{"id":101,"date":"2025-02-20T00:00:00","date_gmt":"2025-02-19T23:00:00","guid":{"rendered":"https:\/\/helloblog.io\/lt\/wordpress-6-8-bcrypt-wp-password-bcrypt-pabaiga\/"},"modified":"2026-01-20T06:33:13","modified_gmt":"2026-01-20T05:33:13","slug":"wordpress-6-8-bcrypt-wp-password-bcrypt-pabaiga","status":"publish","type":"post","link":"https:\/\/helloblog.io\/lt\/wordpress-6-8-bcrypt-wp-password-bcrypt-pabaiga\/","title":{"rendered":"WordPress 6.8 pereina prie bcrypt: kod\u0117l galima ramiai atsisakyti wp-password-bcrypt"},"content":{"rendered":"\n<p>WordPress autentifikacijos saugumas ilg\u0105 laik\u0105 buvo tema, kurioje bendruomen\u0117 jud\u0117jo ma\u017eais \u017eingsniais: branduolys keit\u0117si atsargiai, o projektai, kuriems svarbus saugumas, da\u017enai remdavosi papildomais sprendimais. Vienas i\u0161 toki\u0173 sprendim\u0173 buvo Roots komandos paketas <code>wp-password-bcrypt<\/code>, leid\u0119s WordPress instaliacijose naudoti bcrypt slapta\u017eod\u017ei\u0173 mai\u0161ymui (hashing) dar iki tol, kol tai atsirado core\u2019e.<\/p>\n\n\n\n<p>Pagal Roots paskelbt\u0105 informacij\u0105, su art\u0117jan\u010diu WordPress 6.8 leidimu situacija i\u0161 esm\u0117s kei\u010diasi: bcrypt oficialiai tampa numatytuoju slapta\u017eod\u017ei\u0173 mai\u0161os metodu WordPress branduolyje. Tai rei\u0161kia dvi praktines i\u0161vadas: WordPress prisijungimai tampa saugesni \u201eout of the box\u201c, o <code>wp-password-bcrypt<\/code> daugeliui projekt\u0173 nebeturi prasm\u0117s.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Kas kei\u010diasi WordPress 6.8: bcrypt kaip numatytasis hashing<\/h2>\n\n\n\n<p>bcrypt yra pla\u010diai naudojamas slapta\u017eod\u017ei\u0173 mai\u0161os algoritmas, sukurtas b\u016btent slapta\u017eod\u017eiams: jis yra l\u0117tas ir turi \u201ecost\u201c parametr\u0105, tod\u0117l apsunkina bruteforce atakas, net jei u\u017epuolikas gauna duomen\u0173 baz\u0117je esan\u010dias mai\u0161as. Tai n\u0117ra sidabrin\u0117 kulka, bet tai labai konkretus ir ap\u010diuopiamas pagerinimas palyginus su istori\u0161kai naudotais greitesniais metodais.<\/p>\n\n\n\n<p>Svarbiausia praktin\u0117 detal\u0117: WordPress 6.8 branduolys pats \u201etvarkingai\u201c pasir\u016bpina autentifikacija ten, kur galima taikyti bcrypt. Kitaip tariant, tau nebereikia papildomo paketo vien tam, kad tur\u0117tum bcrypt slapta\u017eod\u017eiams.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">K\u0105 daryti, jei \u0161iuo metu naudoji wp-password-bcrypt?<\/h2>\n\n\n\n<p>Jei tavo svetain\u0117 veikia su WordPress 6.8 ar naujesne versija, <code>wp-password-bcrypt<\/code> gali b\u016bti pa\u0161alintas. Roots pabr\u0117\u017eia kelis dalykus, kurie da\u017eniausiai kelia klausim\u0173 komandose ir pas klientus:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n\n<li>Papildom\u0173 migracij\u0173 nereikia \u2013 esami vartotoj\u0173 slapta\u017eod\u017eiai ir toliau veiks.<\/li>\n\n\n<li>Nereikia priverstinai \u201eperhashinti\u201c ar resetinti slapta\u017eod\u017ei\u0173.<\/li>\n\n\n<li>WordPress branduolys perima atsakomyb\u0119 ir naudoja bcrypt ten, kur taikoma.<\/li>\n\n<\/ul>\n\n\n\n<div class=\"wp-block-group callout callout-success is-style-success is-layout-flow wp-block-group-is-layout-flow\" style=\"border-width:1px;border-radius:8px;padding-top:1rem;padding-right:1.5rem;padding-bottom:1rem;padding-left:1.5rem\">\n\n<h4 class=\"wp-block-heading callout-title\">Svarbu praktikoje<\/h4>\n\n\n<p>Pa\u0161alinimas tur\u0117t\u0173 b\u016bti \u201elow risk\u201c pakeitimas, jei jau esi WordPress 6.8+ \u2013 pagal paskelbim\u0105, autentifikacija i\u0161lieka sklandi, o slapta\u017eod\u017ei\u0173 migracijos \u017eingsni\u0173 nereikia.<\/p>\n\n<\/div>\n\n\n\n<h3 class=\"wp-block-heading\">Kaip tai atrodo projektuose su Composer (Bedrock ir pan.)<\/h3>\n\n\n\n<p>Daugelyje moderni\u0173 WordPress projekt\u0173 (ypa\u010d Bedrock ekosistemoje) <code>wp-password-bcrypt<\/code> da\u017eniausiai atsiranda kaip Composer priklausomyb\u0117. WordPress 6.8 kontekste logika paprasta: jei tavo runtime aplinka jau atnaujinta, t\u0105 priklausomyb\u0119 galima i\u0161imti i\u0161 <code>composer.json<\/code> ir atitinkamai paleisti priklausomybi\u0173 atnaujinim\u0105 (pvz., <code>composer update<\/code>). Konkret\u016bs veiksmai priklauso nuo tavo repo politikos (lock failo tvarkymas, CI, deploy), bet pati id\u0117ja \u2013 pa\u0161alinti nebereikaling\u0105 paket\u0105.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Kas nutiks pa\u010diam wp-password-bcrypt paketui?<\/h2>\n\n\n\n<p>Roots savo \u012fra\u0161e nurodo ai\u0161k\u0173 plan\u0105, kad paketas pereina \u012f u\u017ebaigimo (sunset) faz\u0119. Tai rei\u0161kia, kad ekosistemoje jis bus formaliai \u201eu\u017edarytas\u201c ir neberekomenduojamas naujiems projektams:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n\n<li>Packagist\u2019e <code>wp-password-bcrypt<\/code> bus pa\u017eym\u0117tas kaip <strong>abandoned<\/strong> (nebepalaikomas).<\/li>\n\n\n<li>I\u0161 Bedrock ir susijusios dokumentacijos bus pa\u0161alintos nuorodos \u012f \u0161\u012f paket\u0105.<\/li>\n\n\n<li>GitHub repozitorija bus archyvuota.<\/li>\n\n<\/ul>\n\n\n\n<p>\u0160itas sprendimas yra visi\u0161kai logi\u0161kas: kai funkcionalumas tampa branduolio dalimi, papildomas paketas tik didina prie\u017ei\u016bros ka\u0161tus ir rizik\u0105 (daugiau kod\u0173 keli\u0173, daugiau suderinamumo klausim\u0173, daugiau atnaujinim\u0173 cikl\u0173).<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">K\u0105 tai rei\u0161kia saugumo prasme WordPress projektams?<\/h2>\n\n\n\n<p>Did\u017eiausias laim\u0117jimas \u2013 saugumo baz\u0117 kyla visiems, o ne tik tiems, kurie s\u0105moningai \u012fsidiegia papildomus sprendimus. Praktikoje tai da\u017enai suma\u017eina skirtum\u0105 tarp \u201eenterprise\u201c disciplinos projekt\u0173 ir paprast\u0173 turinio svetaini\u0173.<\/p>\n\n\n\n<p>Kitas pliusas \u2013 ma\u017eiau \u201ecustom\u201c autentifikacijos sluoksni\u0173. Kuo ma\u017eiau papildom\u0173 hook\u2019\u0173 ir perra\u0161ym\u0173 slapta\u017eod\u017ei\u0173 tikrinimo kelyje, tuo ma\u017eiau netik\u0117t\u0173 edge case\u2019\u0173 (ypa\u010d kai ateina core atnaujinimai ar hostingo aplinkos poky\u010diai).<\/p>\n\n\n\n<div class=\"wp-block-group callout callout-warning is-style-warning is-layout-flow wp-block-group-is-layout-flow\" style=\"border-width:1px;border-radius:8px;padding-top:1rem;padding-right:1.5rem;padding-bottom:1rem;padding-left:1.5rem\">\n\n<h4 class=\"wp-block-heading callout-title\">Nepamir\u0161k konteksto<\/h4>\n\n\n<p>bcrypt numatytasis naudojimas yra reik\u0161mingas patobulinimas, bet jis nepakei\u010dia kit\u0173 higienos dalyk\u0173: 2FA, rate limiting, stiprios slapta\u017eod\u017ei\u0173 politikos, atnaujinim\u0173 ir saugios infrastrukt\u016bros.<\/p>\n\n<\/div>\n\n\n\n<h2 class=\"wp-block-heading\">Trumpa santrauka<\/h2>\n\n\n\n<ol class=\"wp-block-list\">\n\n<li>WordPress 6.8 branduolyje bcrypt tampa numatytuoju slapta\u017eod\u017ei\u0173 hashing metodu.<\/li>\n\n\n<li>Jei naudoji WordPress 6.8+ \u2013 <code>wp-password-bcrypt<\/code> nebereikalingas ir gali b\u016bti pa\u0161alintas.<\/li>\n\n\n<li>Roots paket\u0105 \u017eymi kaip abandoned, \u0161alina i\u0161 Bedrock dokumentacijos ir archyvuoja repozitorij\u0105.<\/li>\n\n\n<li>Esami slapta\u017eod\u017eiai toliau veikia \u2013 migracijos \u017eingsni\u0173 pagal paskelbim\u0105 nereikia.<\/li>\n\n<\/ol>\n\n\n<div class=\"references-section\">\n                <h2>Nuorodos \/ \u0160altiniai<\/h2>\n                <ul class=\"references-list\"><li><a href=\"https:\/\/roots.io\/sunsetting-wp-password-bcrypt-with-wordpress-6-8\/\" target=\"_blank\" rel=\"noopener noreferrer\">Sunsetting wp-password-bcrypt with WordPress 6.8<\/a><\/li><li><a href=\"https:\/\/make.wordpress.org\/core\/2025\/02\/17\/wordpress-6-8-will-use-bcrypt-for-password-hashing\/\" target=\"_blank\" rel=\"noopener noreferrer\">WordPress 6.8 will use bcrypt for password hashing<\/a><\/li><li><a href=\"https:\/\/github.com\/roots\/wp-password-bcrypt\" target=\"_blank\" rel=\"noopener noreferrer\">roots\/wp-password-bcrypt<\/a><\/li><li><a href=\"https:\/\/github.com\/roots\/bedrock\" target=\"_blank\" rel=\"noopener noreferrer\">roots\/bedrock<\/a><\/li><\/ul>\n            <\/div>","protected":false},"excerpt":{"rendered":"<p>WordPress 6.8 branduolyje bcrypt tampa numatytuoju slapta\u017eod\u017ei\u0173 mai\u0161os algoritmu. Jei iki \u0161iol projekte naudojai wp-password-bcrypt, nuo 6.8 j\u012f gali pa\u0161alinti be migracij\u0173 ir be vartotoj\u0173 slapta\u017eod\u017ei\u0173 \u201eperdarymo\u201c.<\/p>\n","protected":false},"author":55,"featured_media":100,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9],"tags":[68,69,4,11,10],"class_list":["post-101","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-saugumas","tag-autentifikacija","tag-bcrypt","tag-roots","tag-saugumas","tag-wordpress"],"_links":{"self":[{"href":"https:\/\/helloblog.io\/lt\/wp-json\/wp\/v2\/posts\/101","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/helloblog.io\/lt\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/helloblog.io\/lt\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/helloblog.io\/lt\/wp-json\/wp\/v2\/users\/55"}],"replies":[{"embeddable":true,"href":"https:\/\/helloblog.io\/lt\/wp-json\/wp\/v2\/comments?post=101"}],"version-history":[{"count":1,"href":"https:\/\/helloblog.io\/lt\/wp-json\/wp\/v2\/posts\/101\/revisions"}],"predecessor-version":[{"id":122,"href":"https:\/\/helloblog.io\/lt\/wp-json\/wp\/v2\/posts\/101\/revisions\/122"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/helloblog.io\/lt\/wp-json\/wp\/v2\/media\/100"}],"wp:attachment":[{"href":"https:\/\/helloblog.io\/lt\/wp-json\/wp\/v2\/media?parent=101"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/helloblog.io\/lt\/wp-json\/wp\/v2\/categories?post=101"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/helloblog.io\/lt\/wp-json\/wp\/v2\/tags?post=101"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}