“Why do I need another account? Another password? I’ll just use 123456 as usual. This account is not important.”
As ridiculous as that seems it’s the way a lot of people think and the #1 reason they get hacked. We all hate passwords. They are not convenient. We have far too many and need to remember them all. However, things are getting out of control. Leaked passwords lists show that the situation is getting worse year by year. People are truly using 12345 more and more.
Check out our tips on how to log in securely to your WordPress website.
Table of Contents
Things are getting worse
No amount of security experts, great software or any other protections will save you if you use one of the passwords listed below. In that case “hackers” will not hack into your account. They will simply log in after a few attempts.
Our internal data collected from hacked sites that Security Ninja helped clean and data from other security resources show that bad passwords don’t change nor does their usage go down. The table below paints a bleak picture. Seven years of data show that people are stuck on 123456 and don’t intend to stop using it. 12345 is a bad password!
More and more applications are forcing people to use better passwords and don’t let them create an account until they enter a good password, but then people complain. Conversion rates go down, revenues follow, and the rules get removed. We don’t have a global solution to this problem, but we do have a solution for you. Stay away from any password that’s remotely similar to any one of the ones listed below!
[bctt tweet=”Ignore all #wordpress security plugins, rules, and advice (if you must). But PLEASE use a semi-decent #password”]
WordPress security is important, it’s not just your password that protects your website – check out our plugin to check your website for more than secure passwords.
Top 20 most frequently used bad passwords
| 2018 | 2017 | 2016 | 2015 | 2014 | 2013 | 2012 | |
|---|---|---|---|---|---|---|---|
| #1 | 123456 | 123456 | 123456 | 123456 | 123456 | 123456 | password |
| #2 | password | password | password | password | password | password | 123456 |
| #3 | 123456789 | 12345678 | 12345 | 12345678 | 12345 | 12345678 | 12345678 |
| #4 | 12345678 | qwerty | 12345678 | qwerty | 12345678 | qwerty | abc123 |
| #5 | 12345 | 12345 | football | 12345 | qwerty | abc123 | qwerty |
| #6 | 111111 | 123456789 | qwerty | 123456789 | 1234567890 | 123456789 | monkey |
| #7 | 1234567 | letmein | 1234567890 | football | 1234 | 111111 | letmein |
| #8 | sunshine | 1234567 | 1234567 | 1234 | baseball | 1234567 | dragon |
| #9 | qwerty | football | princess | 1234567 | dragon | iloveyou | 111111 |
| #10 | iloveyou | iloveyou | 1234 | baseball | football | adobe123 | baseball |
| #11 | princess | admin | login | welcome | 1234567 | 123123 | iloveyou |
| #12 | admin | welcome | welcome | 1234567890 | monkey | admin | trustno1 |
| #13 | welcome | monkey | solo | abc123 | letmein | 1234567890 | 1234567 |
| #14 | 666666 | login | abc123 | 111111 | abc123 | letmein | sunshine |
| #15 | abc123 | abc123 | admin | 1qaz2wsx | 111111 | photoshop | master |
| #16 | football | starwars | 121212 | dragon | mustang | 1234 | 123123 |
| #17 | 123123 | 123123 | flower | master | access | monkey | welcome |
| #18 | monkey | dragon | password | monkey | shadow | shadow | shadow |
| #19 | 654321 | passw0rd | dragon | letmein | master | sunshine | ashley |
| #20 | charlie | master | sunshine | login | michael | 12345 | football |
Please STOP using terrible passwords!
We know you won’t use a 20 characters long password with lowercase letters, uppercase letters, numbers and special characters (although you should). However, there’s a huge difference between “overkill” and using 123456. Please, come up with something that’s at least eight characters long, is specific to you, but isn’t your name.
Add a few numbers and at least one special character in the middle. That’s already miles better than 95% of people use. If you continue to use, princess doesn’t complain that people are hacking into your site because they’re not. They’re simply logging in.
