Create Htpasswd Password

Use this free tool to create online passwords compatible with .htpasswd file, used by web servers to password protect the access to specific folders on your website. Only users that know the correct password can access the specified folders. The usage is very simple, just write in the form below the plain text password and click the button:


How to correctly create the .htpasswd file

Make sure to add usernames and passwords in the following format:

username:encrypted_password
This is an example content of a valid and working .htpasswd file:

admin:QUiDa5dYGr7TM
administrator:QUANPkoBVE1kA
root:YU9nmCC26QgjU

How to protect .htpasswd and .htaccess files

With Nginx add this text inside the vhost file:

location ~ /\.ht {
    deny  all;
}

With Lighttpd add this text inside lighttpd.conf file:

url.access-deny = ( "~", ".inc", ".htaccess", ".htpasswd" )

With Apache add this text inside the vhost file:

<FilesMatch "^.(htaccess|htpasswd)$">
    Order Allow,Deny
    Deny from all
</FilesMatch>

How to password protect a folder with Nginx

Edit the Nginx vhost file and add this text:

location ^~ /folder-to-protect/ {
    auth_basic "Private Area";
    auth_basic_user_file /path/to/file/.htpasswd;
}

Now restart the Nginx web server:

/etc/init.d/nginx restart

More information can be found here:

NginxHttpAuthBasicModule: auth_basic

NginxHttpAuthBasicModule: auth_basic_user_file


How to password protect a folder with Apache

Create the .htaccess file inside the folder to protect.

Add this text inside the .htaccess file:

AuthUserFile /path/to/file/.htpasswd
AuthName "Private Area"
AuthType Basic
Require valid-user

More information can be found here:

htpasswd - Manage user files for basic authentication

Authentication and Authorization


How to password protect a folder with Lighttpd

Make sure mod_auth is loaded correctly:

server.modules = (
	[...]
        "mod_auth",
)

Edit the Lighttpd vhost file and add this text:

auth.backend = "htpasswd"
auth.backend.htpasswd.userfile = "/path/to/file/.htpasswd"
auth.require = ( "/folder-to-protect/" =>
    (
    "method"  => "basic",
    "realm"   => "Please enter your Password.",
    "require" => "valid-user"
    ),
)

Now restart the Lighttpd web server:

/etc/init.d/lighttpd restart