Nice one, I would like to add a point: Securing the wp-admin directory via forcing https, you can use a self-signed certificate, this will help prevent password stealing via packet inspection.