'That website mentions storing these hashes in the database just to make every password hash look different for every user, this only doesn't increase protection from brute force attacks'
Have you read it? You have to calculate an individual dictionary for every password. 'What exact attack scenario is this "static [salt] which is located outside of your web root" supposed to protect against?' MySQL compromised, Apache isn't. Regards, Ádám
