{"id":123,"date":"2025-02-20T00:00:00","date_gmt":"2025-02-19T23:00:00","guid":{"rendered":"https:\/\/helloblog.io\/da\/wordpress-6-8-bcrypt-standard-udfas-wp-password-bcrypt\/"},"modified":"2026-01-20T06:33:20","modified_gmt":"2026-01-20T05:33:20","slug":"wordpress-6-8-bcrypt-standard-udfas-wp-password-bcrypt","status":"publish","type":"post","link":"https:\/\/helloblog.io\/da\/wordpress-6-8-bcrypt-standard-udfas-wp-password-bcrypt\/","title":{"rendered":"WordPress 6.8 g\u00f8r bcrypt til standard: s\u00e5dan udfaser du wp-password-bcrypt uden drama"},"content":{"rendered":"\n<p>WordPress 6.8 markerer et ret vigtigt (og l\u00e6nge ventet) skift i, hvordan passwords bliver lagret: <strong>bcrypt bliver standardmetoden til password hashing i WordPress core<\/strong>. Hvis du tidligere har brugt pakken <code>wp-password-bcrypt<\/code> fra Roots for at f\u00e5 st\u00e6rkere hashing p\u00e5 dine sites, \u00e6ndrer spillet sig nu \u2014 pakken er i praksis overfl\u00f8dig fremadrettet.<\/p>\n\n\n\n<p>Her f\u00e5r du overblikket: hvad \u00e6ndrer sig i 6.8, hvad betyder det for eksisterende installationer, og hvordan du rydder p\u00e6nt op i din stack (fx Bedrock\/Composer) uden at l\u00e5se brugere ude.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Hvad er bcrypt, og hvorfor betyder det noget i WordPress?<\/h2>\n\n\n\n<p><em>Password hashing<\/em> er den envejsfunktion, der omdanner et password til en hash, som kan gemmes i databasen. Ved login sammenlignes en ny hash af det indtastede password med den gemte hash. Pointen er, at selv hvis databasen l\u00e6kkes, skal angriberen ikke kunne l\u00e6se passwords direkte.<\/p>\n\n\n\n<p><strong>bcrypt<\/strong> er en hashing-algoritme designet til passwords. Den er bevidst langsom og kan konfigureres med en cost-factor, hvilket g\u00f8r brute force og cracking markant dyrere. N\u00e5r WordPress 6.8 l\u00e6gger bcrypt ind i core, f\u00e5r alle sites den forbedring uden ekstra plugins eller MU-packages.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Hvor passer wp-password-bcrypt ind i billedet?<\/h2>\n\n\n\n<p>Roots\u2019 <code>wp-password-bcrypt<\/code> blev oprindeligt lavet for at give WordPress-sites bedre password-sikkerhed <em>f\u00f8r<\/em> core havde en st\u00e6rk standardl\u00f8sning. Mange Bedrock-projekter har derfor haft pakken som en del af deres Composer setup.<\/p>\n\n\n\n<p>N\u00e5r WordPress 6.8 selv h\u00e5ndterer bcrypt, bliver <code>wp-password-bcrypt<\/code> un\u00f8dvendig. Roots\u2019 plan er derfor at udfase den: pakken bliver markeret som <strong>abandoned<\/strong> p\u00e5 Packagist, referencer fjernes fra Bedrock og dokumentation, og GitHub-repoet arkiveres.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Det vigtigste: Du kan fjerne pakken uden at migrere passwords<\/h2>\n\n\n\n<p>Den praktiske konsekvens for dig som udvikler er ret enkel:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n\n<li>Hvis sitet k\u00f8rer <strong>WordPress 6.8 eller nyere<\/strong>, beh\u00f8ver du ikke l\u00e6ngere <code>wp-password-bcrypt<\/code>.<\/li>\n\n\n<li>Du kan fjerne pakken sikkert \u2014 <strong>eksisterende passwords forts\u00e6tter med at virke<\/strong>.<\/li>\n\n\n<li>Du skal ikke k\u00f8re migreringsscripts eller tvinge password resets; WordPress core h\u00e5ndterer authentication med bcrypt, hvor det er relevant.<\/li>\n\n<\/ul>\n\n\n\n<div class=\"wp-block-group callout callout-info is-style-info is-layout-flow wp-block-group-is-layout-flow\" style=\"border-width:1px;border-radius:8px;padding-top:1rem;padding-right:1.5rem;padding-bottom:1rem;padding-left:1.5rem\">\n\n<h4 class=\"wp-block-heading callout-title\">Hvorfor virker eksisterende passwords stadig?<\/h4>\n\n\n<p>WordPress\u2019 autentificering er lavet til at kunne validere eksisterende password-hashes og gradvist flytte brugere over til en nyere hashing-metode, n\u00e5r de logger ind eller skifter password. If\u00f8lge Roots\u2019 udmelding kr\u00e6ver fjernelsen af <code>wp-password-bcrypt<\/code> derfor ingen manuelle trin.<\/p>\n\n<\/div>\n\n\n\n<h2 class=\"wp-block-heading\">Oprydning i Bedrock\/Composer: s\u00e5dan fjerner du wp-password-bcrypt<\/h2>\n\n\n\n<p>I Bedrock og andre Composer-baserede WordPress-projekter ligger <code>wp-password-bcrypt<\/code> typisk som en dependency. N\u00e5r du har opgraderet til WordPress 6.8+ (og har verificeret at deployen er stabil), kan du rydde den ud.<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n\n<li>S\u00f8rg for, at sitet faktisk k\u00f8rer WordPress <strong>6.8 eller nyere<\/strong> (staging f\u00f8rst, som altid).<\/li>\n\n\n<li>Fjern pakken fra din <code>composer.json<\/code> og k\u00f8r en Composer update.<\/li>\n\n\n<li>Deploy \u00e6ndringen, og lav et hurtigt login-check med en eksisterende bruger (gerne b\u00e5de admin og en \u201calmindelig\u201d bruger).<\/li>\n\n<\/ol>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono\" style=\"font-size:.875rem;font-family:Code-Pro-JetBrains-Mono,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;line-height:1.25rem;--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:block;padding:16px 0 0 16px;margin-bottom:-1px;width:100%;text-align:left;background-color:#24292e\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"54\" height=\"14\" viewBox=\"0 0 54 14\"><g fill=\"none\" fill-rule=\"evenodd\" transform=\"translate(1 1)\"><circle cx=\"6\" cy=\"6\" r=\"6\" fill=\"#FF5F56\" stroke=\"#E0443E\" stroke-width=\".5\"><\/circle><circle cx=\"26\" cy=\"6\" r=\"6\" fill=\"#FFBD2E\" stroke=\"#DEA123\" stroke-width=\".5\"><\/circle><circle cx=\"46\" cy=\"6\" r=\"6\" fill=\"#27C93F\" stroke=\"#1AAB29\" stroke-width=\".5\"><\/circle><\/g><\/svg><\/span><span role=\"button\" tabindex=\"0\" style=\"color:#e1e4e8;display:none\" aria-label=\"Copy\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly># Fjern pakken fra dit projekt\ncomposer remove roots\/wp-password-bcrypt\n\n# Commit \u00e6ndringerne (composer.json + composer.lock)\ngit status\n\n<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2m-6 9l2 2 4-4\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2\"><\/path><\/svg><\/span><pre class=\"shiki github-dark\" style=\"background-color:#24292e;color:#e1e4e8\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color:#6A737D\"># Fjern pakken fra dit projekt<\/span><\/span>\n<span class=\"line\"><span style=\"color:#B392F0\">composer<\/span><span style=\"color:#9ECBFF\"> remove<\/span><span style=\"color:#9ECBFF\"> roots\/wp-password-bcrypt<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color:#6A737D\"># Commit \u00e6ndringerne (composer.json + composer.lock)<\/span><\/span>\n<span class=\"line\"><span style=\"color:#B392F0\">git<\/span><span style=\"color:#9ECBFF\"> status<\/span><\/span>\n<span class=\"line\"><\/span><\/code><\/pre><\/div>\n\n\n\n<div class=\"wp-block-group callout callout-warning is-style-warning is-layout-flow wp-block-group-is-layout-flow\" style=\"border-width:1px;border-radius:8px;padding-top:1rem;padding-right:1.5rem;padding-bottom:1rem;padding-left:1.5rem\">\n\n<h4 class=\"wp-block-heading callout-title\">Timing: fjern f\u00f8rst efter core-opgradering<\/h4>\n\n\n<p>Hvis du fjerner <code>wp-password-bcrypt<\/code> f\u00f8r du er p\u00e5 WordPress 6.8+, risikerer du at miste den forbedrede hashing, du havde tilf\u00f8jet netop for at h\u00e6ve sikkerheden. Opgrad\u00e9r core f\u00f8rst, ryd derefter op.<\/p>\n\n<\/div>\n\n\n\n<h2 class=\"wp-block-heading\">Hvad sker der med pakken fremover?<\/h2>\n\n\n\n<p>Roots\u2019 udmelding er ret klar: <code>wp-password-bcrypt<\/code> bliver ikke videreudviklet. Den bliver markeret som abandoned p\u00e5 Packagist, referencer fjernes fra Bedrock-setup og dokumentation, og GitHub-repoet bliver arkiveret. Med andre ord: forvent ikke fixes eller kompatibilitetsarbejde fremadrettet \u2014 og planl\u00e6g at fjerne den, n\u00e5r du er p\u00e5 WordPress 6.8+.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Kort opsummering<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n\n<li>WordPress 6.8 g\u00f8r <strong>bcrypt<\/strong> til standard password hashing i core.<\/li>\n\n\n<li><code>roots\/wp-password-bcrypt<\/code> bliver overfl\u00f8dig og udfases\/arkiveres.<\/li>\n\n\n<li>P\u00e5 WordPress 6.8+ kan du fjerne pakken uden migrering: eksisterende passwords forts\u00e6tter med at virke.<\/li>\n\n\n<li>Hvis du bruger Bedrock\/Composer: fjern dependency og deploy som normalt, men f\u00f8rst efter core-opgradering.<\/li>\n\n<\/ul>\n\n\n<div class=\"references-section\">\n                <h2>Referencer \/ Kilder<\/h2>\n                <ul class=\"references-list\"><li><a href=\"https:\/\/roots.io\/sunsetting-wp-password-bcrypt-with-wordpress-6-8\/\" target=\"_blank\" rel=\"noopener noreferrer\">Sunsetting wp-password-bcrypt with WordPress 6.8<\/a><\/li><li><a href=\"https:\/\/make.wordpress.org\/core\/2025\/02\/17\/wordpress-6-8-will-use-bcrypt-for-password-hashing\/\" target=\"_blank\" rel=\"noopener noreferrer\">WordPress 6.8 will use bcrypt for password hashing<\/a><\/li><li><a href=\"https:\/\/github.com\/roots\/wp-password-bcrypt\" target=\"_blank\" rel=\"noopener noreferrer\">roots\/wp-password-bcrypt<\/a><\/li><li><a href=\"https:\/\/github.com\/roots\/bedrock\" target=\"_blank\" rel=\"noopener noreferrer\">roots\/bedrock<\/a><\/li><\/ul>\n            <\/div>","protected":false},"excerpt":{"rendered":"<p>K\u00f8rer du Bedrock eller har du tidligere tilf\u00f8jet bcrypt via wp-password-bcrypt? Med WordPress 6.8 bliver bcrypt en del af core, s\u00e5 pakken kan fjernes uden password-migrering.<\/p>\n","protected":false},"author":63,"featured_media":121,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9],"tags":[68,67,8,11,10],"class_list":["post-123","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-sikkerhed","tag-authentication","tag-bedrock","tag-composer","tag-sikkerhed","tag-wordpress"],"_links":{"self":[{"href":"https:\/\/helloblog.io\/da\/wp-json\/wp\/v2\/posts\/123","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/helloblog.io\/da\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/helloblog.io\/da\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/helloblog.io\/da\/wp-json\/wp\/v2\/users\/63"}],"replies":[{"embeddable":true,"href":"https:\/\/helloblog.io\/da\/wp-json\/wp\/v2\/comments?post=123"}],"version-history":[{"count":1,"href":"https:\/\/helloblog.io\/da\/wp-json\/wp\/v2\/posts\/123\/revisions"}],"predecessor-version":[{"id":144,"href":"https:\/\/helloblog.io\/da\/wp-json\/wp\/v2\/posts\/123\/revisions\/144"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/helloblog.io\/da\/wp-json\/wp\/v2\/media\/121"}],"wp:attachment":[{"href":"https:\/\/helloblog.io\/da\/wp-json\/wp\/v2\/media?parent=123"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/helloblog.io\/da\/wp-json\/wp\/v2\/categories?post=123"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/helloblog.io\/da\/wp-json\/wp\/v2\/tags?post=123"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}