Top Bad WordPress Passwords Never Change

By gordan on April 25, 2018. Filed under: .

Why do I need another account? Another password? I’ll just use 123456 as usual. This account is not important.

As ridiculous as that seems it’s the way a lot of people think and the #1 reason they get hacked. We all hate passwords. They are not convenient. We have far too many and need to remember them all. However, things are getting out of control. Leaked passwords lists show that the situation is getting worse year by year. People are truly using 12345 more and more.

How can I check my WordPress passwords? Install Security Ninja, click “Scan Site” and within a minute 50 security tests will be done, including password quality tests for all users on the site. It’s the easiest way to check your account and all others.

Things are getting worse

No amount of security experts, great software or any other protections will save you if you use one of the passwords listed below. In that case “hackers” will not hack into your account. They will simply log in after a few attempts.

Our internal data collected from hacked sites that Security Ninja helped clean and data from other security resources show that bad passwords don’t change nor does their usage go down. The table below paints a really bleak picture. More and more applications are forcing people to use better passwords and don’t let them create an account until they enter a good password, but then people complain. Conversion rates go down, revenues follow and the rules get removed. We don’t have a global solution to this problem but we do have a solution for you. Stay away from any password that’s remotely similar to any one of the ones listed below!

Top 20 most frequently used bad passwords

2017 2016 2015 2014 2013 2012
#1 123456 123456 123456 123456 123456 password
#2 password password password password password 123456
#3 12345678 12345 12345678 12345 12345678 12345678
#4 qwerty 12345678 qwerty 12345678 qwerty abc123
#5 12345 football 12345 qwerty abc123 qwerty
#6 123456789 qwerty 123456789 1234567890 123456789 monkey
#7 letmein 1234567890 football 1234 111111 letmein
#8 1234567 1234567 1234 baseball 1234567 dragon
#9 football princess 1234567 dragon iloveyou 111111
#10 iloveyou 1234 baseball football adobe123 baseball
#11 admin login welcome 1234567 123123 iloveyou
#12 welcome welcome 1234567890 monkey admin trustno1
#13 monkey solo abc123 letmein 1234567890 1234567
#14 login abc123 111111 abc123 letmein sunshine
#15 abc123 admin 1qaz2wsx 111111 photoshop master
#16 starwars 121212 dragon mustang 1234 123123
#17 123123 flower master access monkey welcome
#18 dragon password monkey shadow shadow shadow
#19 passw0rd dragon letmein master sunshine ashley
#20 master sunshine login michael 12345 football

Please STOP using terrible passwords!

We know you won’t use 20 characters long password with lowercase letters, uppercase letters, numbers and special characters (although you should). However, there’s a huge difference between that “overkill” and using 123456. Please, come up with something that’s at least 8 characters long, is specific to you, but isn’t your name. Add a few numbers and at least one special character in the middle. That’s already miles better than 90% of people use. If you continue to use princess don’t complain that people are hacking into your site because they’re not. They’re simply logging in.

Install Security Ninja to check all account passwords on your site in less than a minute. Security Ninja will perform 50 security tests including password quality tests for all users.

Gordan runs Web Factory Ltd and has over 10 years of WordPress development experience. When not writing code, Gordan loves writing about WordPress and he's always thinking about the next WP project to get involved with.