You can go ahead and set wp-admin in a password protect directory and keep all your passwords secured. Also I strongly recommend to upgrade wordpress always with the latest stable versions.
Normally, while transferring any sensitive information in concern of online buying and selling then you should always aware with SSL certificates security. Usually, SSL certificates includes two different types such as Domain Validate and Organization Validation SSL certificates. If organization using EV SSL certificate then it will more secure than Domain validation SSL certificates. Online stores also use WildCard SSL certificate security which secure entire web site pages including their sub domains. Apart from this, you can justify SSL certificate secured web site through https web site.
You could get someone to do a full penetration test. There are some great gigs on fiverr like this one: http://fiverr.com/lwcel_3/do-a-penetration-test-of-your-website
Mate, Keep in mind that, security audit on your website is much important and keep your passwords secured.
The BulletProof Security WordPress Security plugin is designed to be a fast, simple and one click security plugin to add
You have to secure your site with SSL certificates which gives the encryption path between you and your customer .