Speaking of passwords, you can also check which hashing algorithm you are currently using. Last I checked, Wordpress was using MD5, which is considered too fast to be a hashing algorithm for storing passwords.
This won't be a problem if you have control over all passwords and you make them...