Minor quibble. "Your /wp-admin is protected by Apache using .htaccess"
I've got a wordpress installation and when I log in at the command I get this useful message in the MOTD:
Your /wp-admin is protected by Apache using .htaccess credentials: User: admin Pass: <password>
Only, it's not protected by .htaccess credentials. It's protected in
/etc/apache2/apache2.conf in a
<DirectoryMatch ^.*/wp-admin/> directive.
All I'm saying is, there's five minutes of my life I won't get back puzzling over that mystery. Fix the message please?