{"id":111,"date":"2025-02-20T00:00:00","date_gmt":"2025-02-19T23:00:00","guid":{"rendered":"https:\/\/helloblog.io\/et\/wordpress-6-8-bcrypt-wp-password-bcrypt-paevakorrast-maas\/"},"modified":"2026-01-20T06:33:09","modified_gmt":"2026-01-20T05:33:09","slug":"wordpress-6-8-bcrypt-wp-password-bcrypt-paevakorrast-maas","status":"publish","type":"post","link":"https:\/\/helloblog.io\/et\/wordpress-6-8-bcrypt-wp-password-bcrypt-paevakorrast-maas\/","title":{"rendered":"WordPress 6.8 toob bcrypti core\u2019i: mida teha wp-password-bcrypt paketiga?"},"content":{"rendered":"\n<p>WordPressi paroolide teema on aastate jooksul olnud klassikaline koht, kus arendajad pidid ise natuke \u201ccore\u2019ist ette\u201d m\u00f5tlema. Roots\u2019i kogukonnas lahendati see pikalt paketiga <code>wp-password-bcrypt<\/code>, mis sundis WordPressi kasutama tugevamat paroolide r\u00e4simist (hashing). WordPress 6.8 tulekuga j\u00f5uab see v\u00f5imekus l\u00f5puks ametlikult core\u2019i \u2013 ja see t\u00e4hendab, et eraldi paketti pole enam m\u00f5tet kaasas tassida.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Mis muutub WordPress 6.8-ga?<\/h2>\n\n\n\n<p>WordPress 6.8 (avalduse j\u00e4rgi) hakkab core\u2019is kasutama paroolide r\u00e4simiseks <em>bcrypti<\/em>. bcrypt on paroolihash\u2019ide jaoks laialt kasutatav algoritm, mille suur eelis on see, et see on teadlikult \u201caeglane\u201d \u2013 see teeb brute-force ja GPU-p\u00f5hised r\u00fcnnakud oluliselt kallimaks v\u00f5rreldes vanemate l\u00e4henemistega.<\/p>\n\n\n\n<p>Praktiline tagaj\u00e4rg arendaja jaoks: kui su sait jookseb WordPress 6.8 v\u00f5i uuema peal, siis paroolide turvalisem r\u00e4simine on n\u00fc\u00fcd core\u2019i vastutus. See v\u00f5tab \u00e4ra vajaduse hoida projektis eraldi paketti, mis sama asja teeb.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Miks <code>wp-password-bcrypt<\/code> p\u00e4ikeseloojangule l\u00e4heb?<\/h2>\n\n\n\n<p>Roots\u2019i tiim teatas, et <code>wp-password-bcrypt<\/code> muutub WordPress 6.8 kontekstis \u00fcleliigseks ning nad hakkavad paketti aktiivselt l\u00f5petama (sunsetting). Nende plaan h\u00f5lmab j\u00e4rgmisi samme:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n\n<li>Pakett m\u00e4rgitakse Packagistis staatusega <strong>abandoned<\/strong>.<\/li>\n\n\n<li>Viited eemaldatakse Bedrockist ja seotud dokumentatsioonist.<\/li>\n\n\n<li>GitHubi repo arhiveeritakse.<\/li>\n\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Kas ma pean paroole migreerima?<\/h2>\n\n\n\n<p>Ei. Teate sisu j\u00e4rgi ei ole vaja \u00fchtegi eraldi migratsiooni ega paroolide \u201c\u00fcmberr\u00e4simist\u201d k\u00e4sitsi k\u00e4ivitada. Olemasolevad paroolid j\u00e4tkavad t\u00f6\u00f6tamist ning WordPress core tegeleb autentimisega edasi, kasutades bcrypti seal, kus see on rakendatav.<\/p>\n\n\n\n<div class=\"wp-block-group callout callout-success is-style-success is-layout-flow wp-block-group-is-layout-flow\" style=\"border-width:1px;border-radius:8px;padding-top:1rem;padding-right:1.5rem;padding-bottom:1rem;padding-left:1.5rem\">\n\n<h4 class=\"wp-block-heading callout-title\">Hea uudis Bedrocki projektidele<\/h4>\n\n\n<p>Kui oled Bedrocki\/Composeriga WordPressi peal ja sul on <code>wp-password-bcrypt<\/code> dependency, siis WordPress 6.8+ korral saad selle lihtsalt eemaldada \u2013 ilma paroolide v\u00f5i kasutajate lisatoiminguteta.<\/p>\n\n<\/div>\n\n\n\n<h2 class=\"wp-block-heading\">Soovituslik tegevus arendustiimile (6.8+ saitidel)<\/h2>\n\n\n\n<p>Kui sinu tootmiskeskkond on WordPress 6.8 v\u00f5i uuem, on m\u00f5istlik dependency\u2019te audit teha ja <code>wp-password-bcrypt<\/code> projektist v\u00e4lja t\u00f5sta. Eesm\u00e4rk pole ainult \u201cv\u00e4hem pakette\u201d, vaid ka selgem vastutuspiir: paroolihash on n\u00fc\u00fcd core\u2019i lahendus.<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n\n<li>Veendu, et saidil on WordPress 6.8 v\u00f5i uuem (ning uuendus on plaanis ka tootmises, mitte ainult lokaalsetes keskkondades).<\/li>\n\n\n<li>Leia, kas projekt kasutab <code>roots\/wp-password-bcrypt<\/code> paketti (nt <code>composer.json<\/code> \/ <code>composer.lock<\/code>).<\/li>\n\n\n<li>Eemalda pakett dependency\u2019te hulgast ja tee tavap\u00e4rane deploy.<\/li>\n\n\n<li>Kontrolli sisselogimist ja parooli vahetamist testkasutajaga, et kinnitada autentimisvoog tootmises.<\/li>\n\n<\/ol>\n\n\n\n<div class=\"wp-block-group callout callout-warning is-style-warning is-layout-flow wp-block-group-is-layout-flow\" style=\"border-width:1px;border-radius:8px;padding-top:1rem;padding-right:1.5rem;padding-bottom:1rem;padding-left:1.5rem\">\n\n<h4 class=\"wp-block-heading callout-title\">\u00c4ra eemalda paketti enne, kui core on 6.8+<\/h4>\n\n\n<p>Kui sul on veel WordPressi versioon, mis bcrypti core\u2019is ei kasuta, siis <code>wp-password-bcrypt<\/code> eemaldamine t\u00e4hendab reaalselt turvataseme langust. Aja dependency muutus kokku WordPressi uuendusega.<\/p>\n\n<\/div>\n\n\n\n<h2 class=\"wp-block-heading\">Mida see t\u00e4hendab WordPressi turvalisuse vaates?<\/h2>\n\n\n\n<p>Suur pilt on lihtne: bcrypt core\u2019is t\u00e4hendab, et parem paroolide r\u00e4simine ei ole enam \u201cteadlike tiimide lisakiht\u201d, vaid vaikimisi standard. See v\u00e4hendab fragmentatsiooni (iga\u00fcks eri plugin\/pakett), teeb turvaauditid sirgjoonelisemaks ja parandab keskmise WordPressi installatsiooni kaitset ilma, et saidi omanik v\u00f5i arendaja peaks eraldi midagi leidma, valima ja hooldama.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Kokkuv\u00f5te<\/h2>\n\n\n\n<p>WordPress 6.8 toob bcrypti paroolihashimise ametlikult core\u2019i. Roots\u2019i <code>wp-password-bcrypt<\/code> oli seni praktiline viis WordPressi autentimist tugevdada, kuid 6.8+ maailmas pole seda enam vaja. Kui su projekt on 6.8 v\u00f5i uuema peal, saad paketi eemaldada ilma paroolide migratsioonita; Roots m\u00e4rgib paketi abandoned\u2019iks, eemaldab viited Bedrockist ning arhiveerib repo.<\/p>\n\n\n<div class=\"references-section\">\n                <h2>Viited \/ Allikad<\/h2>\n                <ul class=\"references-list\"><li><a href=\"https:\/\/roots.io\/sunsetting-wp-password-bcrypt-with-wordpress-6-8\/\" target=\"_blank\" rel=\"noopener noreferrer\">Sunsetting wp-password-bcrypt with WordPress 6.8<\/a><\/li><li><a href=\"https:\/\/make.wordpress.org\/core\/2025\/02\/17\/wordpress-6-8-will-use-bcrypt-for-password-hashing\/\" target=\"_blank\" rel=\"noopener noreferrer\">WordPress 6.8 will use bcrypt for password hashing<\/a><\/li><li><a href=\"https:\/\/github.com\/roots\/wp-password-bcrypt\" target=\"_blank\" rel=\"noopener noreferrer\">roots\/wp-password-bcrypt<\/a><\/li><li><a href=\"https:\/\/github.com\/roots\/bedrock\" target=\"_blank\" rel=\"noopener noreferrer\">roots\/bedrock<\/a><\/li><\/ul>\n            <\/div>","protected":false},"excerpt":{"rendered":"<p>Kui oled seni kasutanud Roots\u2019i `wp-password-bcrypt` paketti, siis WordPress 6.8 muudab selle praktiliselt \u00fcleliigseks. Vaatame, mis t\u00e4pselt muutub ja kuidas projektid turvaliselt puhtamaks teha.<\/p>\n","protected":false},"author":48,"featured_media":109,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[50],"tags":[66,65,67,3,9],"class_list":["post-111","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-turvalisus","tag-autentimine","tag-bcrypt","tag-bedrock","tag-roots","tag-wordpress"],"_links":{"self":[{"href":"https:\/\/helloblog.io\/et\/wp-json\/wp\/v2\/posts\/111","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/helloblog.io\/et\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/helloblog.io\/et\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/helloblog.io\/et\/wp-json\/wp\/v2\/users\/48"}],"replies":[{"embeddable":true,"href":"https:\/\/helloblog.io\/et\/wp-json\/wp\/v2\/comments?post=111"}],"version-history":[{"count":1,"href":"https:\/\/helloblog.io\/et\/wp-json\/wp\/v2\/posts\/111\/revisions"}],"predecessor-version":[{"id":133,"href":"https:\/\/helloblog.io\/et\/wp-json\/wp\/v2\/posts\/111\/revisions\/133"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/helloblog.io\/et\/wp-json\/wp\/v2\/media\/109"}],"wp:attachment":[{"href":"https:\/\/helloblog.io\/et\/wp-json\/wp\/v2\/media?parent=111"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/helloblog.io\/et\/wp-json\/wp\/v2\/categories?post=111"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/helloblog.io\/et\/wp-json\/wp\/v2\/tags?post=111"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}