We’ve just had a new plugin received by the WordPress plugins directory – “No Weak Passwords”.
This plugin does one thing, and does it well – it forbids all of the 3546 passwords from OpenWall’s “common passwords” list. That list was put together using the public data from several break-ins to large sites. It is thus a statistically sound list of passwords that very man people are using, not realising how easy they are to guess.
If any of your existing users are using one of those passwords, then next time they try to log in it will point them to the link for resetting their password and getting a proper one.
We definitely recommend you install it on all your WordPress sites. Just log in to your WordPress dashboard, click ‘Plugins’ and ‘Add New’, then search for ‘No Weak Passwords’. Or get it manually from here: http://wordpress.org/extend/plugins/no-weak-passwords