What I've been doing for quite a while is fairly similar. Instead of simply using a salt for each password I also have a random "site salt" (file system nonce), as follows:

  hash(password_plaintext + salt + site_salt)

Assuming an attacker can't access my site salt, is this less secure than using HMAC+bcrypt? (my hash function is fast)