Htpasswd Generator

Generate .htpasswd password entries for Apache web server basic authentication. Supports SHA-1 hashing via the Web Crypto API.

How to Use .htpasswd Files

  1. Save the generated line to a file named .htpasswd on your server (outside the web root for security).
  2. Create or edit an .htaccess file in the directory you want to protect.
  3. Add the following configuration: 
    AuthType Basic
AuthName "Restricted Area"
AuthUserFile /full/path/to/.htpasswd
Require valid-user
  4. To add multiple users, place each username:hash pair on a separate line in the .htpasswd file.

Note: For production environments, use bcrypt hashing via the command-line htpasswd tool. SHA-1 is suitable for basic setups but is not the strongest option available.

Ad

How to Use the Htpasswd Generator

  1. Enter a username -- This will be the login name for the protected area.
  2. Enter a password -- Choose a strong password. Use the show/hide toggle to verify.
  3. Select an algorithm -- SHA-1 is recommended for compatibility. Plaintext is for testing only.
  4. Generate -- Click the button to create the .htpasswd entry.
  5. Copy and deploy -- Copy the output and save it to your .htpasswd file on the server.

About .htpasswd Authentication

The .htpasswd file is used by the Apache HTTP Server for basic HTTP authentication. It stores username and password pairs, where passwords are hashed using algorithms like SHA-1, MD5 (apr1), or bcrypt. When a user accesses a protected directory, the browser prompts for credentials which are then verified against the .htpasswd file.

Basic authentication sends credentials encoded in Base64, which is not encrypted. Always use HTTPS alongside .htpasswd authentication to prevent credential interception. For maximum security, the .htpasswd file should be stored outside the web-accessible directory tree and use bcrypt hashing, which is available through the command-line htpasswd utility on most Linux servers.

Frequently Asked Questions

An .htpasswd file stores usernames and hashed passwords for Apache HTTP Server basic authentication. Each line contains a username:password pair where the password is hashed using an algorithm like SHA-1 or MD5.

SHA-1 is a reasonable choice for basic compatibility. For production servers, bcrypt (available via the command-line htpasswd tool) provides the strongest protection. Plaintext should never be used in production.

Save the output line to a file named .htpasswd on your server. Then configure your .htaccess file with AuthType Basic, set AuthUserFile to point to the .htpasswd file path, and add "Require valid-user".

Yes. The hashing is performed entirely in your browser using the Web Crypto API. Your password is never sent to any server or stored anywhere.

Related Tools

🔒 Password Generator 🔑 UUID Generator 📄 JSON Formatter 🕓 Unix Timestamp Converter 📈 Percentage Calculator 📝 Word Counter