Sunsetting wp-password-bcrypt with WordPress 6.8

WordPress 6.8 is introducing bcrypt as the default password hashing method, making our wp-password-bcrypt package redundant. If your site is running WordPress 6.8 or later, you no longer need the package—WordPress core now handles bcrypt authentication natively, with no migration required.

We’ve published a blog post outlining the details, including what this means for Bedrock and our plans to archive the repository:

Sunsetting wp-password-bcrypt with WordPress 6.8

Let us know if you have any questions!

WP 6.8 has been released and this package has been archived. If you continue to use wp-password-bcrypt, you might come across the following message:

Package roots/wp-password-bcrypt is abandoned, you should avoid using it.

You can continue to use the package without issues — read the post about sunsetting wp-password-bcrypt for more information