diff --git a/.forgejo/workflows/ci.yml b/.forgejo/workflows/ci.yml
index f9cdba1..6322b35 100644
--- a/.forgejo/workflows/ci.yml
+++ b/.forgejo/workflows/ci.yml
@@ -149,10 +149,10 @@ jobs:
             exit 1
           fi
           
-          # Check for hardcoded admin passwords (avoid env var references)
-          if find . -name "*.js" -o -name "*.ts" | grep -v node_modules | grep -v dist | grep -v .git | xargs grep -E "ADMIN_PASSWORD.*=.*['\"][^'\"]*['\"]" > /dev/null 2>&1; then
+          # Check for hardcoded admin passwords (exclude test files and obvious fallbacks)
+          if find . -name "*.js" -o -name "*.ts" | grep -v node_modules | grep -v dist | grep -v .git | grep -v tests | xargs grep -E "ADMIN_PASSWORD.*=.*['\"][^'\"]{8,}['\"]" | grep -v "admin123" | grep -v "test_" > /dev/null 2>&1; then
             echo "❌ Found hardcoded admin password!"
-            find . -name "*.js" -o -name "*.ts" | grep -v node_modules | grep -v dist | grep -v .git | xargs grep -E "ADMIN_PASSWORD.*=.*['\"][^'\"]*['\"]"
+            find . -name "*.js" -o -name "*.ts" | grep -v node_modules | grep -v dist | grep -v .git | grep -v tests | xargs grep -E "ADMIN_PASSWORD.*=.*['\"][^'\"]{8,}['\"]" | grep -v "admin123" | grep -v "test_"
             exit 1
           fi