Top Bad WordPress Passwords Never Change – Updated

Why do I need another account? Another password? I’ll just use 123456 as usual. This account is not important.

As ridiculous as that seems it’s the way a lot of people think and the #1 reason they get hacked. We all hate passwords. They are not convenient. We have far too many and need to remember them all. However, things are getting out of control. Leaked passwords lists show that the situation is getting worse year by year. People are truly using 12345 more and more.

How can I check my WordPress passwords? Install Security Ninja, click “Scan Site,” and within a minute 50 security tests will be done, including password quality tests for all users on the site. It’s the easiest way to check your account and all others.

Check out our tips on how to log in securely to your WordPress website.

Things are getting worse

No amount of security experts, great software or any other protections will save you if you use one of the passwords listed below. In that case “hackers” will not hack into your account. They will simply log in after a few attempts.

Bad passwords are a problem for your website securityOur internal data collected from hacked sites that Security Ninja helped clean and data from other security resources show that bad passwords don’t change nor does their usage go down. The table below paints a bleak picture. Seven years of data show that people are stuck on 123456 and don’t intend to stop using it. 12345 is a bad password!

More and more applications are forcing people to use better passwords and don’t let them create an account until they enter a good password, but then people complain. Conversion rates go down, revenues follow, and the rules get removed. We don’t have a global solution to this problem, but we do have a solution for you. Stay away from any password that’s remotely similar to any one of the ones listed below!

[bctt tweet=”Ignore all #wordpress security plugins, rules, and advice (if you must). But PLEASE use a semi-decent #password”]

WordPress security is important, it’s not just your password that protects your website – check out our plugin to check your website for more than secure passwords.

Bad passwords got your site in the white screen of death state? Can’t even log in to run Security Ninja? Don’t worry, there’s a tool to help you out! The WordPress Emergency Recovery Script is specifically designed to get you out of those sticky situations when the site is completely down. Try it out! It doesn’t require any coding knowledge.

Top 20 most frequently used bad passwords

2018 2017 2016 2015 2014 2013 2012
#1 123456 123456 123456 123456 123456 123456 password
#2 password password password password password password 123456
#3 123456789 12345678 12345 12345678 12345 12345678 12345678
#4 12345678 qwerty 12345678 qwerty 12345678 qwerty abc123
#5 12345 12345 football 12345 qwerty abc123 qwerty
#6 111111 123456789 qwerty 123456789 1234567890 123456789 monkey
#7 1234567 letmein 1234567890 football 1234 111111 letmein
#8 sunshine 1234567 1234567 1234 baseball 1234567 dragon
#9 qwerty football princess 1234567 dragon iloveyou 111111
#10 iloveyou iloveyou 1234 baseball football adobe123 baseball
#11 princess admin login welcome 1234567 123123 iloveyou
#12 admin welcome welcome 1234567890 monkey admin trustno1
#13 welcome monkey solo abc123 letmein 1234567890 1234567
#14 666666 login abc123 111111 abc123 letmein sunshine
#15 abc123 abc123 admin 1qaz2wsx 111111 photoshop master
#16 football starwars 121212 dragon mustang 1234 123123
#17 123123 123123 flower master access monkey welcome
#18 monkey dragon password monkey shadow shadow shadow
#19 654321 passw0rd dragon letmein master sunshine ashley
#20 charlie master sunshine login michael 12345 football

Please STOP using terrible passwords!

We know you won’t use a 20 characters long password with lowercase letters, uppercase letters, numbers and special characters (although you should). However, there’s a huge difference between “overkill” and using 123456. Please, come up with something that’s at least eight characters long, is specific to you, but isn’t your name.

Add a few numbers and at least one special character in the middle. That’s already miles better than 95% of people use. If you continue to use, princess doesn’t complain that people are hacking into your site because they’re not. They’re simply logging in.

Install Security Ninja to check all account passwords on your site in less than a minute. Security Ninja will perform 50 security tests including password quality tests for all users.

Save 40%

On monthly and annual plans

Lifetime Deals

Only during BF sales!




We won't spam you. Unsubscribe any time.

Wait! Before you go!

Get 10% discount for any WP Security Ninja plan!


Subscribe to our newsletter for new releases, discounts and general WordPress Security news. Sprinkled with other interesting stuff :-)

WordPress Turns 20: Save 20% Now!



Code valid till June 26th 2023

WordPress Security Newsletter - Protect your website with our articles and tips!

10% OFF

Subscribe to our newsletter

* We do not spam or share your email

Discount on any Security Ninja plan

and get

Hi and welcome back :-)