Thanks for your thoughts about Wordfence.
Though I’m sure it is annoying to be alerted that your password is found in data breaches, those breaches are what hackers use to try and brute force logins to sites, like dictionary attacks used to do using random words. Since many people use the same password and email to login to multiple sites these attacks tend to pay off. If you knew that hackers know your password, I’m not sure why you wouldn’t change it. You can check if your password or email was found in a data breach for free on https://haveibeenpwned.com/
You also mentioned something just as dangerous, sharing your account password with another user. It takes less than 5 minutes to setup a new user account on a WordPress site. There’s no good reason to share credentials. It’s just too risky.
I get your point that Wordfence is telling you something you don’t want to hear. I understand how much time it takes to maintain a website, create content, etc. However if your security plugin isn’t telling you ways to be safer and alerting you to problems it isn’t much of a security plugin.
Be safe
Tim
