WordPress, starting in version 2.6, added a very underutilized feature of being able to both force your login screen (for admins and users) to use SSL as well as being able to force the entire admin interface to operate using SSL.  It’s very easy to do too.  I’m not sure why the WordPress authors haven’t added the two variables to the default wp-config.php that comes with the distribution; it would go a long way towards making people aware of these features.  Here’s all you need to add to the wp-config.php file before the wp-settings.php inclusion; i.e. don’t add to the bottom:

define('FORCE_SSL_LOGIN', true);
define('FORCE_SSL_ADMIN', true);