The underlying algorithm that's used to hash and store user passwords in the database will be changed in WordPress 6.8 from phpass portable hashing to bcrypt.

WordPressCore's platform is a central hub for WordPress developers and contributors, offering insights into WordPress core development, plugin development, and theme customization. Through articles, tutorials, and community forums, WordPressCore offers insights into WordPress architecture, development best practices, and contributing to the WordPress open-source project. Readers can learn about WordPress coding standards, security guidelines, and performance optimization techniques to build powerful and secure websites with WordPress.

Make WordPress Core

WordPress 6.8 introduces bcrypt for user password hashing, enhancing security by increasing the computational cost of cracking passwords. Application passwords and security keys will use BLAKE2b hashing via Sodium. No user action is required, as the system automatically updates passwords upon login or change. New functions support the changes, ensuring backward compatibility. Argon2 support can be enabled if the server supports it.

WordPress 6.8 will use bcrypt for password hashing

<p>15 years later… Now everything goes passwordless 😂</p>


<p>Last several years everybody trying to move from bcrypt to argon2. But WP probably will use it in 2056 :)</p>
