Encrypt WordPress version in frontend scripts and styles, and remove generator.
Block insecure files (readme.html, license.txt) with htaccess.
Add simple number captcha in WordPress login form.
Monitors: activate and deactivate the plugin, password changes, delete users..
Monitor success and failed login with comments.