Make WordPress Admin Secure By Only Allowing HTTPS Connections To WP-ADMIN
There are many tricks or little configuration items you can use to make your WordPress powered site more secure than it comes by the default install. One of those items is to require the login to happen over HTTPS and require that all WordPress admin traffic takes place over HTTPS as well. I personally also use a plugin called WP Block Admin to only allow users with certain credentials access to wp-admin so consider looking into that as well if you have areas of your site that are not in the admin section that require users to login like a forum or to leave comments.