Simple authentication for protecting development sites, restricting access to internal pages, securing admin panels, or password-protecting parts of a website without needing a database. It's less suitable for user-facing applications since there's no signup, no password recovery, and managing many users gets unwieldy fast.

Which hash algorithm should I choose?

Modern: bcrypt (very secure, slow). Legacy: MD5 (Apache md5-based, faster than bcrypt). Avoid: plain crypt() and SHA-1 (legacy, not very secure). For new applications, use bcrypt; for compatibility with old systems, MD5 might be needed. The generator typically offers multiple algorithms.

How do I use the generated hash?

Save the output to a .htpasswd file (typically located outside web root for security). In Apache config or .htaccess, reference it with: AuthUserFile /path/to/.htpasswd, AuthName 'Restricted', AuthType Basic, Require valid-user. Restart Apache or reload .htaccess to apply.

Depends on hash algorithm and password strength. With bcrypt and strong passwords: yes. With MD5 and weak passwords: vulnerable to brute-force. Always: use HTTPS (Basic Auth sends credentials base64-encoded, decodable; without TLS, anyone on network sees credentials).

Can I add multiple users?

Yes. .htpasswd is just a text file with one username:hash per line. Use the generator multiple times to create entries for each user, then concatenate them in the file. Or use Apache's htpasswd command-line tool to manage multiple users in a file directly.

Nginx supports htpasswd files identically to Apache. Configuration in nginx.conf: auth_basic 'Restricted'; auth_basic_user_file /path/to/.htpasswd; The same .htpasswd files work for both servers.

Is the password sent anywhere?

No. The hashing happens entirely in your browser. Your password is hashed locally and the htpasswd entry is generated client-side. Useful for setting up new htpasswd files without exposing passwords to a remote service.

htpasswd Generator

Generate htpasswd entries for Apache password protection online. Free htpasswd generator with bcrypt, MD5, and SHA1 hash options.

Generators Developer Tools

Instant results

Username

Password

Hash Algorithm

Bcrypt Cost Factor: 10

Higher = more secure but slower. 10 is standard.

About htpasswd Generator

Generate Apache htpasswd entries for HTTP Basic Authentication. Bcrypt is the recommended algorithm for security. Add the generated line to your .htpasswd file.

Usage

1. Generate a htpasswd entry above

2. Save to a .htpasswd file on your server

3. Add to your Apache config or .htaccess:

AuthType Basic
AuthName "Restricted Area"
AuthUserFile /path/to/.htpasswd
Require valid-user

How to Use htpasswd Generator

Enter username and password

Input the desired username and password for HTTP Basic Auth access.

Choose hash algorithm

Select bcrypt (most secure, slowest) or MD5 (Apache, faster, less secure). Use bcrypt for new applications.

Copy the htpasswd line

Get a complete 'username:hash' line ready to paste into your .htpasswd file.

Configure your web server

Save the file (outside web root!), reference it from Apache .htaccess or Nginx config. Combined with HTTPS, provides secure basic authentication.

When to Use htpasswd Generator

Protecting development sites

When deploying staging or development sites, use Basic HTTP Auth via .htpasswd to limit access. Quick to set up, works without database. Combined with HTTPS, provides reasonable protection for non-public environments. Far simpler than building custom authentication.

Securing internal admin panels

Small internal tools, API documentation, monitoring dashboards often need authentication. Basic Auth with .htpasswd is sufficient for internal team access. Combined with VPN or IP whitelisting, provides defense in depth without complex auth infrastructure.

Restricting access to specific files/directories

Apache .htaccess or Nginx config can require auth for specific paths: /admin, /staging, /api. Place .htpasswd file outside web root, configure server to require valid credentials. Granular access control without application-level code.

Quick one-off password protection

Sometimes you need to share a file or page with a specific person/group temporarily. Generate htpasswd, configure server, share credentials securely. Faster than setting up full user authentication for short-term needs.

htpasswd Generator Examples

Bcrypt-based htpasswd line

Input

User: admin\nPassword: secret123\nAlgorithm: bcrypt

Output

admin:$2b$12$N9qo8uLOickgx2ZMRZoMyeIjZAgcfl7p92ldGxad68LJZdL17lhWy

Standard htpasswd line format: username:hash. Save to .htpasswd file. Apache and Nginx both support this format for Basic Auth.

MD5 (Apache APR1)

Input

User: admin\nPassword: secret123\nAlgorithm: md5

Output

admin:$apr1$saltsalt$hashhashhashhashhashhash

Apache MD5-based hash. Less secure than bcrypt but faster. Use for compatibility with older Apache configurations or when bcrypt isn't available. Format includes $apr1$ prefix and 8-char salt.

Multiple users

Input

Two users: admin & viewer

Output

admin:$2b$12$...hash1...\nviewer:$2b$12$...hash2...

Multiple lines for multiple users in same file. Generate each separately, concatenate. Apache/Nginx authenticate against any matching username:hash combination in the file.

Tips & Best Practices for htpasswd Generator

1.Always use HTTPS with Basic Auth. Without HTTPS, credentials are sent base64-encoded (decodable) in every request. HTTPS encrypts the entire connection.
2.Place .htpasswd OUTSIDE web root. If accessible via HTTP, anyone can download and crack the hashes. /etc/apache2/.htpasswd or similar protected location.
3.Use bcrypt for new htpasswd files. MD5 is faster but less secure. SHA-1 is even less secure. Always prefer bcrypt unless legacy compatibility requires alternatives.
4.Strong passwords matter even with bcrypt. Weak passwords (password123) crack in seconds regardless of hash algorithm. Encourage 16+ char random passwords from your password manager.
5.Don't use htpasswd for user-facing apps with many users. No password recovery, no signup, hard to manage. Use proper authentication framework (OAuth, JWT, dedicated auth service).
6.Combine with IP whitelisting for extra security: allow only specific IPs AND require authentication. Two-factor in concept — knowledge (password) plus location (IP).

Frequently Asked Questions

htpasswd is a file format used by Apache HTTP Server for storing username/password pairs for Basic HTTP Authentication. Each line contains 'username:hashed_password'. The hashed password can use various algorithms (MD5, SHA-1, bcrypt). Used to protect directories or websites with simple authentication.

htpasswd Generator

About htpasswd Generator

Usage

How to Use htpasswd Generator

Enter username and password

Choose hash algorithm

Copy the htpasswd line

Configure your web server

When to Use htpasswd Generator

Protecting development sites

Securing internal admin panels

Restricting access to specific files/directories

Quick one-off password protection

htpasswd Generator Examples

Bcrypt-based htpasswd line

MD5 (Apache APR1)

Multiple users

Tips & Best Practices for htpasswd Generator

Frequently Asked Questions

Related Tools

Password Generator

UUID Generator

Random String Generator

Fake Data Generator

Cron Expression Generator

Chmod Calculator