{"id":86,"date":"2025-02-20T00:00:00","date_gmt":"2025-02-19T23:00:00","guid":{"rendered":"https:\/\/helloblog.io\/cs\/wordpress-6-8-bcrypt-wp-password-bcrypt-konec\/"},"modified":"2026-01-20T06:32:58","modified_gmt":"2026-01-20T05:32:58","slug":"wordpress-6-8-bcrypt-wp-password-bcrypt-konec","status":"publish","type":"post","link":"https:\/\/helloblog.io\/cs\/wordpress-6-8-bcrypt-wp-password-bcrypt-konec\/","title":{"rendered":"WordPress 6.8 p\u0159ep\u00edn\u00e1 na bcrypt: pro\u010d m\u016f\u017ee\u0161 bez obav zahodit wp-password-bcrypt"},"content":{"rendered":"\n<p>Kdo n\u011bkdy \u0159e\u0161il bezpe\u010dnost p\u0159ihla\u0161ov\u00e1n\u00ed u star\u0161\u00edch WordPress instalac\u00ed, narazil na nep\u0159\u00edjemnou realitu: hashov\u00e1n\u00ed hesel v j\u00e1d\u0159e dlouho nezaost\u00e1valo jen \u201etrochu\u201c, ale v praxi to znamenalo slab\u0161\u00ed ochranu oproti tomu, na co jsme zvykl\u00ed z modern\u00edch aplikac\u00ed. Komunita kolem Roots to kdysi \u0159e\u0161ila pragmaticky bal\u00ed\u010dkem <code>wp-password-bcrypt<\/code> \u2013 dnes se ale karta obrac\u00ed.<\/p>\n\n\n\n<p>Podle ozn\u00e1men\u00ed k WordPress 6.8 se bcrypt stane v\u00fdchoz\u00ed metodou hashov\u00e1n\u00ed hesel p\u0159\u00edmo v core. T\u00edm se z <code>wp-password-bcrypt<\/code> st\u00e1v\u00e1 v z\u00e1sad\u011b historick\u00e1 berli\u010dka: na webech b\u011b\u017e\u00edc\u00edch na WordPressu 6.8+ u\u017e ned\u00e1v\u00e1 smysl ho d\u00e1l tahat do projektu.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Co se v WordPress 6.8 m\u011bn\u00ed (a pro\u010d je to d\u016fle\u017eit\u00e9)<\/h2>\n\n\n\n<p><code>bcrypt<\/code> je zaveden\u00fd adaptivn\u00ed hashing algoritmus pro hesla. \u201eAdaptivn\u00ed\u201c v praxi znamen\u00e1, \u017ee jde zvy\u0161ovat v\u00fdpo\u010detn\u00ed n\u00e1ro\u010dnost (cost), tak\u017ee i kdy\u017e hardware \u00fato\u010dn\u00edk\u016f \u010dasem zrychluje, m\u016f\u017ee\u0161 dr\u017eet krok. Pro autentizaci je to v\u00fdrazn\u00fd posun oproti star\u0161\u00edm p\u0159\u00edstup\u016fm.<\/p>\n\n\n\n<p>D\u016fle\u017eit\u00fd detail z pohledu provozu: WordPress m\u00e1 v core vlastn\u00ed vrstvu pro pr\u00e1ci s hesly, tak\u017ee zm\u011bna algoritmu nen\u00ed jen o tom \u201eulo\u017eit novou hodnotu do datab\u00e1ze\u201c, ale hlavn\u011b o tom, aby ov\u011b\u0159ov\u00e1n\u00ed fungovalo hladce pro existuj\u00edc\u00ed u\u017eivatele.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Pro\u010d Roots ukon\u010duj\u00ed wp-password-bcrypt<\/h2>\n\n\n\n<p>Bal\u00ed\u010dek <a href=\"https:\/\/github.com\/roots\/wp-password-bcrypt\"><code>wp-password-bcrypt<\/code><\/a> vznikl v dob\u011b, kdy WordPress v j\u00e1d\u0159e bcrypt nepou\u017e\u00edval. Jeho \u00fa\u010del byl jednoduch\u00fd: zlep\u0161it zabezpe\u010den\u00ed hesel d\u0159\u00edv, ne\u017e to vy\u0159e\u0161\u00ed samotn\u00fd core.<\/p>\n\n\n\n<p>S p\u0159\u00edchodem WordPress 6.8 se tento d\u016fvod vytr\u00e1c\u00ed. Roots proto ozn\u00e1mili, \u017ee projekt postupn\u011b \u201esunsetuj\u00ed\u201c (ukon\u010duj\u00ed) \u2013 ne proto, \u017ee by byl \u0161patn\u00fd, ale proto\u017ee se stal nadbyte\u010dn\u00fdm.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n\n<li>Na Packagistu bude <code>wp-password-bcrypt<\/code> ozna\u010den\u00fd jako <strong>abandoned<\/strong>.<\/li>\n\n\n<li>Zmiz\u00ed odkazy z Bedrocku a souvisej\u00edc\u00ed dokumentace.<\/li>\n\n\n<li>GitHub repozit\u00e1\u0159 bude archivovan\u00fd.<\/li>\n\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Co to znamen\u00e1 pro tv\u016fj web a nasazen\u00ed<\/h2>\n\n\n\n<p>Pokud tv\u016fj web b\u011b\u017e\u00ed na WordPressu 6.8 nebo nov\u011bj\u0161\u00edm, <code>wp-password-bcrypt<\/code> u\u017e nepot\u0159ebuje\u0161. Podstatn\u00e9 je, \u017ee podle ozn\u00e1men\u00ed nen\u00ed nutn\u00e1 \u017e\u00e1dn\u00e1 ru\u010dn\u00ed migrace hesel: existuj\u00edc\u00ed hesla budou d\u00e1l fungovat a WordPress core m\u00e1 autentizaci s bcrypt \u0159e\u0161it \u201eseamlessly\u201c (plynule) tam, kde to d\u00e1v\u00e1 smysl.<\/p>\n\n\n\n<div class=\"wp-block-group callout callout-success is-style-success is-layout-flow wp-block-group-is-layout-flow\" style=\"border-width:1px;border-radius:8px;padding-top:1rem;padding-right:1.5rem;padding-bottom:1rem;padding-left:1.5rem\">\n\n<h4 class=\"wp-block-heading callout-title\">Dobr\u00e1 zpr\u00e1va pro provoz<\/h4>\n\n\n<p>Na WordPressu 6.8+ m\u016f\u017ee\u0161 bal\u00ed\u010dek <code>wp-password-bcrypt<\/code> bezpe\u010dn\u011b odstranit. Nen\u00ed pot\u0159eba reset hesel ani jednor\u00e1zov\u00fd migra\u010dn\u00ed skript \u2013 st\u00e1vaj\u00edc\u00ed p\u0159ihl\u00e1\u0161en\u00ed maj\u00ed d\u00e1l fungovat.<\/p>\n\n<\/div>\n\n\n\n<h2 class=\"wp-block-heading\">Jak wp-password-bcrypt odstranit (typick\u00fd Composer\/Bedrock sc\u00e9n\u00e1\u0159)<\/h2>\n\n\n\n<p>V praxi tohle nej\u010dast\u011bji potk\u00e1 Bedrock projekty spravovan\u00e9 p\u0159es Composer. Postup je p\u0159\u00edmo\u010dar\u00fd \u2013 jen si pohl\u00eddej, \u017ee opravdu m\u00ed\u0159\u00ed\u0161 na WordPress 6.8+ a \u017ee bal\u00ed\u010dek nem\u00e1\u0161 nav\u00e1zan\u00fd je\u0161t\u011b na n\u011bjakou vlastn\u00ed integraci.<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n\n<li>Ov\u011b\u0159 verzi WordPressu v prost\u0159ed\u00ed, kde chce\u0161 zm\u011bnu prov\u00e9st (minim\u00e1ln\u011b 6.8).<\/li>\n\n\n<li>Odstra\u0148 z\u00e1vislost z Composeru.<\/li>\n\n\n<li>Proje\u010f deployment a z\u00e1kladn\u00ed smoke test: login, reset hesla, vytvo\u0159en\u00ed nov\u00e9ho u\u017eivatele.<\/li>\n\n<\/ol>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono\" style=\"font-size:.875rem;font-family:Code-Pro-JetBrains-Mono,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;line-height:1.25rem;--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:block;padding:16px 0 0 16px;margin-bottom:-1px;width:100%;text-align:left;background-color:#24292e\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"54\" height=\"14\" viewBox=\"0 0 54 14\"><g fill=\"none\" fill-rule=\"evenodd\" transform=\"translate(1 1)\"><circle cx=\"6\" cy=\"6\" r=\"6\" fill=\"#FF5F56\" stroke=\"#E0443E\" stroke-width=\".5\"><\/circle><circle cx=\"26\" cy=\"6\" r=\"6\" fill=\"#FFBD2E\" stroke=\"#DEA123\" stroke-width=\".5\"><\/circle><circle cx=\"46\" cy=\"6\" r=\"6\" fill=\"#27C93F\" stroke=\"#1AAB29\" stroke-width=\".5\"><\/circle><\/g><\/svg><\/span><span role=\"button\" tabindex=\"0\" style=\"color:#e1e4e8;display:none\" aria-label=\"Copy\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly># Odinstalace bal\u00ed\u010dku z projektu\ncomposer remove roots\/wp-password-bcrypt\n\n# N\u00e1sledn\u011b standardn\u00ed deployment krok(y) dle tv\u00e9ho procesu\n# (nap\u0159. composer install --no-dev na serveru, nebo build v CI)\n<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2m-6 9l2 2 4-4\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2\"><\/path><\/svg><\/span><pre class=\"shiki github-dark\" style=\"background-color:#24292e;color:#e1e4e8\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color:#6A737D\"># Odinstalace bal\u00ed\u010dku z projektu<\/span><\/span>\n<span class=\"line\"><span style=\"color:#B392F0\">composer<\/span><span style=\"color:#9ECBFF\"> remove<\/span><span style=\"color:#9ECBFF\"> roots\/wp-password-bcrypt<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color:#6A737D\"># N\u00e1sledn\u011b standardn\u00ed deployment krok(y) dle tv\u00e9ho procesu<\/span><\/span>\n<span class=\"line\"><span style=\"color:#6A737D\"># (nap\u0159. composer install --no-dev na serveru, nebo build v CI)<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n<div class=\"wp-block-group callout callout-warning is-style-warning is-layout-flow wp-block-group-is-layout-flow\" style=\"border-width:1px;border-radius:8px;padding-top:1rem;padding-right:1.5rem;padding-bottom:1rem;padding-left:1.5rem\">\n\n<h4 class=\"wp-block-heading callout-title\">Pozor na mixed fleet<\/h4>\n\n\n<p>Pokud spravuje\u0161 v\u00edc web\u016f a n\u011bkter\u00e9 je\u0161t\u011b nejsou na 6.8, neh\u00e1zej to do jednoho pytle. U instalac\u00ed < 6.8 by odstran\u011bn\u00ed bal\u00ed\u010dku znamenalo n\u00e1vrat na p\u016fvodn\u00ed chov\u00e1n\u00ed WordPressu (a t\u00edm p\u00e1dem i hor\u0161\u00ed hashov\u00e1n\u00ed).<\/p>\n\n<\/div>\n\n\n\n<h2 class=\"wp-block-heading\">Co se stane se star\u00fdmi hesly? (bez migrace, ale s logikou)<\/h2>\n\n\n\n<p>I kdy\u017e WordPress 6.8 p\u0159ep\u00edn\u00e1 v\u00fdchoz\u00ed algoritmus, typick\u00e1 strategie u podobn\u00fdch zm\u011bn b\u00fdv\u00e1 kompatibilita p\u0159i ov\u011b\u0159en\u00ed a postupn\u00fd \u201eupgrade\u201c p\u0159i p\u0159\u00ed\u0161t\u00edm p\u0159ihl\u00e1\u0161en\u00ed nebo zm\u011bn\u011b hesla. Roots explicitn\u011b uv\u00e1d\u00ed, \u017ee \u017e\u00e1dn\u00e9 migra\u010dn\u00ed kroky nejsou pot\u0159eba a \u017ee st\u00e1vaj\u00edc\u00ed hesla budou d\u00e1l fungovat \u2013 tak\u017ee provozn\u011b je to p\u0159esn\u011b ten typ zm\u011bny, kterou chce\u0161: bezpe\u010dnost nahoru, riziko dol\u016f.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Shrnut\u00ed pro v\u00fdvoj\u00e1\u0159e a spr\u00e1vce WordPress web\u016f<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n\n<li>WordPress 6.8 m\u00e1 podle ozn\u00e1men\u00ed pou\u017e\u00edvat bcrypt jako v\u00fdchoz\u00ed hashov\u00e1n\u00ed hesel v core.<\/li>\n\n\n<li>Na webech s WordPress 6.8+ u\u017e <code>wp-password-bcrypt<\/code> ned\u00e1v\u00e1 smysl a m\u016f\u017ee pry\u010d.<\/li>\n\n\n<li>Nen\u00ed pot\u0159eba migrace hesel \u2013 existuj\u00edc\u00ed p\u0159ihl\u00e1\u0161en\u00ed maj\u00ed fungovat i po odstran\u011bn\u00ed bal\u00ed\u010dku.<\/li>\n\n\n<li>Roots bal\u00ed\u010dek ozna\u010d\u00ed jako abandoned, odstran\u00ed odkazy z Bedrocku a repozit\u00e1\u0159 archivuj\u00ed.<\/li>\n\n<\/ul>\n\n\n<div class=\"references-section\">\n                <h2>Reference \/ Zdroje<\/h2>\n                <ul class=\"references-list\"><li><a href=\"https:\/\/roots.io\/sunsetting-wp-password-bcrypt-with-wordpress-6-8\/\" target=\"_blank\" rel=\"noopener noreferrer\">Sunsetting wp-password-bcrypt with WordPress 6.8<\/a><\/li><li><a href=\"https:\/\/make.wordpress.org\/core\/2025\/02\/17\/wordpress-6-8-will-use-bcrypt-for-password-hashing\/\" target=\"_blank\" rel=\"noopener noreferrer\">WordPress 6.8 will use bcrypt for password hashing<\/a><\/li><li><a href=\"https:\/\/github.com\/roots\/wp-password-bcrypt\" target=\"_blank\" rel=\"noopener noreferrer\">roots\/wp-password-bcrypt<\/a><\/li><li><a href=\"https:\/\/github.com\/roots\/bedrock\" target=\"_blank\" rel=\"noopener noreferrer\">roots\/bedrock<\/a><\/li><\/ul>\n            <\/div>","protected":false},"excerpt":{"rendered":"<p>WordPress 6.8 kone\u010dn\u011b p\u0159in\u00e1\u0161\u00ed bcrypt do j\u00e1dra a v\u00fdrazn\u011b t\u00edm zlep\u0161uje bezpe\u010dnost p\u0159ihla\u0161ov\u00e1n\u00ed. Pokud m\u00e1\u0161 v projektu bal\u00ed\u010dek wp-password-bcrypt, je to ide\u00e1ln\u00ed chv\u00edle ho vy\u0159adit \u2013 bez migrac\u00ed a bez rozb\u00edjen\u00ed st\u00e1vaj\u00edc\u00edch hesel.<\/p>\n","protected":false},"author":34,"featured_media":84,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[17],"tags":[73,72,37,3,10],"class_list":["post-86","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-ekosystem-wordpress","tag-autentizace","tag-bcrypt","tag-bezpecnost","tag-roots","tag-wordpress"],"_links":{"self":[{"href":"https:\/\/helloblog.io\/cs\/wp-json\/wp\/v2\/posts\/86","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/helloblog.io\/cs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/helloblog.io\/cs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/helloblog.io\/cs\/wp-json\/wp\/v2\/users\/34"}],"replies":[{"embeddable":true,"href":"https:\/\/helloblog.io\/cs\/wp-json\/wp\/v2\/comments?post=86"}],"version-history":[{"count":1,"href":"https:\/\/helloblog.io\/cs\/wp-json\/wp\/v2\/posts\/86\/revisions"}],"predecessor-version":[{"id":103,"href":"https:\/\/helloblog.io\/cs\/wp-json\/wp\/v2\/posts\/86\/revisions\/103"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/helloblog.io\/cs\/wp-json\/wp\/v2\/media\/84"}],"wp:attachment":[{"href":"https:\/\/helloblog.io\/cs\/wp-json\/wp\/v2\/media?parent=86"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/helloblog.io\/cs\/wp-json\/wp\/v2\/categories?post=86"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/helloblog.io\/cs\/wp-json\/wp\/v2\/tags?post=86"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}