digtools
🔐
basic auth,

.htpasswd Generator

Safely generate .htpasswd and .htaccess for Basic Authentication directly in your browser.Since passwords are not sent to the server, there is no risk of data leaks.

🛡️
Browser Only
Safe with no server transmission
⚙️
Batch Generation
Creates .htaccess simultaneously
🆓
No Registration
Completely free & unlimited usage
about,

About Basic Auth Generator

"Basic Auth" is the easiest way to restrict access to specific pages or directories of a website. To set up Basic Auth, you need to place a .htpasswd file that pairs a username and an encrypted password, and an .htaccess file describing the authentication rules on your server.

This tool directly encrypts the entered password on your browser (device) and safely generates the strings for .htpasswd and the corresponding .htaccess settings at the same time. The password is never sent to the server, so there is no risk of data leaks.

how to,

Steps to Generate Configuration

STEP 1

User & Password

Enter the "Username" and "Password" you want to use for Basic Auth.

STEP 2

Detailed Settings

Enter the AuthName displayed in the dialog and the absolute path to place the .htpasswd file on the server.

STEP 3

Select Algorithm

Select the encryption algorithm. Bcrypt is recommended for Apache 2.4 and later.

STEP 4

Generate & Deploy

Click the "Generate" button, copy or download the output code, and place it on your server.

glossary,

Basic Auth Glossary

Basic Auth
A simple access restriction method provided as a standard feature of web servers (Apache, Nginx, etc.). When accessing a configured directory, an authentication dialog is displayed from the browser.
.htpasswd
A text file that stores usernames and encrypted passwords for Basic Auth. For security reasons, it is recommended to place it in a directory above the public directory (such as public_html).
.htaccess
A file to control Apache web server settings on a directory basis. Rules to enable Basic Auth (AuthType Basic, Require valid-user, etc.) are written here.
Bcrypt
A powerful password hashing (encryption) algorithm that is currently recommended. It is designed to be intentionally slow to calculate, making it resistant to brute-force attacks. Supported by Apache 2.4 and later.
AuthName
The message or group name displayed in the Basic Auth dialog box. It is set to indicate to the user which area they are trying to access.
AuthUserFile
The absolute path on the server where the .htpasswd file is located, specified in the .htaccess file. If this path is incorrect, authentication will not work properly.
Brute-force Attack
A type of cyber attack that attempts unauthorized access by trying all possible combinations of passwords. Using a strong algorithm like Bcrypt makes it easier to prevent this attack.
Base64 Encoding
When a password is sent from the browser to the server in Basic Auth, the data is not encrypted but simply encoded (converted) in a format called "Base64". Therefore, it must be used in conjunction with HTTPS communication.
faq,

Frequently Asked Questions (FAQ) about Basic Auth

Q.Are generated passwords saved on the server?
No. This tool performs all encryption processes on your browser using JavaScript. Rest assured that the entered passwords are never sent to a server over the internet.
Q.Which algorithm should I choose?
If your server is Apache 2.4 or later, the highly secure "Bcrypt" is recommended. If you are using Nginx or an older server, please select the widely supported "SHA-1".
Q.Do I need .htaccess in addition to .htpasswd?
Yes. For Apache servers, you need to write rules (such as AuthType Basic) in the .htaccess file to restrict access by referring to the .htpasswd file. This tool automatically generates that configuration code as well.
Q.What should I do if I forget my password?
It is impossible to restore the original password from the encrypted password (hash). If you forget your password, please use this tool to regenerate a new password hash and overwrite the server's .htpasswd file.
Q.Can I set individual IDs and passwords for multiple users?
Yes, it is possible. Just generate a combination of username and password with this tool, and add it as a new line in the server's .htpasswd file to set up multiple user accounts.
Q.Are there any precautions when applying Basic Auth in WordPress?
WordPress has an .htaccess in the root directory by default. When adding a Basic Auth description, make sure to add it outside the existing WordPress descriptions (# BEGIN WordPress ~ # END WordPress).
scenes,

Use Cases

  • 🚧

    Protect Dev/Test Environments

    Secure pre-release test sites or staging environments from search engines and unauthorized access.

  • 👥

    Create Internal Pages

    Build dedicated pages or directories accessible only to internal members or specific clients.

Related Tools

Web & Developer ToolsView all

Cron Generator

Generate Cron expressions & check schedules

🧩

JSON to TS Interface

Generate TS types from JSON

🔒

HTTP Header Checker

Check response headers & security diagnostics

📝

Markdown ⇔ HTML Converter

Convert Markdown to HTML with real-time preview

🛠️

JSON Formatter & Validator

Format and validate JSON (Tree View & YAML supported)

🗂️

File Size Calculator

Calculate sizes based on resolution and capacity

🛡️

Password Strength Checker

Real-time security diagnosis

🔑

Password Generator

Create secure random passwords

🤐

ZIP Password Tool

Create or unlock password-protected ZIP files

All Categories

Web & Developer Tools CSS Generators Image & Photo Tools Video & Audio Tools SEO & Marketing Network & Infrastructure Text Analysis & Processing Finance & Salary Tools Date & Calendar Tools Document & Business Tools Games & Events Life & Health Top Page

Send Feedback

Please let us know your thoughts to help us improve the tool.

Disclaimer

The tools provided on this site are completely free to use, but please use them at your own risk. We make no guarantees regarding the accuracy, completeness, or safety of any calculation results, conversion results, or generated data. Please be aware that the operator assumes no responsibility for any damages or troubles caused by the use of these tools. Most tools process files and calculations locally in your browser, meaning your inputted data is neither sent to nor stored on our servers.