How is Bcrypt better than md5 + salt?
But does this not require my hash to already be present with the attacker to compare to? And If he/she doesn't have the hash in the first place, then how does the hashing algorithm that I use, affect my sites security? And eventually he ends up having to Brute Force my login page anyways?
First, no. Many sites allow login attempts without a rate limit. With MD5, assuming the servers can handle it, a user could very rapidly attempt to brute-force passwords just by trying lots of passwords in quick succession. bcrypt's slowness guarantees that such an attempt will be much slower.
Second, a key security concept in computing is defense in depth. You don't want just one level of security - it's fairly easy to accidentally write a SQL injection vulnerability that might let an attacker dump password hashes. By using bcrypt, you limit the damage such a vulnerability can cause.
From what I understand Bcrypt is safer. It's made to be slower, this makes it harder for an attacker to brute-force a password. It can be configured to iterate more and more which is useful since CPU's are getting more powerful.
That's the point of having configurable slowness: you can make the function as slow as you wish. Or, more accurately, as slow as you can tolerate: indeed, a slow function is slow for everybody, attacker and defender alike.
These links might be of some help:
https://security.stackexchange.com/questions/61385/the-brute-force-resistence-of-bcrypt-versus-md5-for-password-hashing
https://www.bentasker.co.uk/blog/security/201-why-you-should-be-asking-how-your-passwords-are-stored
What's the difference between bcrypt and hashing multiple times?
https://www.quora.com/What-is-the-difference-between-bcrypt-and-general-hashing-functions-like-MD5
https://security.stackexchange.com/questions/4781/do-any-security-experts-recommend-bcrypt-for-password-storage/6415#6415