.htpasswd is a file used by Apache web server for HTTP Basic Authentication. It contains username:password_hash pairs, one per line. Combined with an .htaccess file, it restricts access to specific directories on your server.

Which hashing algorithm should I use?

Use bcrypt ($2y$) for the best security. MD5 (APR1) is widely supported and reasonably secure. SHA-1 ({SHA}) is the weakest and is only recommended for legacy systems. Never use plaintext passwords.

htpasswd Generator

Create Apache .htpasswd entries for HTTP Basic Authentication

SHA-1 / MD5 Apache Ready Client-Side

Username

Password

Algorithm Note: For production use with bcrypt, use the command-line htpasswd tool.

htpasswd Entry

—

How to Use .htpasswd

Generate your htpasswd entry above
Create a file named .htpasswd on your server (outside the web root)
Paste the generated line into the file

Add these lines to your .htaccess:

AuthType Basic
AuthName "Restricted Area"
AuthUserFile /path/to/.htpasswd
Require valid-user

FAQ

.htpasswd is a flat-file used by Apache for HTTP Basic Authentication. Each line contains a username:hash pair. Combined with .htaccess directives, it restricts access to web directories.

HTTP Basic Authentication transmits credentials in Base64 (not encrypted) unless used with HTTPS. Always combine .htpasswd with SSL/TLS. For strong password hashing, use bcrypt via the server-side htpasswd command-line tool.

htpasswd Generator

How to Use .htpasswd

FAQ

What is .htpasswd?

Is this secure?

Related Tools

Hash Generator

Password Generator

Base64 Encoder

Robots.txt

SSL Checker

UUID Generator