Create your Apache password protection files — hashing 100% client-side
This .htpasswd file generator lets you create in a few clicks the files needed to password-protect a directory or file on an Apache server. Add your users manually or import them from a CSV file, and get a .htpasswd file with APR1-MD5 hashed passwords along with a ready-to-use .htaccess.
The tool includes a built-in password generator with length control (6 to 64 characters) and character type options (lowercase, uppercase, digits, symbols). A strength meter shows in real time the security level of the chosen password.
All hashing is performed directly in your browser using a JavaScript implementation of the APR1-MD5 algorithm. No data is transmitted to any server: your usernames and passwords remain entirely private. Generated files can be downloaded directly or copied to the clipboard.
A .htpasswd file is a plain text file used by Apache to store usernames and hashed passwords. Each line contains a username followed by a colon and the password hash. The server uses this file to verify access credentials.
Place the .htaccess file in the directory to protect and the .htpasswd outside the public directory (e.g., /home/user/.htpasswd). The .htaccess contains AuthType, AuthName, AuthUserFile, and Require valid-user directives that enable the protection.
No, absolutely not. All hashing computations (APR1-MD5) are performed locally in your browser. No data leaves your device. You can even use this tool offline after the initial page load.
The tool uses APR1-MD5 (prefix $apr1$), the Apache standard compatible with the vast majority of servers. It uses a random salt and 1,000 iterations, making it resistant to brute-force attacks.
Prepare a CSV file with two columns: username and password, separated by commas, semicolons, or tabs. Click "Import CSV" and select your file. The first header line is automatically skipped.