.htpasswd Generator
Create a username and hashed-password line for an Apache or nginx .htpasswd
file. Choose bcrypt, Apache MD5 (apr1) or SHA-1 — everything is hashed in your browser and never
uploaded.
New to this? Read the .htpasswd guide →
Hashing runs entirely in your browser (bcrypt via a bundled library, Apache MD5 and SHA-1 via local JavaScript / Web Crypto). Your username and password are never uploaded or stored.
Frequently asked questions
What is a .htpasswd file?
A .htpasswd file stores usernames and hashed passwords for HTTP basic authentication in Apache and nginx. Each line is username:hash, and the web server checks credentials against it to password-protect a directory or site.
Which hash format should I use?
Use bcrypt where your server supports it (Apache 2.4+) — it is the most secure. Apache MD5 (apr1) is the long-standing default and works in both Apache and nginx. SHA-1 ({SHA}) is widely compatible but unsalted and weaker, so prefer it only for legacy setups.
Is my password sent anywhere?
No. The username and password are hashed entirely in your browser; nothing is uploaded or stored. You can even disconnect from the network and it still works.