It makes your passwords easier to brute force

Passphrases are by definition hard to brute force.

The formula should not be obvious. Don’t just put the site’s name in the passphrase, put a similar sounding but easy to remember word, something that rhymes, the first and last letters of the site’s name plus the number of letters in the domain name, whatever.

An attacker would need to specifically target you and have more than one of your passphrases using the same formula in order to try to figure it out. Too much work. If they’re that interested in your password it’s easier to beat you up until you tell them.

And what happens if the password is breached? Do you change the formula? What happens if a site requires a password change?

You can have a couple different formulas or variations.

how do you remember which iteration you’re on?

Same way you’d remember the password you used for a site if you reused two or three different passwords.

And if you use the wrong one just try again; sure, passphrases can be a bit long, but having to type them multiple times is a good way to make sure you remember which one you used, lest you have to type it again.