affected user is configured to use:

    SELECT user, host, plugin FROM mysql.user WHERE user = 'your_username';

  2. Check which plugins are currently loaded on the server:

    SHOW PLUGINS;
-- or query for ACTIVE plugins only:
SELECT plugin_name, plugin_status FROM information_schema.plugins
WHERE plugin_type = 'AUTHENTICATION';

    If the plugin name from step 1 does not appear (or shows DISABLED), that is the root cause.

  3. Install the missing plugin (if the shared library is present in plugin_dir):

    INSTALL PLUGIN caching_sha2_password SONAME 'caching_sha2_password.so';
-- On Windows:
INSTALL PLUGIN caching_sha2_password SONAME 'caching_sha2_password.dll';

  4. Switch the user to a loaded plugin (preferred when you don't want to install the original plugin):

    -- Switch to caching_sha2_password (MySQL 8.0 default):
ALTER USER 'your_username'@'host'
  IDENTIFIED WITH caching_sha2_password BY 'new_password';

-- Or switch back to mysql_native_password for broader client compatibility:
ALTER USER 'your_username'@'host'
  IDENTIFIED WITH mysql_native_password BY 'new_password';

FLUSH PRIVILEGES;

  5. Re-enable the plugin in my.cnf if it was disabled via a configuration option like --skip-plugin or loose_plugin_...=OFF. Edit /etc/mysql/my.cnf (or /etc/my.cnf) and restart the server:

    [mysqld]
# Remove or comment out any line like:
# loose_authentication_policy = ...
# or explicit skip directives for the plugin

  6. After bulk restores, audit all users and reassign them to an available plugin:

    SELECT user, host, plugin FROM mysql.user
WHERE plugin NOT IN (
  SELECT plugin_name FROM information_schema.plugins
  WHERE plugin_type = 'AUTHENTICATION' AND plugin_status = 'ACTIVE'
);

    Then run ALTER USER for each affected account.

Additional Information

  • The SQLSTATE HY000 is a generic "general error" class — many unrelated MySQL errors also use it, so always check the error number (1524) to confirm this specific condition.
  • Related errors: ERROR 1045 (28000): Access denied can look similar from the application side but has a different cause (wrong password or missing grant). Error 1396 (ER_CANNOT_USER) may appear when trying to drop or alter a user that is in a broken plugin state.
  • In MySQL 8.0.27+, the authentication_policy system variable controls which plugins are permitted. If a plugin is excluded from this policy, users configured to use it will trigger 1524.
  • Some older MySQL client libraries (libmysqlclient < 8.0, or Connector/J < 8.0) do not support caching_sha2_password natively. Switching such users to mysql_native_password is a common workaround until clients are upgraded.
  • When using Docker images (e.g., mysql:8.0), passing --default-authentication-plugin=mysql_native_password as a startup argument changes the default for new users but does not retroactively fix existing accounts referencing a missing plugin.

Frequently Asked Questions

Why am I seeing this error right after upgrading MySQL from 5.7 to 8.0? MySQL 8.0 ships caching_sha2_password as the default authentication plugin and may have mysql_native_password disabled in hardened configurations. If your existing user accounts reference a plugin that has been disabled, or if a new account was created with the 8.0 default but your client doesn't support it, you'll see error 1524. Run SHOW PLUGINS to confirm plugin status, then use ALTER USER ... IDENTIFIED WITH ... to realign accounts with available plugins.

Can I fix this without restarting MySQL? Yes, in most cases. INSTALL PLUGIN and ALTER USER both take effect immediately without a server restart. A restart is only required if you need to enable a plugin via my.cnf that was disabled at startup.

What is the difference between error 1524 and error 1045? Error 1045 (Access denied) means the plugin loaded and ran but rejected the credentials (wrong password, or the host/user combination has no grant). Error 1524 means the plugin itself isn't available — MySQL cannot even attempt authentication. The fix for 1524 is always at the server or account-configuration level, not the password level.

How do I prevent this after restoring a backup to a new server? Before restoring user accounts from a dump, compare the plugin values in the dump against the plugins available on the target server (SELECT plugin_name FROM information_schema.plugins WHERE plugin_type='AUTHENTICATION'). Either load the required plugins on the target, or update the plugin column values in the dump file before importing.

How to Fix MySQL Error 1524: Plugin Is Not Loaded

Get AI-Powered Cluster Maintenance

Try it Free

Subscribe to the Pulse Newsletter

Get early access to new Pulse features, insightful blogs & exclusive events , webinars, and workshops.

We use cookies to provide an optimized user experience and understand our traffic. To learn more, read our use of cookies; otherwise, please choose 'Accept Cookies' to continue using our website.