Online Tools
Other Sections

Online Tools: .htaccess Password Generator

Use this tool to generate all the necessary codes needed to password protect a directory or selects files within it on your site via .htaccess. It encrypts the desired passwords, then outputs the corresponding codes to put inside your .htaccess and .htpasswd files.

Example: Click here. (Username: user Password: test)


1) Enter the desired username(s) and corresponding password(s) used to authenticate entry into the protected directory or files. Must consist of alphanumeric characters only.

Enter Usernames:
Press "enter" after each username.
Enter Corresponding Passwords:
Press "enter" after each password.

2) Path to .htpasswd file relative to your server's root directory: (e.g. - /home/site_name/)
3) File names to protect (Optional: leave empty if protecting folder):
Separate multiple files with a comma. ie: protected.htm, protected2.htm

Frequently Asked Questions

Q: For 2) above, what should I enter as the path?
A: ".htpasswd" is a text file that is used to contain your usernames and encrypted passwords. Enter the path you will be placing your .htpasswd file (which contains the usernames/passwords) on the server. It should be a non user accessible location, such as directly above your public HTML folder. This is to prevent visitors from directly viewing this file in their web browser.

Q: For 2) above, how can I find out my server path?
A: If you're on a Linux server and have access to telnet/ssh, simply login and type the command "pwd." This will output your current absolute path, giving you enough information to construct the rest. Or simply ask your web host for this information.

Q: For 3) above, what should I enter, if anything?
A: If you wish your .htaccess file to password protect individual files within a directory, instead of the entire directory (default), enter the files names in this field, each separated by a comma if more than 1 file. Otherwise, leave blank as is.

Q: I've uploaded my .htaccess and .htpasswd files to the correct locations, but when I try and enter my username/password to enter the protected area, it still wouldn't let me in!
A: Make sure you've in fact uploaded your .htpasswd to the location as specified in the "AuthUserFile" line inside .htaccess. For example:

AuthUserFile /home/mysite/.htpasswd

As mentioned, in Linux you can type "pwd" in telnet/SSH to find out your server's root directory (ie: /home/mysite). If the location is incorrect and your server can't properly locate .htpasswd, the username and password contained within this file won't be recognized either, and you are locked out. Regardless, you can reverse any changes and unpassword protect your directory simply by deleting the .htaccess file you uploaded to that directory.

Q: How come after I've uploaded my .htaccess file via FTP, I can no longer see it in FTP?
A: Depending on your server configuration, files such as .htaccess may be hidden from view in FTP. In WS_FTP for example, there is a blank box on the upper right of the screen (right under the "MkDIr" button) that allows you to input optional parameters. Simply enter "-a" and Refresh the view again to reveal your .htaccess file.

Q: Where can I learn more about .htaccess and its other features?
A: For an excellent tutorial on .htaccess, see: Comprehensive Guide to .htaccess.