# Sunsetting wp-password-bcrypt with WordPress 6.8

With the upcoming release of WordPress 6.8, bcrypt will officially become the default password hashing method in core ([WordPress 6.8 will use bcrypt for password hashing](https://make.wordpress.org/core/2025/02/17/wordpress-6-8-will-use-bcrypt-for-password-hashing/)). This is a big improvement for WordPress authentication, and it renders our `<a href="https://github.com/roots/wp-password-bcrypt">wp-password-bcrypt</a>` package unnecessary moving forward.

## What this means

If your site is running WordPress 6.8 or later, you no longer need `wp-password-bcrypt`. You can safely remove the package, and all existing passwords will continue to work without any migration steps required. WordPress core will seamlessly handle authentication using bcrypt where applicable.

To reflect this change, we will be:

- Marking `wp-password-bcrypt` as **abandoned** on Packagist
- Removing references to it from [Bedrock](https://github.com/roots/bedrock) and related documentation
- Archiving the GitHub repository

## Thank you

We originally introduced `wp-password-bcrypt` to bring better password security to WordPress sites before core had strong hashing in place. Now that bcrypt is part of WordPress itself, we’re excited to see this improvement adopted widely without the need for additional plugins or packages.

Thanks to everyone who supported and used `wp-password-bcrypt` over the years. This is a great step forward for WordPress security, and we’re happy to see it become the new standard!