Compromised Passwords
When you try to login to your website or change your password, your password will be checked against a list of known compromised passwords, and if yours is found on the list, you will need to change it using a strong password before getting in.
If found with a compromised password, you will see this notice on your WordPress login screen, prompting you to update your password using a strong password generator.
Once the password has been updated, you can now successfully log in using a secure password.
Note: Passwords are checked against the list created by Have I Been Pwned. Plaintext passwords are never sent to Have I Been Pwned. Instead, 5 characters of the hashed password are sent over an encrypted connection to their API. Read the technical details here.