{"id":105,"date":"2025-02-20T00:00:00","date_gmt":"2025-02-19T23:00:00","guid":{"rendered":"https:\/\/helloblog.io\/sk\/wordpress-6-8-bcrypt-wp-password-bcrypt-bedrock\/"},"modified":"2026-01-20T06:33:00","modified_gmt":"2026-01-20T05:33:00","slug":"wordpress-6-8-bcrypt-wp-password-bcrypt-bedrock","status":"publish","type":"post","link":"https:\/\/helloblog.io\/sk\/wordpress-6-8-bcrypt-wp-password-bcrypt-bedrock\/","title":{"rendered":"WordPress 6.8 prech\u00e1dza na bcrypt: \u010do to znamen\u00e1 pre wp-password-bcrypt a Bedrock projekty"},"content":{"rendered":"\n

WordPress dlh\u00e9 roky dobiehal modern\u00e9 \u0161tandardy pri ukladan\u00ed hesiel. Nie\u017eeby hesl\u00e1 ukladal v otvorenom texte, ale v praxi bolo be\u017en\u00e9, \u017ee pokro\u010dilej\u0161ie projekty siahli po doplnkoch alebo bal\u00ed\u010dkoch, ktor\u00e9 posilnili hashing (t. j. jednosmern\u00e9 \u201eprehashovanie\u201c hesla do podoby, ktor\u00fa si \u00fato\u010dn\u00edk nevie rozumne zvr\u00e1ti\u0165). Jedn\u00fdm z najpou\u017e\u00edvanej\u0161\u00edch rie\u0161en\u00ed vo svete Roots bol bal\u00ed\u010dek wp-password-bcrypt<\/code>.<\/p>\n\n\n\n

Pod\u013ea ozn\u00e1menia k WordPress 6.8 sa situ\u00e1cia men\u00ed: bcrypt sa st\u00e1va predvolenou met\u00f3dou hashovania hesiel priamo v core<\/strong>. To je d\u00f4le\u017eit\u00fd krok pre bezpe\u010dnos\u0165 autentifik\u00e1cie a z\u00e1rove\u0148 to rob\u00ed wp-password-bcrypt<\/code> zbyto\u010dn\u00fdm pre weby, ktor\u00e9 be\u017eia na 6.8 a vy\u0161\u0161ie.<\/p>\n\n\n\n

R\u00fdchly kontext: \u010do je bcrypt a pre\u010do ho v\u00f4bec rie\u0161ime<\/h2>\n\n\n\n

bcrypt<\/strong> je algoritmus na hashovanie hesiel navrhnut\u00fd tak, aby bol z\u00e1merne pomal\u00fd<\/em> a t\u00fdm p\u00e1dom drah\u00fd pre \u00fatoky hrubou silou (brute force) nad datab\u00e1zou ukradnut\u00fdch hashov. V praxi to znamen\u00e1, \u017ee aj ke\u010f sa niekto dostane k tabu\u013eke s hashmi, ich hromadn\u00e9 l\u00e1manie je v\u00fdrazne n\u00e1ro\u010dnej\u0161ie ne\u017e pri r\u00fdchlych hashovac\u00edch funkci\u00e1ch.<\/p>\n\n\n\n

Pre WordPress projekty je to citliv\u00e1 t\u00e9ma najm\u00e4 preto, \u017ee \u00fatoky \u010dasto nejd\u00fa len cez login form, ale aj cez kompromitovan\u00fa datab\u00e1zu alebo z\u00e1lohy. Silnej\u0161\u00ed password hashing je preto \u201etich\u00fd\u201c bezpe\u010dnostn\u00fd upgrade, ktor\u00fd zni\u017euje dopady incidentu.<\/p>\n\n\n\n

\u010co sa men\u00ed vo WordPress 6.8<\/h2>\n\n\n\n

WordPress 6.8 m\u00e1 pod\u013ea ofici\u00e1lneho ozn\u00e1menia pou\u017e\u00edva\u0165 bcrypt ako default<\/strong> pre hashovanie hesiel. Pre teba ako v\u00fdvoj\u00e1ra to znamen\u00e1, \u017ee bezpe\u010dnej\u0161\u00ed hashing sa st\u00e1va \u0161tandardom bez potreby \u010fal\u0161\u00edch bal\u00ed\u010dkov alebo pluginov, ktor\u00e9 prepisuj\u00fa autentifika\u010dn\u00e9 spr\u00e1vanie.<\/p>\n\n\n\n

\n\n

D\u00f4le\u017eit\u00e9<\/h4>\n\n\n

Toto je zmena v core WordPressu. Ak si doteraz spoliehal na extern\u00fd bal\u00ed\u010dek len kv\u00f4li bcryptu, po upgrade na 6.8 u\u017e nerie\u0161i\u0161 \u201eudr\u017eiavanie\u201c tohto bezpe\u010dnostn\u00e9ho hacku.<\/p>\n\n<\/div>\n\n\n\n

Sunset bal\u00ed\u010dka wp-password-bcrypt: \u010do t\u00fdm Roots mysl\u00ed<\/h2>\n\n\n\n

Roots ozn\u00e1mil, \u017ee ich bal\u00ed\u010dek wp-password-bcrypt<\/code><\/a> ide do \u00fatlmu (sunsetting), preto\u017ee jeho hlavn\u00fd d\u00f4vod existencie pre WordPress 6.8+ mizne. Z praktick\u00e9ho poh\u013eadu je to dobr\u00e1 spr\u00e1va: menej z\u00e1vislost\u00ed, menej \u201emagick\u00fdch\u201c z\u00e1sahov do autentifik\u00e1cie, jednoduch\u0161ia \u00fadr\u017eba.<\/p>\n\n\n\n

Roots z\u00e1rove\u0148 uv\u00e1dza, \u017ee urob\u00ed tieto kroky:<\/p>\n\n\n\n