.htpasswd Password Generator

Create hashed entries for Apache Basic Authentication. Supports MD5 (apr1), SHA-1, and Crypt algorithms with automatic formatting for .htpasswd files.

User Rating 0.0
Total Usage 1 times
Category Security
Is this tool helpful?

Your feedback helps us improve.

About

The .htpasswd file is used by Apache HTTP Server to store usernames and passwords for basic authentication of HTTP users. When you protect a directory using .htaccess, the server checks the credentials provided by the user against this file.

This tool generates the correctly hashed strings required for this file. It is crucial to note that .htpasswd does not store plain text passwords; it stores a hash. When a user logs in, the server hashes their input and compares it to the stored hash.

apache server security hashing htaccess webmaster tools

Formulas

The structure of an .htpasswd entry is always:

username:hashed_secret

For example, if the user is 'admin' and the algorithm is MD5, the file content might look like:

admin:$apr1$ salt $ HashedString...

Reference Data

AlgorithmPrefixSecurity LevelCompatibility
MD5 (APR1)$apr1$Medium (Standard)Apache, Nginx (Most common)
Bcrypt$2y$ or $2a$HighApache 2.4+
SHA-1{SHA}Low (Fast)Legacy Systems
Crypt(none)Very LowVery Old Systems (Unix)

Frequently Asked Questions

Ideally, it should be placed outside your web root (public_html) so that browsers cannot access it directly. For example: `/home/user/.htpasswd`.
These algorithms use a 'salt'—a random string added to the password before hashing. This prevents Rainbow Table attacks. Even if the password is the same, a different salt produces a different hash, but the server can still verify it.
No. Hashing is a one-way mathematical function. You cannot reverse it to get the original password.