htpasswd Generator
Generate Apache .htpasswd entries for basic authentication. Supports bcrypt, MD5, and SHA-1 hashing algorithms.
admin:$apr1$b0zur8qo$c2VjcmV0YjB6dXI4cW8=What htpasswd does
An .htpasswd file stores username-password pairs for Apache's basic authentication. When you add an AuthUserFile directive to your .htaccess or Apache config, the server prompts visitors for credentials before serving the page. This is commonly used to protect staging sites, admin directories, or any area you want to restrict without building a full login system. The passwords in the file are hashed — never stored in plain text.
Choosing a hash algorithm
bcrypt is the strongest option and is recommended for any modern setup — it is slow by design, which makes brute-force attacks impractical. MD5 (Apache's apr1 variant) is the traditional default and works everywhere but is weaker against offline attacks. SHA-1 is fast to compute and should only be used when compatibility requires it. Plain text should never be used in production — it exists only for debugging.
Where to place the file
Store your .htpasswd file outside the web root if possible — for example, /home/user/.htpasswd rather than inside public_html. If someone can access the file through a browser misconfiguration, the hashed passwords are exposed. Your .htaccess then references it with an absolute path. If you must place it inside the web root, add a rule to deny direct access: <Files ".htpasswd"> Require all denied </Files>.
Related Tools
Password Hash Generator
Generate MD5, SHA-1, SHA-256, and SHA-512 hashes from any string for configs and databases.
Zero-Width Steganography
Hide secret messages inside ordinary text using invisible zero-width Unicode characters. Invisible to the naked eye.
WP Admin Generator
Generate SQL queries to create WordPress admin accounts instantly. Useful when locked out or need quick database-level access.