Black Android Smartphone on Top of White Book

Top Bad WordPress Passwords Never Change – Updated

Updated in January 2024.

Why do I need another account? Another password? I’ll just use 123456 as usual. This account is not important.

As ridiculous as that seems, it’s the way a lot of people think and the #1 reason they get hacked. We all hate passwords. They are not convenient. We have far too many and need to remember them all. However, things are getting out of control. Leaked passwords lists show that the situation is getting worse year by year. People are truly using 12345 more and more. You do not want your password to show up on a WordPress password list, so lets dive into this critical part of your website security.

Password Strength

It’s a startling reality that despite widespread awareness about cybersecurity threats, many continue to use passwords that are startlingly simple and easy to guess. This practice is akin to leaving your house keys under the doormat in a neighborhood where break-ins are common. Not only are these passwords easy for seasoned hackers to crack, but they are also often found in online databases of previously leaked passwords, making them even more vulnerable to attacks.

The concept of password strength becomes crucial in this context. A strong password is your first line of defense against unauthorized access to your sensitive data. Unfortunately, a significant number of users still rely on the most common admin passwords, which are alarmingly predictable and insecure. These passwords, such as ‘admin’, ‘password’, or ‘123456’, are often the default choices for many, leading to a gaping hole in their security framework. The strength of a password is determined not just by its complexity but also by its uniqueness and unpredictability. Common administrator passwords are tested by hackers constantly.

Enhancing password strength involves a conscious effort to create combinations that are difficult for others to guess or for algorithms to crack. This includes a mix of uppercase and lowercase letters, numbers, and special characters, and, importantly, avoiding common patterns and sequences. As cyber threats evolve, so must our strategies for creating and maintaining strong, secure passwords.

What’s more worrying is the trend that these weak passwords are not just confined to less important accounts; they are often used for securing sensitive information like bank accounts, email addresses, and social media profiles. The implications of this can be catastrophic, leading to identity theft, financial loss, and significant personal and professional harm. Yet, the convenience of using simple passwords seems to outweigh these risks in the minds of many.

On top of this, the increasing number of data breaches and cyberattacks reported in the news should be a wake-up call. These incidents aren’t just numbers; they represent real people whose lives and privacy have been compromised due to poor password practices. Websites like Have I Been Pwned offer a grim view of the situation, revealing just how many accounts have been compromised due to weak passwords. The increasing reliance on digital platforms for our everyday activities only exacerbates this issue, making it more crucial than ever to adopt robust password practices.

How can I check my WordPress passwords? Install Security Ninja, click “Scan Site,” and within a minute 50 security tests will be done, including password quality tests for all users on the site. It’s the easiest way to check your account and all others.

For a comprehensive guide on enhancing your website’s security, especially when it comes to logging in, we highly recommend you check our detailed instructions on secure WordPress logins.

An Alarming Trend in Digital Security

In the realm of digital security, the landscape is continually evolving, and unfortunately, not always for the better. The stark reality is that no amount of sophisticated security measures or expert advice can safeguard your online presence if fundamental practices, like using strong passwords, are ignored. The simplicity of the passwords many people use is alarming, and it’s a significant vulnerability – one that attackers exploit with minimal effort.

Bad passwords are a problem for your website security

Our extensive analysis, which includes data from websites that Security Ninja has successfully restored post-hack, alongside information from other reputable security sources, consistently reveals a worrying pattern. The preference for weak passwords is not declining. An in-depth review of seven years of data illustrates a concerning trend; passwords like 123456 remain prevalent and show no signs of waning in popularity. Let us be clear: 12345 is a bad password!

It’s worth noting that many applications now mandate the creation of robust passwords, refusing account creation until users comply with these security standards. Unfortunately, this often leads to user frustration, adversely affecting conversion rates and, subsequently, revenues, leading some platforms to relax these essential security protocols. While there is no universal remedy to this widespread issue, individual users can take decisive steps to protect themselves. A crucial part of this personal security strategy is avoiding any passwords that even remotely resemble those commonly exploited, as listed below.

Embracing the Power of Password Managers

In the face of these challenges, there is a beacon of hope: password managers. These tools are not just about creating unbreakable passwords; they are about seamlessly integrating security into your digital life. One standout option in this field is 1Password by AgileBits. This tool doesn’t just generate strong, unique passwords for every account; it stores them securely and makes them easily accessible with a single master password.

With 1Password, you eliminate the hassle of remembering dozens of complex passwords. Instead, you have them all available at your fingertips, locked away behind robust encryption. This not only streamlines your login process but also significantly elevates your security posture. Imagine never having to click the ‘forgot password’ link again, all while knowing your online presence is shielded by some of the strongest encryption available.

Furthermore, 1Password goes beyond just managing passwords. It can store software licenses, credit card information, and other sensitive personal data, all encrypted and secure. With features like cross-platform compatibility and secure sharing options, 1Password is an invaluable tool for anyone serious about their online security.

While the landscape of digital security may be daunting, tools like 1Password provide a straightforward and effective solution to one of the internet’s most persistent problems: weak passwords. By adopting a password manager, you’re not just protecting your accounts; you’re investing in peace of mind.

WordPress security is important, it’s not just your password that protects your website – check out our plugin to check your website for more than secure passwords. Common wordpress passwords

Bad passwords got your site in the white screen of death state? Can’t even log in to run Security Ninja? Don’t worry, there’s a tool to help you out! The WordPress Emergency Recovery Script is specifically designed to get you out of those sticky situations when the site is completely down. Try it out! It doesn’t require any coding knowledge.

Top 20 most frequently used bad passwords over the years

2012

“password” and “123456” were the most common, indicating a preference for simple, easy-to-remember passwords.

  • password
  • 123456
  • 12345678
  • abc123
  • qwerty
  • monkey
  • letmein
  • dragon
  • 111111
  • baseball

2013

“123456” overtook “password”, with numeric sequences dominating the top spots.

  • 123456
  • password
  • 12345678
  • qwerty
  • abc123
  • 123456789
  • 111111
  • 1234567
  • iloveyou
  • adobe123

2014

Numeric passwords continued to be popular, with “123456” leading and “1234567890” emerging in the top spots.

  • 123456
  • password
  • 12345
  • 12345678
  • qwerty
  • 1234567890
  • 1234
  • baseball
  • dragon
  • football

2015

“123456” and “password” remained dominant. Notably, “football” climbed higher in the list.

  • 123456
  • password
  • 12345678
  • qwerty
  • 12345
  • 123456789
  • football
  • 1234
  • 1234567
  • baseball

2016

The trend of simple numeric patterns continued, with “123456” and “123456789” as the most common.

  • 123456
  • password
  • 12345678
  • qwerty
  • 12345
  • 123456789
  • football
  • 1234
  • 1234567
  • baseball

2017

“123456” remained at the top, with “password” consistently popular. “123456789” and “qwerty” also stayed in the top ranks.

  • 123456
  • password
  • 123456789
  • 12345678
  • 12345
  • qwerty
  • 1234567
  • letmein
  • football
  • iloveyou

2018

Minimal changes in password trends, with “123456” still leading and “password” following closely.

  • 123456
  • password
  • 123456789
  • 12345678
  • 12345
  • 111111
  • 1234567
  • sunshine
  • qwerty
  • iloveyou

2019

Introduction of new entries like “test1” and “zinch”, but simple numeric passwords like “12345” remained highly used.

  • 12345
  • 123456
  • 123456789
  • test1
  • password
  • 12345678
  • zinch
  • g_czechout
  • asdf
  • qwerty

2020

Emergence of “picture1” as a common password, while “123456” and “password” continued to be widely used.

  • 123456
  • 123456789
  • picture1
  • password
  • 12345678
  • 111111
  • 123123
  • 12345
  • 1234567890
  • senha

2021

Steady use of simple numerical sequences, with “123456” and “123456789” at the forefront, accompanied by basic keyboard patterns.

  • 123456
  • 123456789
  • 12345
  • qwerty
  • password
  • 12345678
  • 111111
  • 123123
  • 1234567890
  • 1234567

2022

“password” reclaimed the top spot, with “123456” still common. New entries like “guest” and “a1b2c3” appeared.

  • guest
  • 123456
  • password
  • 12345
  • a1b2c3
  • 123456789
  • Password1
  • 1234
  • abc123
  • 12345678

2023

“password” continues to be a common choice, with “123456” maintaining its presence. New entries like “qwerty” and “letmein” have emerged.

  • password
  • 123456
  • qwerty
  • letmein
  • 123456789
  • password1
  • 12345
  • guest
  • abc123
  • 12345678

Your Guide to Stronger Passwords

Hey there! Let’s talk about passwords. We get it, coming up with a complex 20-character password with a mix of lowercase, uppercase, numbers, and special characters can feel like a chore. But hear us out – it’s not about going overboard; it’s about being smart and safe.

How about we start with something simple? Aim for at least eight characters. Now, here’s the key: make it unique to you but avoid obvious choices like your name. Throw in a couple of numbers and maybe a special character, especially in unexpected places. This isn’t just a small step; it’s a giant leap towards securing your digital life.

Remember, using passwords like 123456 or princess is like leaving your front door wide open. It’s not that someone is hacking their way in; they’re just walking through an unlocked door. So, let’s lock it up with something stronger!

For more tips and a deep dive into WordPress password and username security, check out this helpful guide. It’s packed with great advice on keeping your accounts safe and secure.

Install Security Ninja to check all account passwords on your site in less than a minute. Security Ninja will perform 50 security tests including password quality tests for all users.

We won't spam you. Unsubscribe any time.

Wait! Before you go!

Get 10% discount for any WP Security Ninja plan!

 

Subscribe to our newsletter for new releases, discounts and general WordPress Security news. Sprinkled with other interesting stuff :-)

10% OFF

Subscribe to our newsletter

* We do not spam or share your email

Discount on any Security Ninja plan

and get

Hi and welcome back :-)