The suitability of blowfish as a cipher and bcrypt as a password hash are mostly unrelated. There are many better replacements for blowfish, but not so much for bcrypt.
Blowfish is mostly discouraged because it has a better replacement in AES, not because it's broken. AES has seen a lot of analysis, during and since the competition. Another problem with blowfish is its 64-bit blocksize, which leads to relatively small limits on how much data can be encrypted using one key, whereas AES uses 128-bit blocks and can thus safely handle larger amounts of data. It also has some annoying properties, such as a slow key-setup and relatively high memory use.
PBKDF2-HMAC-SHA-1/2/3 is significantly weaker than bcrypt, so I'd only choose it if you need standard compliance or if your language only ships it but not bcrypt by default. The underlying hashes may be secure, but that doesn't make it a good password hash.
As a modern replacement for bcrypt, the only currently feasible candidate is scrypt. It offers improved security, but it's relatively new, not very popular, and hasn't seen much analysis. It hasn't been included in many standard libraries yet either. So more conservative cryptographers will prefer bcrypt over scrypt.
A competition to find a new password hash resulted in a few interesting alternatives, such as its winner Argon. But I don't consider these suitable for production for another five years or so. Perhaps in 2020 we might have a similar opinion of bcrypt as we have of blowfish now, but we're not there yet. For now bcrypt is a good choice if you're conservative, or scrypt if you're progressive.
