About .htpasswd
A .htpasswd file stores usernames and hashed passwords for HTTP basic authentication on Apache and Nginx. This generator builds a ready-to-paste line for a user, using secure bcrypt (recommended) or legacy SHA-1. It runs entirely in your browser, so credentials are never uploaded.
How Htpasswd works
How to use it
- Enter a username and password.
- Choose bcrypt (recommended) or SHA-1.
- Copy the generated
user:hashline into your .htpasswd file.
Where it goes
Put the file outside your web root and point your server at it — in Apache via AuthUserFile, in Nginx via auth_basic_user_file. Add one line per user.
Which algorithm?
Bcrypt is the most secure and is supported by modern Apache and Nginx. SHA-1 ({SHA}) is legacy and only for older setups; avoid plain MD5/crypt.
Common uses
- Protect a folder with basic auth
- Create an Apache .htpasswd entry
- Set up Nginx basic authentication
- Add a user to an existing .htpasswd
- Generate a bcrypt htpasswd line
- Secure a staging site
- Restrict an admin area
- Make credentials without command-line tools
Frequently asked questions
How do I create a htpasswd entry?
Enter a username and password, choose bcrypt, and copy the user:hash line into your .htpasswd file.
Where does the .htpasswd file go?
Outside your web root; reference it from your Apache or Nginx config.
Which algorithm should I pick?
Bcrypt — it is the most secure and is widely supported. SHA-1 is only for legacy setups.
Can I add several users?
Yes — generate one line per user and put each on its own line.
Are my credentials uploaded?
No — the line is generated entirely in your browser.
Does it work with Nginx?
Yes — use it with auth_basic_user_file.
What is the 2y prefix?
A bcrypt identifier Apache uses; it is compatible.
Is it free?
Yes — completely free with no sign-up.