{"id":125,"date":"2025-02-20T00:00:00","date_gmt":"2025-02-19T23:00:00","guid":{"rendered":"https:\/\/helloblog.io\/ro\/wordpress-6-8-bcrypt-renunta-la-wp-password-bcrypt\/"},"modified":"2026-01-20T06:32:55","modified_gmt":"2026-01-20T05:32:55","slug":"wordpress-6-8-bcrypt-renunta-la-wp-password-bcrypt","status":"publish","type":"post","link":"https:\/\/helloblog.io\/ro\/wordpress-6-8-bcrypt-renunta-la-wp-password-bcrypt\/","title":{"rendered":"WordPress 6.8 trece pe bcrypt: de ce po\u021bi renun\u021ba la wp-password-bcrypt (\u0219i ce se \u00eent\u00e2mpl\u0103 cu parolele existente)"},"content":{"rendered":"\n<p>WordPress a fost criticat ani la r\u00e2nd pentru modul \u00een care gestioneaz\u0103 anumite aspecte de securitate \u201edin mo\u0219tenire\u201d. Unul dintre cele mai sensibile e hashing-ul parolelor (adic\u0103 modul \u00een care WordPress transform\u0103 parola \u00eentr-o valoare care se stocheaz\u0103 \u00een baza de date, f\u0103r\u0103 s\u0103 p\u0103streze parola \u00een clar). Odat\u0103 cu WordPress 6.8, nucleul (core) face un pas mare \u00eenainte: bcrypt devine metoda implicit\u0103 pentru hashing-ul parolelor.<\/p>\n\n\n\n<p>Consecin\u021ba direct\u0103 pentru multe proiecte moderne: pachetul <code>wp-password-bcrypt<\/code> (popular \u00een ecosistemul Roots\/Bedrock) nu mai e necesar dup\u0103 upgrade la WordPress 6.8. Mai mult, Roots a anun\u021bat oficial c\u0103 \u00eel \u201esunset-uie\u0219te\u201d (\u00eel retrage treptat din uz), fiindc\u0103 WordPress core acoper\u0103 acum aceea\u0219i nevoie.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Ce se schimb\u0103 \u00een WordPress 6.8: bcrypt devine default \u00een core<\/h2>\n\n\n\n<p>Conform anun\u021bului din Make WordPress Core, WordPress 6.8 va folosi bcrypt pentru password hashing. bcrypt este un algoritm consacrat pentru stocarea sigur\u0103 a parolelor, proiectat special ca s\u0103 fie lent \u0219i \u201ecostly\u201d (\u00een sensul bun) pentru atacatori, inclusiv \u00een scenarii de brute force pe hash-uri furate.<\/p>\n\n\n\n<p>Important: vorbim de hashing, nu de criptare. Hashing-ul e un proces unidirec\u021bional: WordPress nu \u201edecripteaz\u0103\u201d parola; doar compar\u0103 hash-ul generat la login cu cel stocat.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">De ce wp-password-bcrypt devine inutil dup\u0103 upgrade<\/h2>\n\n\n\n<p><code>wp-password-bcrypt<\/code> a ap\u0103rut ca solu\u021bie pragmatic\u0103 \u00eenainte ca WordPress core s\u0103 ofere o op\u021biune modern\u0103, robust\u0103, pentru hashing-ul parolelor. \u00cen multe setup-uri (\u00een special proiecte construite pe Bedrock), pachetul era o \u00eembun\u0103t\u0103\u021bire u\u0219or de adoptat pentru un risc real: parole hash-uite cu algoritmi mai vechi sunt mai vulnerabile \u00een timp, mai ales c\u00e2nd atacatorii au hardware dedicat.<\/p>\n\n\n\n<p>Odat\u0103 ce WordPress 6.8 include bcrypt direct \u00een core, acea \u00eembun\u0103t\u0103\u021bire nu mai are de ce s\u0103 fie \u201elipit\u0103\u201d din exterior. Practic, WordPress face nativ ceea ce f\u0103cea pachetul.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Ce \u00eenseamn\u0103 concret pentru site-uri \u0219i aplica\u021bii<\/h2>\n\n\n\n<p>Dac\u0103 rulezi WordPress 6.8 sau mai nou, po\u021bi scoate <code>wp-password-bcrypt<\/code> din proiect f\u0103r\u0103 s\u0103 faci pa\u0219i speciali de migrare. Parolele existente continu\u0103 s\u0103 func\u021bioneze, iar WordPress se ocup\u0103 \u201edin mers\u201d de autentificare folosind bcrypt acolo unde e cazul.<\/p>\n\n\n\n<div class=\"wp-block-group callout callout-success is-style-success is-layout-flow wp-block-group-is-layout-flow\" style=\"border-width:1px;border-radius:8px;padding-top:1rem;padding-right:1.5rem;padding-bottom:1rem;padding-left:1.5rem\">\n\n<h4 class=\"wp-block-heading callout-title\">Pe scurt<\/h4>\n\n\n<p>Pe WordPress 6.8+ po\u021bi elimina <code>wp-password-bcrypt<\/code> \u0219i utilizatorii se vor putea autentifica \u00een continuare. Nu e necesar\u0103 o migrare manual\u0103 a parolelor.<\/p>\n\n<\/div>\n\n\n\n<h2 class=\"wp-block-heading\">Ce anun\u021b\u0103 Roots despre wp-password-bcrypt<\/h2>\n\n\n\n<p>Roots a comunicat c\u0103 va opri practic \u00eentre\u021binerea \u0219i distribu\u021bia activ\u0103 a pachetului, pentru a reflecta faptul c\u0103 nu mai e necesar \u00eentr-un WordPress modern. Concret, planul include:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n\n<li>Marcarea pachetului <code>wp-password-bcrypt<\/code> ca <strong>abandoned<\/strong> pe Packagist<\/li>\n\n\n<li>Eliminarea referin\u021belor la el din Bedrock \u0219i din documenta\u021bia asociat\u0103<\/li>\n\n\n<li>Arhivarea repository-ului GitHub<\/li>\n\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Cum \u00eel elimini (\u00een proiecte cu Composer\/Bedrock)<\/h2>\n\n\n\n<p>\u00cen proiectele bazate pe Bedrock, <code>wp-password-bcrypt<\/code> e de regul\u0103 instalat prin Composer. Eliminarea lui e, \u00een esen\u021b\u0103, o opera\u021biune de dependency management, dar condi\u021bia e s\u0103 fii deja pe WordPress 6.8+ (sau s\u0103 planifici upgrade-ul imediat).<\/p>\n\n\n\n<p>Pa\u0219ii tipici \u00eentr-un proiect Composer arat\u0103 cam a\u0219a:<\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono\" style=\"font-size:.875rem;font-family:Code-Pro-JetBrains-Mono,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;line-height:1.25rem;--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:block;padding:16px 0 0 16px;margin-bottom:-1px;width:100%;text-align:left;background-color:#24292e\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"54\" height=\"14\" viewBox=\"0 0 54 14\"><g fill=\"none\" fill-rule=\"evenodd\" transform=\"translate(1 1)\"><circle cx=\"6\" cy=\"6\" r=\"6\" fill=\"#FF5F56\" stroke=\"#E0443E\" stroke-width=\".5\"><\/circle><circle cx=\"26\" cy=\"6\" r=\"6\" fill=\"#FFBD2E\" stroke=\"#DEA123\" stroke-width=\".5\"><\/circle><circle cx=\"46\" cy=\"6\" r=\"6\" fill=\"#27C93F\" stroke=\"#1AAB29\" stroke-width=\".5\"><\/circle><\/g><\/svg><\/span><span role=\"button\" tabindex=\"0\" style=\"color:#e1e4e8;display:none\" aria-label=\"Copy\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly># 1) Confirm\u0103 versiunea de WordPress (ideal 6.8+)\n# (comanda exact\u0103 depinde de setup; \u00een Bedrock e de obicei un pachet wpackagist)\n\n# 2) Elimin\u0103 pachetul\ncomposer remove roots\/wp-password-bcrypt\n\n# 3) Deploy ca de obicei \u0219i verific\u0103 autentificarea (admin + user obi\u0219nuit)\n<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2m-6 9l2 2 4-4\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2\"><\/path><\/svg><\/span><pre class=\"shiki github-dark\" style=\"background-color:#24292e;color:#e1e4e8\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color:#6A737D\"># 1) Confirm\u0103 versiunea de WordPress (ideal 6.8+)<\/span><\/span>\n<span class=\"line\"><span style=\"color:#6A737D\"># (comanda exact\u0103 depinde de setup; \u00een Bedrock e de obicei un pachet wpackagist)<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color:#6A737D\"># 2) Elimin\u0103 pachetul<\/span><\/span>\n<span class=\"line\"><span style=\"color:#B392F0\">composer<\/span><span style=\"color:#9ECBFF\"> remove<\/span><span style=\"color:#9ECBFF\"> roots\/wp-password-bcrypt<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color:#6A737D\"># 3) Deploy ca de obicei \u0219i verific\u0103 autentificarea (admin + user obi\u0219nuit)<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n<div class=\"wp-block-group callout callout-warning is-style-warning is-layout-flow wp-block-group-is-layout-flow\" style=\"border-width:1px;border-radius:8px;padding-top:1rem;padding-right:1.5rem;padding-bottom:1rem;padding-left:1.5rem\">\n\n<h4 class=\"wp-block-heading callout-title\">Aten\u021bie la momentul elimin\u0103rii<\/h4>\n\n\n<p>Nu scoate pachetul \u00eenainte s\u0103 fii pe WordPress 6.8+ \u00een produc\u021bie. \u00cen caz contrar, te po\u021bi \u00eentoarce la comportamentul vechi de hashing, ceea ce nu e ce vrei din perspectiva securit\u0103\u021bii.<\/p>\n\n<\/div>\n\n\n\n<h2 class=\"wp-block-heading\">Ce se \u00eent\u00e2mpl\u0103 cu parolele deja existente?<\/h2>\n\n\n\n<p>Un detaliu care conteaz\u0103 pentru echipele care administreaz\u0103 site-uri mari: nu e nevoie de reset\u0103ri \u00een mas\u0103 sau de scripturi care \u201erehash-uiesc\u201d parolele. Anun\u021bul Roots subliniaz\u0103 c\u0103 WordPress core va gestiona autentificarea f\u0103r\u0103 pa\u0219i de migrare \u2014 utilizatorii existen\u021bi pot continua s\u0103 se logheze normal.<\/p>\n\n\n\n<p>\u00cen practic\u0103, asta \u00ee\u021bi permite s\u0103 tratezi schimbarea ca pe un upgrade de platform\u0103, nu ca pe un proiect de migrare de date cu risc ridicat.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">De ce schimbarea asta conteaz\u0103 pentru securitatea WordPress<\/h2>\n\n\n\n<p>Securitatea autentific\u0103rii nu e doar despre formulare de login \u0219i rate limiting. Fundamentul e modul \u00een care sunt stocate parolele. Faptul c\u0103 WordPress 6.8 adopt\u0103 bcrypt implicit \u00eenseamn\u0103 o baz\u0103 mai solid\u0103 pentru \u00eentreg ecosistemul: site-uri clasice, magazine WooCommerce, re\u021bele multisite \u0219i aplica\u021bii headless care folosesc WordPress ca backend.<\/p>\n\n\n\n<p>Pentru dezvoltatori, beneficiul major e reducerea dependen\u021belor \u201eobligatorii\u201d pentru hardening de baz\u0103. Dac\u0103 \u00eenainte trebuia s\u0103 adaugi pachete sau pluginuri ca s\u0103 ajungi la un standard modern, acum WordPress vine cu asta la pachet.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Rezumat<\/h2>\n\n\n\n<ol class=\"wp-block-list\">\n\n<li>WordPress 6.8 introduce bcrypt ca metod\u0103 implicit\u0103 pentru password hashing \u00een core.<\/li>\n\n\n<li>Dac\u0103 rulezi WordPress 6.8+, <code>wp-password-bcrypt<\/code> nu mai e necesar \u0219i poate fi eliminat.<\/li>\n\n\n<li>Eliminarea pachetului nu cere migrare manual\u0103; parolele existente continu\u0103 s\u0103 func\u021bioneze.<\/li>\n\n\n<li>Roots marcheaz\u0103 pachetul ca abandoned, scoate referin\u021bele din Bedrock \u0219i arhiveaz\u0103 repository-ul.<\/li>\n\n<\/ol>\n\n\n<div class=\"references-section\">\n                <h2>Referin\u021be \/ Surse<\/h2>\n                <ul class=\"references-list\"><li><a href=\"https:\/\/roots.io\/sunsetting-wp-password-bcrypt-with-wordpress-6-8\/\" target=\"_blank\" rel=\"noopener noreferrer\">Sunsetting wp-password-bcrypt with WordPress 6.8<\/a><\/li><li><a href=\"https:\/\/make.wordpress.org\/core\/2025\/02\/17\/wordpress-6-8-will-use-bcrypt-for-password-hashing\/\" target=\"_blank\" rel=\"noopener noreferrer\">WordPress 6.8 will use bcrypt for password hashing<\/a><\/li><li><a href=\"https:\/\/github.com\/roots\/wp-password-bcrypt\" target=\"_blank\" rel=\"noopener noreferrer\">wp-password-bcrypt<\/a><\/li><li><a href=\"https:\/\/github.com\/roots\/bedrock\" target=\"_blank\" rel=\"noopener noreferrer\">Bedrock<\/a><\/li><\/ul>\n            <\/div>","protected":false},"excerpt":{"rendered":"<p>WordPress 6.8 aduce \u00een nucleu hashing cu bcrypt pentru parole \u2014 o schimbare important\u0103 pentru securitatea autentific\u0103rii. Dac\u0103 foloseai pachetul wp-password-bcrypt, de acum \u00eel po\u021bi elimina f\u0103r\u0103 migrare de parole.<\/p>\n","protected":false},"author":32,"featured_media":124,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[18],"tags":[67,68,69,11,10],"class_list":["post-125","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-ecosistem-wordpress","tag-autentificare","tag-bcrypt","tag-bedrock","tag-securitate","tag-wordpress"],"_links":{"self":[{"href":"https:\/\/helloblog.io\/ro\/wp-json\/wp\/v2\/posts\/125","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/helloblog.io\/ro\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/helloblog.io\/ro\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/helloblog.io\/ro\/wp-json\/wp\/v2\/users\/32"}],"replies":[{"embeddable":true,"href":"https:\/\/helloblog.io\/ro\/wp-json\/wp\/v2\/comments?post=125"}],"version-history":[{"count":1,"href":"https:\/\/helloblog.io\/ro\/wp-json\/wp\/v2\/posts\/125\/revisions"}],"predecessor-version":[{"id":146,"href":"https:\/\/helloblog.io\/ro\/wp-json\/wp\/v2\/posts\/125\/revisions\/146"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/helloblog.io\/ro\/wp-json\/wp\/v2\/media\/124"}],"wp:attachment":[{"href":"https:\/\/helloblog.io\/ro\/wp-json\/wp\/v2\/media?parent=125"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/helloblog.io\/ro\/wp-json\/wp\/v2\/categories?post=125"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/helloblog.io\/ro\/wp-json\/wp\/v2\/tags?post=125"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}