htpasswd Generator

Quick builder for `.htpasswd` entries. Enter username and password to generate copy-ready Apache line format.

Status

Runs in your browser. No input is sent to a server.

How to use

Choose username/password/method and generate. Append the line to `.htpasswd`, then configure `.htaccess` `AuthName` / `AuthUserFile` for your environment.

Notes (this tool)

  • bcrypt (`$2y$`) is computationally expensive; higher cost values take longer to generate.
  • Do not include colon `:` in usernames.

About this page

What does this tool do?

Generates `username:hash` lines used in `.htpasswd`.

Supports selectable `$2y$` (bcrypt), `$apr1$` (Apache MD5), `{SHA}` (SHA-1 Base64), and plain formats.

Typical use cases

  • Quickly prepare files for Basic auth protection
  • Add temporary users in staging/dev environments
  • Prepare valid line format when CLI is not available

Recommendations (practical)

  • Prefer `htpasswd -B` (server-side bcrypt) for production; use browser bcrypt here as a practical fallback
  • Place `.htpasswd` outside web root and keep file permissions minimal
  • After generation, avoid leaving plaintext in clipboard or on-screen history

What this tool does

  • Generate `username:$2y$...` lines (bcrypt)
  • Generate `username:$apr1$...` lines (Apache MD5)
  • Generate `username:{SHA}...` lines
  • Generate plain-format lines (testing only)
  • Generate `.htaccess` snippet with `AuthName` / `AuthUserFile` fields

Notes

  • bcrypt is computationally expensive. Generation time depends on device performance and cost settings.
  • `$apr1$` (MD5) and `{SHA}` (SHA-1) are compatibility-focused formats. Use bcrypt for stronger production security.
  • Usernames cannot contain `:` or newlines due to `.htpasswd` format constraints.
  • This tool helps generate lines; your access-control policy still needs separate design.

Debugging workflow (recommended)

  • Enter username/password and generate a line
  • Append to `.htpasswd` and verify `.htaccess` path settings
  • If 401 persists, check file permissions and absolute AuthUserFile path

Referenced specs

  • Apache HTTP Server: htpasswd utility
  • Apache mod_auth_basic / mod_authn_file

FAQ

Can this generate bcrypt?

Yes. It can generate `$2y$` format. For stricter production workflows, prefer `htpasswd -B`.

Can I paste output directly into `.htpasswd`?

Yes. You can append line by line (for duplicate usernames, manage replacements carefully).

References

  1. Apache: htpasswd
  2. Apache: mod_auth_basic

These links are generated from site_map rules in recommended diagnostic order.

  1. Hash / HMAC Generator — Generate SHA-family hashes and HMAC values
  2. Token Format Checker — Infer JWT/UUID/Hex/Base64URL candidates from input text
  3. WP Security Checklist Builder — Generate security operation checklists for WordPress
  4. Password Policy Generator — Create policy text and validation regex from requirements
  5. Random Password — Generate random passwords with length, charset, and exclusion options
  6. Password Seed Generator — Derive reproducible passwords from seed and constraints
  7. Random Token Generator — Generate random tokens with selectable byte size and encoding
  8. URL Safe Random — Generate random strings using URL/filename-safe characters

Security Operations

Generate practical passwords, tokens, and operation checklists quickly

Example

admin:$2y$10$h7FQeY9xW3gYpA6gYf5wYu0n6k3K1t8fNw5sQmTQ7n2x4M5m7n8eC