.htpasswd Generator

Create secure .htpasswd files to protect your web directories.

Tools
.htpasswd Generator
Add to Favorites Remove from Favorites Share on Facebook Share on X

Credentials & Options

Generate

Generated .htpasswd Line

Copy Download .htpasswd Clear

Supercharge Your Toolkit with the PHP Bundle

Save over 60% on a huge collection of website scripts for developers, freelancers, and businesses.

View The Bundle →

About the .htpasswd Generator

A .htpasswd file is used on Apache web servers to control access to specific directories on a website. It stores usernames and encrypted passwords. We built this tool to help you easily generate the correct, securely hashed lines for your .htpasswd file without needing command-line access to your server.

Our generator prioritizes security by defaulting to the Bcrypt algorithm, which is the current industry standard. For compatibility with older systems, we also provide an option for the legacy SHA-1 algorithm. The entire process runs in your browser, so your password is never sent over the internet, ensuring it remains private.

How to Use the Generator

  • Enter a Username and a strong Password in the input fields.
  • Select the Hashing Algorithm. We strongly recommend using Bcrypt unless your server requires a legacy format.
  • Click the "Generate" button.
  • The generated line will appear in the output box. You can then copy this line.
  • Create a file named .htpasswd on your server and paste the copied line into it. Each user should have their own line in this file.
  • You will also need to configure your .htaccess file to tell the server which directory to protect using this .htpasswd file.

Frequently Asked Questions

What is a .htpasswd file?

It is a flat file used by the Apache web server for basic authentication. It contains lines with usernames and their corresponding hashed (encrypted) passwords. When a user tries to access a protected directory, the server prompts them for a username and password, then checks their input against the values in this file.

Which hashing algorithm should I choose?

You should always choose Bcrypt. It is a modern, slow, and salted hashing algorithm designed specifically for passwords, making it very resistant to brute-force attacks. You should only use SHA-1 if you are on a very old server that does not support Bcrypt, and you should be aware that it is considered insecure by modern standards.

Where do I put the .htpasswd file on my server?

For security, you should place the .htpasswd file outside of your public web root directory (e.g., outside the `public_html` or `www` folder). This prevents anyone from being able to access it through a web browser. For example, if your website is in `/home/user/public_html`, a good place for your `.htpasswd` file would be `/home/user/passwords/.htpasswd`.

How do I use the .htpasswd file to protect a directory?

You also need a .htaccess file in the directory you want to protect. This file needs to contain instructions telling the server to require a password. A typical configuration looks like this:

AuthType Basic
AuthName "Restricted Area"
AuthUserFile /full/path/to/your/.htpasswd
Require valid-user

Is it safe to generate my password here?

Yes. This tool is 100% client-side, which means all the password hashing happens on your own computer, within your browser. Your password is never sent to our servers or anywhere else on the internet. Your information remains completely private and secure.

Tools