Good post, the 5 measures you mentioned are simple to do and easy to use. I also receive attack reporting every day about some IP to try different password to my administrator user. Well I used a strong password and the Limit Login plugin you mentioned. Currently Limit Login Attempts Reloaded support white list so I set the wrong password times allowed to 5 and then forbidden to 1000 hrs...:)

To avoid my mistaken entering I add my IP address to the whitelist table.