This tool is part of these guided projects. Each project provides step-by-step instructions with checklists and all the tools you need in one place.
Tools you might need next
Generate Markdown tables from row and column data. Create GFM-ready tables for docs, README files, and wikis without hand-formatting pipes and dashes.
Generate numbered or ordered lists from plain text lines. Convert bullet points, tasks, and outlines into consistently formatted sequential lists.
Generate Lorem ipsum and custom placeholder text for mockups. Control paragraph count, word length, and sentence variety for design and prototyping.
Apache htpasswd supports multiple hash formats: bcrypt ($2y$), SHA-1 ({SHA}), MD5-APR1 ($apr1$), and crypt(). Bcrypt is the most secure; MD5-APR1 is the most compatible default.
Format: username:hash; Bcrypt: $2y$cost$salt+hash; APR1: $apr1$salt$hashBcrypt with cost ≥10 is recommended. SHA-1 is deprecated (no salt, fast to crack). Plain text should never be used. The htpasswd file must be stored outside the web root with restricted permissions.
Updated: July 2026
Generate a secure bcrypt hash for HTTP basic auth on Apache/Nginx.
→ admin:$2y$10$[salt][hash] (60-char bcrypt hash)
Create an APR1 hash for older Apache versions that don't support bcrypt.
→ deploy:$apr1$[salt]$[hash]
SHA-1 ({SHA}base64hash) has no salt and is trivially cracked with rainbow tables. Always use bcrypt ($2y$) or at minimum APR1 ($apr1$) which includes a random salt.
The htpasswd file should be stored outside the publicly accessible directory tree. If exposed, attackers can download it and crack passwords offline.
Generate Apache htpasswd entries for HTTP basic authentication. Create bcrypt or MD5 crypt hashes for .htaccess and web server password protection. It applies the htpasswd hash algorithms (Format: username:hash; Bcrypt: $2y$cost$salt+hash; APR1: $apr1$salt$hash). For example: create bcrypt-hashed htpasswd entry — Generate a secure bcrypt hash for HTTP basic auth on Apache/Nginx.