RootUtils

Htpasswd Generator

Client-Side Secure

Create secure .htpasswd entries for Apache/Nginx basic authentication.

Cost Factor (Work Load)10

Higher cost = Harder to crack, but slower to generate.

Result
Start typing...

Client-Side Only: Your password is hashed in your browser. It is never sent to any server.

Is this tool broken?

Let us know if you found a bug or have a feature request.

Online Htpasswd Generator: Secure Apache & Nginx Basic Auth

Create secure user credentials for web server authentication instantly. The RootUtils Htpasswd Generator is a privacy-first tool that runs 100% in your browser. Unlike other online generators that send your passwords to a backend server, we use the Web Crypto API and client-side libraries to hash your credentials right on your device.

Why is this tool safe?

Security is critical when managing server credentials. Most online tools require you to trust the server owner not to log your passwords.

  • Zero Data Transfer: Your username and password never leave your browser tab.
  • Open Source Logic: We use standard, audit-friendly JavaScript libraries for hashing.
  • No Database: We don't store, cache, or see what you generate.

Understanding Hashing Algorithms

This tool supports multiple encryption standards. Choosing the right one depends on your server version and security needs.

🛡️ Bcrypt (Recommended)

The modern standard. It is deliberately slow (computationally expensive), which makes it resistant to brute-force and rainbow table attacks. Use the "Cost Factor" slider to increase security—higher numbers mean it takes longer to hash.

⚡ MD5 (Legacy)

Also known as $apr1$ on Apache. It is compatible with almost all servers but is considered cryptographically weak by modern standards. Only use this if you are on a very old hosting environment.

SHA-1 vs. Crypt()

SHA-1 is the default for many older Nginx setups but is no longer considered secure against determined attackers. Crypt() limits passwords to 8 characters and is generally obsolete except for specific legacy Linux systems.

Implementation Guide

1. For Apache Servers (.htaccess)

Apache uses a file named .htaccess to enforce rules on a directory.

  1. Generate your hash above (e.g., user:$2y$10$...).
  2. Create a file named .htpasswd in a secure folder (preferably outside your public_html or www root).
  3. Paste the generated line into that file.
  4. Add the code snippet from our Config Files tab to your .htaccess file.

2. For Nginx Servers

Nginx handles basic auth inside the nginx.conf server block.

  1. Generate your credentials.
  2. Save them to /etc/nginx/.htpasswd.
  3. Update your server block location settings to point to this file.
  4. Reload Nginx (sudo systemctl reload nginx).

Common Errors (500 / 403)

If you see a "500 Internal Server Error" after setting this up, check theAuthUserFile path in your config. It must be the absolute system path(e.g., /var/www/html/.htpasswd), not a relative web path.

You might also like

Password Gen

Free online Password Generator. Create strong, secure, and random passwords. Customize length and characters. Ensure your account.

Chmod Calculator

Free online Chmod Calculator. Generate Linux file permission codes (777, 755) visually. Understand permissions with this simple tool.

Hash Generator

Free online Hash Generator. Create secure SHA-1, SHA-256, and MD5 hashes from your text. Verify data integrity with this simple tool.