How is Bcrypt better than md5 + salt?
From what I understand Bcrypt is safer. It's made to be slower, this makes it harder for an attacker to brute-force a password. It can be configured to iterate more and more which is useful since CPU's are getting more powerful.
That's the point of having configurable slowness: you can make the function as slow as you wish. Or, more accurately, as slow as you can tolerate: indeed, a slow function is slow for everybody, attacker and defender alike.
These links might be of some help:
https://www.bentasker.co.uk/blog/security/201-why-you-should-be-asking-how-your-passwords-are-stored
What's the difference between bcrypt and hashing multiple times?
https://www.quora.com/What-is-the-difference-between-bcrypt-and-general-hashing-functions-like-MD5
But does this not require my hash to already be present with the attacker to compare to? And If he/she doesn't have the hash in the first place, then how does the hashing algorithm that I use, affect my sites security? And eventually he ends up having to Brute Force my login page anyways?
First, no. Many sites allow login attempts without a rate limit. With MD5, assuming the servers can handle it, a user could very rapidly attempt to brute-force passwords just by trying lots of passwords in quick succession. bcrypt's slowness guarantees that such an attempt will be much slower.
Second, a key security concept in computing is defense in depth. You don't want just one level of security - it's fairly easy to accidentally write a SQL injection vulnerability that might let an attacker dump password hashes. By using bcrypt, you limit the damage such a vulnerability can cause.
Besides a "salt", BCrypt accepts a "cost" argument - which is its main feature. Cost is the amount of computational work you want to apply to the hashing. Think of it as re-hashing the result 2^n times, where n is the cost.
The hashed string will be something like cost;hashed_string (ex. 20;5D4140). This, of course, is not the real format, but an oversimplification to show the idea.
This "cost" concept makes BCrypt "obsolescence resistant". If in 10 years the computational power increases 1,000 times you just need to re-hash your hashes with a higher "n" (no need to have the original value to increase cost).