iPasswd - .htpasswd password generator

iPasswd is an online password generation tool for .htpasswd files. These files store a username and password combination (one per line of the file) which is used with .htaccess Basic Authentication. iPasswd also supports MD5 passwords, used in Digest Authentication.


  • Enter a username below. (Note: the username is case sensitive.)
  • Enter a password below (Note: the password is case sensitive.)
  • If your server uses MD5 password encryption, select the checkbox. If you do not know, leave this unselected.
  • Click the "Generate" button.
  • Your username and encrypted password will be displayed in a new window.
  • Copy and paste the username:password into your .htpasswd file (using a text editor). You can have as many usernames as you want. Each username:password pair must be listed on its own line in the .htpasswd file.
  • Upload the .htaccess file to your web site. It should be located in a directory which is not accessable via a web browser (not your "public_html" directory).

User Name:  
Use MD5 password encryption

Create .htaccess file

The .htaccess file tells the web server whether to use password protection on files that it is serving.

You'll need to know the full path to your .htaccess file. This is probably something like:


Ask your web host if you do not know the full path to your home directory.

Upload the .htaccess file into the directory you want to protect, or the directory containing the files you want to protect.

You should use one of the following, depending on whether you want to protect all files or just some files in a directory. Replace /full/path/to/.htpasswd with actual pathname of your .htpasswd file. Replace "Please Login" with the message you want displayed when visitors are prompted for a password.

Directory Protection

To protect all files in a directory use a .htaccess file like this:
<Files ".ht*">
order allow,deny
deny from all

AuthUserFile /full/path/to/.htpasswd
AuthType Basic
AuthName "Please Login"

require valid-user

File Protection

To protect only certain files in a directory, use a .htaccess file like this.

<Files ".ht*">
order allow,deny
deny from all

<Files private1.html private2.html>
AuthUserFile /home/pathto/.htpasswd
AuthType Basic
AuthName "Please Login"
Require valid-user

You can use * wildcards in file names to match multiple files.

If you are familiar with regular expressions, you can replace the Files directive with FilesMatch.


For complete specs of .htaccess password protection see the Apace mod_auth documentation

Basic passwords are easy to reverse, meaning that if someone gets hold of your .htpasswd file, they can find out your password. MD5 passwords do not suffer from this, so if your web host supports it, using MD5 passwords will provide protection against this. To do so, change the "AuthType Basic" to "AuthType Digest" in the .htaccess file and use MD5 passwords in your .htpasswd file.

This site is hosted by Z-Host. For low cost PHP web hosting visit Z-Host.com. Web hosting plans start at just $20 PER YEAR.

For more scripts than you can shake a stick at, visit

Rate iLogin at HotScripts.com
Very Good