.htpasswd Generator

Secure Password Hashes for Apache/Nginx

Output Entry

admin:$2y$10$...

Paste this line into your server's .htpasswd file to enable Basic Auth.

What is an .htpasswd Generator?

An .htpasswd Generator is a tool used by system administrators and developers to create secure password entries for Basic Authentication on Apache and Nginx web servers. It takes a username and password, encrypts the password using a secure hashing algorithm (like Bcrypt), and formats it into a single line that can be pasted directly into a .htpasswd file.

Key Features

  • Secure Bcrypt Hashing: Uses the industry-standard `$2y$` algorithm for maximum security against brute-force attacks.
  • Legacy Support: Includes MD5 (`$apr1$`) support for older Apache servers.
  • Client-Side Privacy: All hashing happens in your browser. Your passwords are never sent to our servers.
  • Instant Formatting: Generates the exact user:hash syntax needed for server configuration.

How to Password Protect a Folder (Apache)

  1. Generate Entry: Enter your username and password above, then copy the result.
  2. Create File: Create a file named .htpasswd on your server (preferably outside your public web root).
  3. Paste Content: Paste the generated line into the file.
  4. Update .htaccess: Add the following code to the .htaccess file of the folder you want to protect:
AuthType Basic
AuthName "Restricted Area"
AuthUserFile /path/to/.htpasswd
Require valid-user

Frequently Asked Questions

Bcrypt vs MD5: Which should I choose?

Always choose Bcrypt for modern servers. It is much slower to compute, which makes it extremely resistant to offline dictionary attacks. Only use MD5 if you are running a very old version of Apache that does not support Bcrypt.

Is this tool safe?

Yes. This tool runs 100% in your browser using JavaScript libraries. We do not transmit or store your passwords.

Related Security Tools